SafePaaS quarterly newsletter – new announcements

SafePaaS Discover Risk
SafePaaS Risk Management

Secure Oracle ERP Cloud

In the third quarter of 2021 we look forward to enabling our customers to take advantage of a number of enhancements, now available on the platform, to address the growing needs for advanced risk analytics, flexible data integration services, and scalable cloud services to protect business-critical applications.

Oracle Cloud ERP customers can now use advanced risk analytics to analyze violations of access policies through indirect assignments of privileges such as inherited duty roles.

New data integration options are available through web services that enable our customers to monitor risks in a growing number of cloud applications.

SafePaaS Administrators can now monitor platform usage and view processing details in the log report.

Please read more about these offerings in our Platform Enhancements section.

Safe Tip: With the latest ransomware supply chain attack on Kaseya software, as well as the adoption of hybrid work models around the world, we continue to recommend the principle of least privilege to our customers. Providing Managed Service Providers and third parties with unlimited privileged access, for example, exposes yourself to increased risk. Monitoring who has access to what on which sets of data is critical to mitigating risk. 

Platform Enhancements

SafePaaS is a dynamic, growing platform that is constantly looking at how to add value to our customers by taking on board customer feedback to engineer the most innovative products that allow organizations to really streamline their audit, risk, and compliance requirements.

Oracle Cloud ERP customers can now use the advanced risk analytics to detect segregation of duties risks from inherited privileges assigned to the users indirectly, analyze the access hierarchy report to correct the defects in role configuration, and simulate the role design changes within SafePaaS before applying the changes in Cloud ERP. These enhancements will enable you to rapidly reduce access control risks and prevent future segregation of duties violations before new security changes are introduced in the ERP applications. 

Access Hierarchy Report
Inherent Privileges

SafePaaS customers can now use SOAP and REST services to take a snapshot of configuration, master data, and transactions to monitor and control risks in business processes enabled by cloud applications. For example, you can use the capabilities to monitor supplier bank accounts, customer credit limits, and employee approval limits.

Rest API

The platform usage includes user activity such as iAccess™ requests as well as data snapshots for monitoring access and process risks in ERP. 

Platform Usage

SafePaaS Training and Certification Program

Training and knowledge transfer have played a key part in the SafePaaS community since the beginning. For example, we offer Training Thursdays to all SafePaaS team members educating sales, marketing, support, services, and engineering staff by enabling them to engage knowledgeably with our increasing customer base by providing access to the training resources they need in order to support our customers.

We are now extending more training and certification options to our partners and customers to ensure they have achieved a measured level of knowledge of the SafePaaS platform in order to best service and respond to our customers.

The improved certification program for both customers and partners recognizes those that have acquired a deep understanding of the platform and have mastered sufficient GRC knowledge to be able to demonstrate proficiency in how to employ the SafePaaS platform to the highest levels.

The SafePaaS certification recognizes the ability to demonstrate the knowledge acquired through the program to build deep product expertise and then validate those skills.

The certification program will not only allow partners and customers to get more value out of the software but develop a deeper understanding of the business objectives to achieve a ‘safer’ enterprise.

As we grow, organizations are looking for SafePaaS certified resources to help them manage the complexities of their Governance, Risk, and Compliance requirements. With improved credentials from SafePaaS partners and team members, customers gain multiple benefits including expert product and risk management knowledge to help them navigate system risk complexities, address areas of concern and reduce risk in their business-critical applications to make them flourish. 

SafePaaS Service Options

Our services team offers risk management expertise, solution design best practices, and implementation services that enable our customers to meet corporate governance, risk management, and compliance objectives. Our certified consultants are among the most experienced in the industry with a track record of success at Big Four audit firms, major technology firms, and public companies.

We offer SafeMethod™, a proven approach for top-down risk management that includes best practices and knowledge, developed over two decades of serving more than 200 enterprise clients that can help you control hidden risk in your enterprise systems.

SafeMethod™ services include:

Advanced Control Transformation – This option is suitable for forward-looking organizations with a strategic focus on transforming digital governance, risk, and compliance management from an informal or reactive to a proactive and optimized process by deploying advanced controls across the enterprise. The scope of work includes GRC assessment, understanding of complex integration requirements across multiple processes and systems to design advanced controls to help organizations move forward on the maturity model as shown below:

Maturity Model

Rapid Results – This option is suitable for organizations that need to resolve audit findings, meet compliance deadlines such as SOX, or establish effective controls to mitigate risks in ERP systems. We provide pre-configured SafePaaS applications with best practices control to meet immediate needs. 

SafeOversight - This option is suitable for customers that want to use internal resources or one of our implementation partners to deploy SafePaaS. We offer a Project Management Office (PMO) to provide project management oversight. Our oversight team includes a small group of experts who provide standard SafeMethod™ project templates and help guide the implementation processes to ensure a project is on time, within scope and on budget.

Our oversight team can help contribute to the expected outcomes and mitigate project risks because we have seen most of the risks scenarios play out on previous projects. The oversight team has direct access to SafePaaS engineering teams and they can go straight to the source of information to get what they need.

SafeInsight™ - SafeInsight service enables our customers to quickly and reliably identify risks such as segregation of duty violations in their ERP systems. This automated risk assessment makes it easy to isolate and analyze control violations so that you can deploy advanced controls to detect, remediate and prevent risks that cause financial misstatements, fraud, and operational losses. We leverage the SafePaaS Enterprise Risk Management (ERM) platform to provide a deep personalized analysis that is tailored to your needs.

Maintenance Services for Private Cloud Customers – Customers can benefit from our services that include SafePaaS maintenance for on-premise customers that includes applying patches, debugging issues reported by customer support staff. We also offer SafePaaS Administration that includes GRC Controls Management, Risk Incident Reporting, Remediation, and Mitigation Assistance. Access to the SafePaaS Controls Catalog, Audit Analytics, and SafePaaS platform administration.

Pricing and Policy Announcements

To provide more value to our customers, we continue to invest in our platform to meet risk management requirements and protect organizations. SafePaaS is committed to being both transparent and informative to our customers.


SafePaaS Multi-Instance policy is updated to enable customers to request access to a CRP (Conference Room Pilot) instance in addition to the PROD (Production) instance to help design, configure and test new capabilities before deploying in production. The CRP instance has the same “LIVE” release levels and infrastructure to ensure consistent outcomes. In addition, customers can also request temporary access to a “TRIAL” instance to evaluate early releases before these releases are applied to the live instance.

The Release Management policy is updated to provide weekly release updates available on LIVE and TRIAL instances starting in the third quarter. All updates are posted under the help>documentation folder in SafePaaS. Updates are posted on Monday by 5 PM Central Time for customers to review. In addition, if requested, the customer can also receive weekly notifications via emails.

SafePaaS Data Protection policy is updated to provide customers multiple options that can address a wide range of compliance requirements. To request data protection options, customers should create a Service Request ticket in the support portal to specify the objects, attributes, and protection method such as exclusion, masking, encryption, etc. Additional fees may apply based on the objects and method requested. All changes will be implemented upon agreement by the customer and SafePaaS.

SafePaaS Cloud Computing policy now allows you to select and scale your instances based on the frequency of controls monitoring, user load, security options, network bandwidth, data storage and memory utilization. For example, you can choose from several pre-configured computing models ranging from the standard multi-tenant option for periodic access controls testing to an enterprise computing option that is suitable for high-frequency controls monitoring to include multiple daily snapshot transfers at high speeds and faster processing.

SafePaaS Terms of Use Policy and Order Forms are updated to specify the subscription Start Date and End Date of the service period. Please note that the renewals are due before the End Date of the subscription. Customers that require Purchase Orders for renewal must provide a valid PO 60 days before the renewal date, provide acknowledgment of the invoice receipt, and confirmation of the payment before the End Date to continue the services without interruptions.

SafePaaS SLA is updated to require customers to register contact details for the SafePaaS Administrator that is the primary contact for requesting service via the support portal, a backup administrator is also recommended. Customers with automated snapshot transfers should also register the Network Administrator, as well as Database, Server, and ERP application administrators for timely response to service requests registered on the SafePaaS support portal.

Pricing Announcements

Platinum Support

We have enhanced our support services to include dedicated service agents under our Platinum support package. Platinum support includes a dedicated service desk agent assigned to monitor and respond to tickets in real-time. This support level also includes continuous monitoring of system usage, key event management, and preventative controls management as well as options to request custom reports, advanced analytics, and remediation services.

Usage-Based Pricing for Scalable Computing Capacity

We now offer usage-based pricing options for customers to select scalable computing capacity in the cloud based on the applications deployed on SafePaaS, frequency of controls monitoring, and user activity levels. Customers can now choose computing capacity that includes CPU usage, Memory, Data Transfer Bandwidth, and Storage. For example, the Enterprise Multi-Tenant is recommended for customers that require high frequency controls monitoring such as multiple daily snapshots of ERP objects for iAccess™ or MonitorPaaS™ to prevent risks and assign incidents when control violations are detected. The platform has a pre-configured capacity for 2 vCPUs, 48 GB RAM, usage 720 Hrs @ $1.42. Data Transfer 50 GB. 1 TB Managed high-speed SAN Storage with failover standby.

All SafePaaS services are SOC1 Type II certified, available on a platform hosted in a SOC2 Type 2 certified data center with a continuous database, infrastructure, IDS/IPS, and WCF monitoring. Our platform is scaled for continuous controls monitoring.

Multi-Environment Pricing

Customers can now license applications such as Enterprise Access Monitor to support multiple environments within the same company instance. For example, you can now manage and monitor Access Risks for Oracle Cloud ERP, Workday, and JD Edwards within a single company instance to control and respond to risks across all your business-critical applications. This option also requires licenses for Dataprobe™ connections for each application data source.

Subscription Gap Pricing

SafePaaS applications are subscription-based, which includes the software license, support and updates on a Platform-as-a-Service (PaaS). When you subscribe to an application, you agree to the terms, including the price, duration, payment schedule, and usage limitations. You pay according to the payment schedule chosen for the duration that you subscribed to.

During the duration of your subscription, you can access all the applications purchased on the Order Form under the Terms of Use agreement. Once a subscription has expired, you can no longer access the applications. However, if you want to restart your subscription after the subscription end-date, SafePaaS can restore application access and data after the payment for the new subscription period along with a service fee for the gap between the subscription periods is received. The subscription gap fees are assessed at a daily rate of 3% of the last subscription price.

Increased demand for Privileged Access Management solutions due to the adoption of a hybrid work model.

In a post-pandemic world, an increasing number of organizations around the world are recognizing the benefits of adopting a hybrid work model. Employees are no longer required to spend 5 days a week in the office but can combine onsite and offsite work.

In response to the global COVID-19 pandemic, cloud applications were quickly adopted by enterprises which augmented attack surfaces and created added risks for businesses. Organizations are now asking if their controls that worked in the office environment are working effectively in this new hybrid model?

There is a need to strengthen cloud application security by implementing Privileged Access Management solutions, such as SafePaaS FireFighter ID™ that only gives access to those employees that really need it. Monitoring and fine-grained controls can catch and detect unusual session activity allowing for any suspicious behavior to be discovered.