Rated by gartner
Segregation of Duties and Privileged Access Policies
Detects access policy violations to control financial, operational, fraud, and cyber risks. Define policies in terms of risk descriptions, impact, likelihood, and fine-grained rules that constitute discrete and fuzzy logic in terms of IT system security entitlements and privileges for governance models such as Segregation of Duties, Sensitive Access, Data Protection, and Trade Secrets.
Eliminate false-positive filters to improve risk analysis and response. A high-performance policy engine rapidly analyzes millions of security attribute combinations and permutations across all enterprise IT systems and ERPs and business application security snapshots to report violations. Violation Manager eliminates exceptions where risk is accepted with compensating controls, using advanced filters. Remediation Manager issues corrective actions using closed-loop workflows that expedite risk response, reduce risk exposure and automatically update violations reports to ensure audit evidence is accurate and timely.
SafePaaS enables your Compliance, Risk and IT teams to:
SafePaaS Segregation of Duties Policy Manager employs a rules management engine, to scan user access using the security structure of your ERP system. Policy Manager identifies users and their role assignments that violate one or more Segregation of Duties policies. Violation results are stored in a database which is accessed using analytics in Policy Manager. Download test results and corresponding remediation plans in Excel, Word, Acrobat and other common formats to assure management and auditors that your business systems fully comply with Segregation of Duties policies.
How to select an SoD tool
When it comes to SoD audit tools, you can either build your own in-house or choose between a few vendors currently on the market. But buyer beware, not all tools are created equal. Learn what to look for when exploring options.
How to prevent fraud risk
SoD is the most effective approach to placing internal controls over your organization’s assets and preventing the kind of fraud seen at Yale.
The importance of cross-application SoD capabilities
It is not unusual, especially in large enterprise customers, to find sets of data in different ERPs. For example, supplier master data may be stored in one ERP such as Oracle e-Business Suite, or ERP Cloud and transaction data in another such as Workday.