-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services RISE BRIDGE Managed Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
How Elkjøp gained control of their access risks in a few days
Implementation in
a few days
Less manual extraction
and Excel manipulation
Easy identification of redundant or unused functions
Reduced number of
inactive users
About Elkjøp Nordic
Elkjøp Nordic was founded in Norway in 1962. Since then, they have grown to become the market leader in consumer electronics and kitchen appliances retail in the Nordic countries. The group consists of around 11,000 employees, and more than 400 stores in Norway, Sweden, Denmark and Finland, Greenland, Iceland and the Faroe Islands.
Elkjøp Nordic has been being part of Curry’s UK (Dixons Carphone plc) since 1999.
They are currently running these SAP systems: ECC, TM, EWM, F&R, CAR, EM and SLT.
The challenge: Lack of control over roles and access
Elkjøp encountered difficulties in managing large projects with tight deadlines, including the extensive use of external consultants who required additional authorizations using broad-access transaction codes.
The use of consultants made it challenging for Elkjøp to gain a clear understanding of the full scope of the project, and resulted in loss of control over role additions. Challenges included:
- unclear role ownership
- a lack of active role assessment
- neglect of Segregation of Duties (SoD) and the Principle of Least Privilege
- organizational changes not being considered.
Another challenge they faced was a one-size-fits-all approach to roles, rather than creating roles tailored to specific needs, leading to inefficiencies and potential security risks.
Elkjøp concluded that they needed greater control over their systems, and support with setting up and managing these controls.
An implementation completed in only a matter of days resulted in an immediate return on investment.
An effective GRC solution for SAP authorisations
Elkjøp chose the solution from EPI-USE Labs’ partner Soterion, as it offered industry best practices for SAP roles and authorisations.
Soterion's compliance software solves GRC (Governance, Risk management and Compliance) for SAP clients. The GRC tool was an excellent starting point for risk identification and management, enabling the team to obtain analytical and statistical views of their access risks, including SoD categorisation, critical transactions and privacy risks. They could also identify superfluous functions and transactions, which facilitated identifying remediation opportunities.
Soterion's big data mining and drill-down utilities made it possible to perform an in-depth analysis, while its standard reporting functionality included online reporting with live drill-down capabilities on current data. This enabled Elkjøp to have a comprehensive and effective approach to managing access risks and maintaining control over authorisation processes.
The GRC solution from EPI-USE Labs and Soterion raised awareness in the company, and moved the responsibility back to the business, rather than being with the IT team.
Shift in risk approach with Soterion
The implementation of the solution initiated a risk remediation project that raised awareness in the company, and started moving the responsibility back to the business, rather than the IT team. Also, the company did an extensive clean-up process to address the Principle of Least Privilege.
Soterion is now configured to run a monthly deactivation process for inactive users, and all users and authorisations are centrally provisioned.
We were also pleasantly surprised by how efficient the EPI-USE Labs helpdesk team was, and the personal level of service.
Benefits
