-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Cenoti (Splunk connector) Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services RISE BRIDGE Managed Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
Nikon gets the full picture of their risks, thanks to Soterion
Automated processes and less manual work
Reduction of unused SAP accesses
Full visibility of risks exposure
Daily updates on users, roles and SM20 logs
About Nikon
Nikon is a world-leading provider of imaging products and services. Their innovative optics technology – from consumer to professional cameras, lenses to system accessories – is powered by over 100 years of experience. The brand is globally recognised for setting new standards in design and performance.
Nikon is committed to leading imaging culture and enables some of the world’s best visual artists to reach their creative potential through visual storytelling.
The challenge: lack of visibility of their system’s risks
As the Nikon Corporation is listed on the Tokyo Stock Exchange, Nikon Europe BV – and the entire group – is required to be compliant with the J-SOX framework (also known as the Japanese Sarbanes-Oxley Act).
In an attempt to take a visual approach to their SoD (Segregation of Duties) risks, for the past ten years the IT team had been doing everything manually, exporting large amounts of data to Microsoft Excel to analyse SoD conflicts using SM20 log files.
The company realised that they were not getting the full picture, and were only able to skim the surface of their challenge. They needed to find a mature and sophisticated GRC (Governance, Risk and Compliance) solution to help them address compliance.
We were only addressing the tip of the iceberg with our processes; we knew there were many more risks in our system.
Tackling the risks with Soterion for GRC
Nikon Europe BV introduced SAP Access Control, and made a number of management changes. Having realised they needed additional tools to analyse and review critical access and SoD conflicts, they then implemented Soterion as their GRC solution for SAP systems.
As soon as they connected their SAP system to the Soterion cloud, they started to see tangible benefits in their risk management. Their risk exposure was even higher than anticipated, so they immediately started to mitigate the risks that Soterion highlighted.
They used the following Soterion modules:
- Basis Review: to inspect their SAP Basis configuration against a set of rules based on industry best practices to establish full compliance.
- Periodic Review Manager: which allows enterprise users to periodically review the access risk of their SAP users in their SAP systems easily and efficiently, to improve the visibility of their GRC environment.
- Self-Service: for password reset services, which will save the team a lot of manual time in resetting and locking users’ passwords.
We had done it manually, but at some point, we couldn't make it to the next step, so we needed to look for a mature sophisticated GRC solution. We were already working with EPI-USE Labs, so Soterion was the perfect tool for our SoD framework.
Achieving GRC compliance
GRC compliance is a long-term project, but even so, the Nikon team is already seeing benefits from using Soterion.
The IT team saves a lot of manual work time by having a tool with which to automate workflows for new users, reset passwords, clean up superfluous roles or transactions, activate risk templates, and adjust risk settings quickly and easily.
Soterion has given them the ability to understand their company’s risk exposures, and thus the power to act on them.
Daily updates of users, authorisations, and roles
Clean-up of superfluous roles and transactions
Removal of unused SAP accesses
Fine-tuning risk settings
Defined organisational structure
We have tangible benefits already. For the first time, we now see our real risk exposure; it was even higher than anticipated. It will take time, but at least now we have the insights that we were looking for.
