A global leader in advanced semiconductor systems. Headquartered in the US, the company is a prominent supplier
of semiconductor solutions that enable leading-edge computing, networking, automotive, industrial and mobile
applications. The organization serves over 100 enterprises across industries. The company's operations span across North America, APAC and EMEA.
The semiconductor manufacturer's business ran on multiple SAP enterprise systems with over one hundred SAP instances. User provisioning and role approvals were one manually, with the administration team relying on email approvals that were tracked using spreadsheets. With approvers changing frequently, keeping the manual tracker up to date became a challenge. The existing system was beset with problems given the absence of a mechanism to communicate rejection of roles to users, and the inherent lack of visibility into the entire process. Having to collect data
manually made the process of audit preparation tedious; the quality of data thus collected was also called into question.
- TCS team conducted an in-depth analysis of the business requirements and designed an automated workflow-based approval process for user provisioning and role assignment functions
- After interacting with the stakeholders TCS team has created the provisioning process across SAP applications using the Access Request management (ARM) module of SAP's GRC Access Control solution
- A fully automated security audit and Segregation of Duties (SoD) analysis tool designed to identify, analyze, and resolve SoD and audit issues
- Working closely with the customer's management team, TCS' domain consultants created the solution blueprint, identified internal and external dependencies, and planned the realization and go-live phases.
The implementation of the SAP GRC Access Control solution offered the semiconductor manufacturer a host
of benefits, the primary one being automation of the user provisioning process. Multiple stakeholders
including users, auditors, and security administration teams have benefited from this implementation.
- Reduction in process timelines and effort involved: The elimination of the tedious spreadsheet based manual process has resulted in better tracking of owners and role approvers. Further, automating the approval process has saved the company significant time and effort. The average processing time for role assignment and new user account creation processes came down by about 50 percent. With the elimination of email-based approvals, gaining the required access has become relatively quicker and easier for users.
- Improvement in auditing process: The company's internal audit team now has flexible risk analysis options such as choosing ranges for roles and users, as well as running multiple report threads in parallel. This has improved the organization's ability to analyze violations related to Segregation of Duties (SoD). The audit team has benefited immensely from the improved log review process, which captures activities that were previously left undocumented. Auditors are now able to review logs that are automatically captured by the GRC solution when a user exercises excess privileges through Fire Fighter processing. For these logs, auditors earlier had to rely on manually generated spreadsheets that were provided to them by respective project teams.
- Enhancement in process governance: The new design also makes possible the expansion of SoD simulation at the role level, giving visibility into potential conflicts for users affected by role changes. This feature has been of great use to the company's security administration team, which uses this information to determine a potential risk when modifying transaction codes and authorization objects for a given role. In addition, the super users of the various business units can undertake firefighting activities harmoniously. This has reduced the need for repetitive role assignments, as a result of which the security administration team expends much less effort while handling a crisis. The company can now integrate its existing Identity Management (IDM) system smoothly with the SAP GRC solution, which means that user access requests raised in the IDM system also reflect in the governance mechanism implemented in the GRC.