Expand +



7 Tips for Conducting User Access Reviews (UARs)

by The Tip Doctor

July 6, 2011

Tip Doctor, Insider Learning Network.

Whether you're charged with protecting employee data, securing financial information, or safeguarding customer data, taking steps to regularly review the users who have access to this data is key. The following tip is from "Lessons for conducting user access reviews of your SAP system" given by James Roeske at Savera Systems at the GRC 2011 conference in Las Vegas in March.

Best Practices for Scheduling a User Access Review (UAR)

Best Practice #1: Schedule the UAR according to your needs, but at least once per year (e.g., before year-end closing)

Best Practice #2: Schedule the UAR more often for critical systems

Best Practice #3: Schedule the UAR after a re-organization

Best Practice #4: Schedule the UAR depending on your staff turnover

Best Practice #5: Schedule the UAR for different systems at the same time. The reviewer will only have to make decisions about each user once.

Best Practice #6: Identify and implement a timeframe in which the User Access Review should be finished

Best Practice #7: Ensure that the approver (reviewer, security) cannot review/approve his/her own data



An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!