​​​​​​SAP Security Training

Have you ever wondered whether your business-critical SAP implementation was secure? Do you know how to check it? Have you imagined which could be the impact of an attack to your core business platform? Do you know how to prevent it? This training is the answer to these questions.

SAP security is in place to protect company's assets and prevent fraud. Possible threats to assets are the users with malicious intent or incorrect operation. Hence, access assigned to the Users must be well controlled and monitored. 

The training is organized with many hands-on exercises, which will help you grasp practical knowledge quickly. You will learn how to assess the security of an SAP implementation and then secure the critical security gaps that is discovered.

The training also provides a quick introduction to basic SAP concepts, which allows non-SAP security professional to follow the course smoothly.

​Detailed Agenda

SAP Security Training is a 6-day seminar covering the following areas:

  • Introduction to SAP Security
  • SAP Security Authorization Concept
  • SAP Role Concept Design and Maintenance
  • SAP User Maintenance
  • SAP Security Support and Troubleshooting - Tips & Tricks
  • SAP Security Reporting
  • SAP Security Audit

​SAP GRC Training

Security is one of the most complex areas in SAP, and for most organizations it’s the Governance, Risk and Compliance (GRC) aspect. Most organizations address such compliance requirements through a series of disparate and often manual activities. Each of these activities is focused on a part of compliance, but it is not integrated into a cohesive, enterprise-wide compliance strategy that unifies all the GRC activities. The characteristics of this fragmented approach are:

  • Multiple silos of compliance data and documentation
  • Multiple tools for different compliance tasks
  • Multiple compliance applications for different enterprise applications such as SAP and Oracle (this is often at a great cost).

Some of the multiple components of SAP GRC are:

  • Access Controls (AC)
  • Process Controls (PC)
  • Risk Management (RM), etc.

This training would be focused on SAP GRC AC, which helps organizations monitor and manage authorization risks in their IT systems. SAP GRC AC also embeds preventive controls to prevent future violations from occurrence.

This training is based on SAP GRC 10.X version.

​​Why attend this training?

As more organizations use SAP GRC to support their security and compliance requirements, there is a growing need for SAP GRC professionals. The global demand for SAP GRC professionals is on the increase. This training is geared towards equipping you with all the necessary skills required to become SAP GRC professional. The training is conducted in an interactive style that provides participants ample time to understand the concepts. Exercises and real-life experiences are incorporated into the training which demonstrates the relevance of the knowledge obtained from the workshop.

After completing this course you will be able to perform the essential configuration functions in SAP GRC AC 10.X. The knowledge gained in this training will also help you become a productive member of your project implementation team.

Training Benefit

This training will help you to: 

  • Gain in-depth knowledge of SAP GRC AC  10.X functionalities
  • Understand how SAP GRC AC 10.X can be used to manage compliance
  • Understand how to review SAP GRC AC 10.X implementation
  • Understand how to configure the different modules of the SAP GRC AC 10.X

​​Detailed Agenda

SAP GRC Access Controls Training is a 6-day seminar covering the following areas:

Overview of SAP GRC product suite

  • Functionalities and components
  • History and versions
  • Overview of user interface

 SAP GRC Access Controls Architecture

  • System architecture and technical platform
  • GRC common components
  • Integration points

 Authorizations in GRC Access Controls

  •  SAP GRC authorization objects and roles

Implementing SAP GRC Access Controls

  • Overview of GRC AC 10.X Functionality
  • Access Control 10.X: Introduction
  • Access Control 10.X: Landscape
  • Segregation of duties
  • SOD Risk Management Process Overview
  • Risk Remediation Overview
  • The GRC Architecture
  • GRC Components
  • Overview of implementation process
  • Configuring Access Control using IMG
  • Shared GRC configuration settings
  • GRC 10.X Post-Installation verification

​Access Risk Analysis

  • Configuration and rule set maintenance        
  • Risk analysis framework
  • Analyze and Manage Risk
  • Maintain a Critical Access Rule
  • Role Level Simulation
  • User Level Simulation
  • Perform Ad Hoc Risk Analysis
  • Mitigating Risks
  • Audit trails

User Access Management

  • Business Rules Framework (BRF)
  • Maintaining Multi-Stage Multi-Path (MSMP) Workflow
  • Customize Workflow
  • Settings Specific to Provisioning and Managing Users
  • End User Personalization Forms
  • Create an Access Request

Emergency Access Management

  • Centralized Firefighting
  • Emergency Access Management Configuration
  • Maintain Owners and Controllers in Central Owner Maintenance
  • Assign Owners to Firefighter IDs
  • Assign Controllers to Firefighter IDs
  • Assign Firefighter Users to Firefighter IDs
  • Maintain Reason Codes
  • Monitoring Emergency Access
  • Review a Log Report

Business Role Management

  • Configuring Business Role Management
  • Role attributes
  • Maintain role definition
  • Roles-Specific Configuration Options
  • Configuring Role Methodology
  • Settings for Condition Groups
  • Maintain Owners for Role Management
  • Create a Single Role
  • Mass Managing Roles

Periodic Access Review

  • Review access and SoD risk
  • Monitor user access
  • Monitor role access

​​​All participants will be provided the training slides (soft copy only).

Registration Details

Date: Registration date varies, hence please contact us at info@bistund.com for updated registration date.

Course Duration: ~ 6 consecutive Saturdays. Class starts 8:00am CST.

Course fee: This is dependent on the terms of service. Fees cover the training materials.

Payment options: One full payment or 2 installment payments. Payment can be made by cash, credit card, money order or check (addressed to BISTUND Consulting). For queries or registration, please call 817-213-6464 or send email to
info@bistund.com and registration is on a first-come-first-served basis.

Cancellation and refund policy: BISTUND Consulting reserves the right to change the venue, date, trainers, program or cancel the program. A full refund of fees will be made in the event of cancellation.

Disclaimer: The information given is only a summary and details may be omitted which may be directly relevant to a particular individual or company. The information should therefore not be taken to be sufficient for making decisions.