Onapsis solutions are designed to quickly and efficiently perform security and compliance audits to identify gaps on SAP systems.
SAP Security Guidelines
In September 2010, SAP released Secure Configuration of SAP NetWeaver ABAP Whitepaper, which describes "a set of security measures for ABAP systems against unauthorized access within the corporate network." These measures are not addressed by segregation of duties controls nor the security of base operating systems and databases; their sole focus is on the security of the SAP technology platform (Basis/NetWeaver). With reported SAP security notes on the rise from 20 per year in 2007, to over 1000 in 2014, SAP is proactively trying to help their customers mitigate the growing security risks to their SAP systems.
In order to help organizations reduce risks around business-critical applications, Onapsis has streamlined the process of mapping compliance requirements to SAP Security configurations. Our products allow you to rapidly check your SAP infrastructure against new guidelines, to spot gaps, and to quickly align your initiatives.
If your SAP systems are involved in credit card financial transactions they must align with PCI DSS standards and remain in-scope with your compliance initiatives. However, most organizations cannot easily identify which of their 1500+ SAP configuration parameters and 80,000+ tables are affected by this regulation. Additionally, organizations cannot efficiently check compliance of their dozens or hundreds of SAP systems.
Onapsis experts and partners have helped many global organizations align their SAP infrastructure to current PCI-DSS compliance initiatives. Onapsis products allow you to quickly detect PCI-DSS violations on your SAP infrastructure, and implement remediation plans to ensure that your SAP systems and applications are PCI-DSS compliant. Onapsis also offers a PCI DSS Security Audit service to assist companies with their PCI-DSS compliance efforts on SAP.
Sarbanes-Oxley (SOX) Compliance
The Sarbanes-Oxley Act of 2002 has dramatically affected overall awareness and management of internal controls in public corporations. Responsibility for accurate financial reporting has landed squarely on the shoulders of senior management, including the potential for personal criminal liability for CEOs and CFOs. Every organization that is publicly traded is subject to Sarbanes-Oxley regulations and it is critical to include SAP in your SOX compliance initiatives.
Onapsis solutions are designed to quickly and efficiently perform security and compliance audits to identify compliance gaps on your SAP systems. Onapsis also offers a SOX Security Audit which verifies if your business-critical applications are within the scope of SOX compliance. To do so, our consultants assess your SAP platforms beyond segregation of duties matrix to identify and mitigate risk where applicable.
ISO 27001 meets the need for the business community to have a shared model for establishing, implementing, operating, monitoring, reviewing, maintaining and measuring improvements to their information security management systems. ISO 27001 uses a topdown, risk-based approach and is technology-neutral.
Onapsis Research Labs have analyzed the requirements behind the latest ISO 27001 (released in 2013) standard and provided a comprehensive set of checks to measure an organizations assets against the requirements of this standard.