the 4 factors to a successful security and segregation of duties implementation in peoplesoft
TRANSCRIPT
![Page 1: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/1.jpg)
The 4 Factors to a successful Security and
Segregation of Duties implementation in
PeopleSoft
![Page 2: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/2.jpg)
Agenda
• Smart ERP Solutions, Inc
• 4 Factors
• Opportunities
• Handouts
• Q&A
![Page 3: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/3.jpg)
About SmartERP
Oracle Platinum Partner
Best practices and expertise in strategic planning, implementation, upgrade and add-on / customization services
Unique blend of Solutions and Services
‘Clients for Life’ – High level of client satisfaction and loyalty
200+ Clients across various industries
350+ Employees
Global Locations:Headquarters in Pleasanton, CAOffices in Atlanta GA, Hyderabad, Chennai and Bangalore (India)
Founded in 2005 by former Oracle Architects, Executives and Consultants
![Page 4: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/4.jpg)
Achieve Best-In-Class PerformanceOur mission is to provide innovative, configurable, flexible, cost-effective solutions
to common business challenges, enabling our clients to save time,
increase productivity, minimize costs, and maximize their return on investment.
SolutionsBusiness applications that
offer organizations an
end-to-end solution
providing the right design
and implementation from
start to finish.
ServicesA 24/7 seasoned and
experienced staff of
experts to help you
implement your business
solutions efficiently and
effectively at a cost-
effective rate.
CloudCloud applications
provide solutions built on
proven enterprise class
architecture that enable
high configurability and
ease of monitoring.
![Page 5: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/5.jpg)
About SmartERP
Unique Smart Solutions Unique Smart Services
Employee Onboarding
Electronic Personnel Action and other HR Forms
E-Verify Integration with DHS
ERP Gadget for User Productivity / Experience
Embedded Analytics
Configurable advanced workflow on all transactions
Security/Segregation of Duties
Smart Doc’s such as Smart Voucher, Smart PO
ERP Implementations and Upgrades
Anything Oracle, some SAP and MS
Managed Services including PUM’s for PeopleSoft
Business Intelligence Services
Onshore/Offshore Services
Application and Database Management
Tax Automation Solutions
Oracle Cloud Consulting Services (SaaS, PaaS, IaaS)
![Page 6: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/6.jpg)
Sample clients in various industries:
![Page 7: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/7.jpg)
The 4 Factors
![Page 8: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/8.jpg)
4 Factors
• Ownership
• Working Together
• The Process
• The ‘Outsiders’
![Page 9: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/9.jpg)
Poll
Who owns the Access/SoD Reviews for you currently?
• Security
• Audit
• Functional Users/Managers
• A combination of the above
• None of the above
![Page 10: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/10.jpg)
Ownership
• IT supports the Application
• Finance/HR own the Application
• Security secures the Application
• Audit want to know what has changed and if the Controls are effective
The Task of reporting and implementing Controls is
usually directed to IT/Security, with the question – “who
should be responsible instead?”
![Page 11: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/11.jpg)
Working together
The answer - All of the above
• Steering Committee should be established
before starting this project.
• You need an Executive sponsor
• Business Users most heavily involved to
start with
• Be prepared to re-design Security
![Page 12: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/12.jpg)
The Process
Decide who should have what and what should be removed.
Conflicts within a Role versus Conflicts across a Role
Exceptions granted – sometimes Users need to break the Rules
Create Vendor
Approve Vendor
Create Vendor &
Approve Vendor
![Page 13: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/13.jpg)
Poll 2
• How do you manage security analysis and SoD currently?
• Third party Solution
• Manual based process
• No solution in place
• Don’t know
![Page 14: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/14.jpg)
The Outsiders
Third party Vendors, Contractors
In all Access reviews by Smart ERP, third parties had open access in Production
User Accounts often generic, not tied to an individual
No point in securing Employees when the Outsiders can do what they want!
![Page 15: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/15.jpg)
The Outsiders - Solutions
• Establish who from the third party is authorized to access your systems
• Remove ALLPAGES access, either:
– Implement Break-glass, give specific access when required
– Implement specific access for key personnel
• Auditing too difficult to switch for all of user activity
![Page 16: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/16.jpg)
Opportunities
• Software – Capital Expenditure, Training and self deployment
• Software as a Service – recurring fees to include services for deployment, management and advisory
• 100% Service – No software to be deployed, you send the data for review
![Page 17: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/17.jpg)
Effective Segregation of Duties
SoD
Proactive SoD
Reactive SoD
Mitigation
Written in Peopletools
Software, Service or Both
Over 100 Rules for FSCM,
Over 45 for HCM
![Page 18: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/18.jpg)
Role level
• Create matrix of all active system roles
• Identify all roles that should not be linked to the same user
– Such as purchasing and payments
Permission List / Business Process level
• Include Application security & processing options
• Add to / modify as needed
Component / Page and User Preference level
• Add in any custom or modified processing
• If creating your own rules
– Start with most important controls & gradually add to them
Creation of SoD Rules
![Page 19: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/19.jpg)
Over 200 Rules across FSCM and HCM
Pre-defined and ready to use on Day 1!
![Page 20: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/20.jpg)
Analytics and Reports
• Gain insight into Users with too much
access
• Mitigate Users who need access or to
break a Rule
• View SoD and Access results over time
with trending information
![Page 21: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/21.jpg)
Security Analysis Services
Extract your Data or deploy the software on-premises with services to manage the process.
Objectives: Identify the issues and provide the easiest root cause analysis
Example Security Analysis
![Page 22: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/22.jpg)
Violations by Role Report
Establish which Roles
are responsible for
granting Access in
PeopleSoft
![Page 23: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/23.jpg)
Q&A
• Please send any questions using the Questions feature
• Recordings and Slides available
• Want to discuss your Security and planning?
• Copy of the Analysis available on request
![Page 24: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/24.jpg)
Next Webinar
Register: http://www2.smarterp.com/smartI9webinar
![Page 25: The 4 factors to a successful security and segregation of duties implementation in PeopleSoft](https://reader031.vdocument.in/reader031/viewer/2022013104/5aac90b97f8b9a435e8b4e57/html5/thumbnails/25.jpg)
For more informationsmarterp.comsmartonboarding.comanalytics.smarterp.com