Infrastructure Vulnerability Analysis helps identifying security weaknesses on the layer below application security. Generally speaking, infrastructure management and SAP system administration are two different worlds and there tends to be a gap of knowledge and ownership in between the two. The technical foundation of a system is a 123213. In the infrastructure vulnerability analysis, the SAP security specialists inspect the vulnerability of the installed SAP components, kernel and services for any known weaknesses. The results of this (technical) analysis help remediate the quickfixes and may disclose the gaps in administrative policy and procedures within the IT department to pro-actively manage SAP system-security at infrastructure/kernel level.

GRC Access Control is an effective solution to pro-actively monitor the presence of undesired segregation of duties conflicts and ensure adequate follow-up – that is – if properly configured. Tailoring the SoD ruleset in GRC Access Control is a specialist activity and setting up the rules correctly such to detect all conflicts listed in the ruleset is a must if you want to rely on the reported conflicts. Incorrectly setup rules lead to incomplete and/or wrong SoD reports, an unacceptable situation if SoD and its pro-active detection have become key controls in the risk management approach. Don’t assume, get assurance. axl & trax conducts quality reviews in which the SoD ruleset and/or the setup of Access Control is examined for errors or improvement potential.

Process Cycle Control Audits make an in-depth inventory of the established business controls in place to reduce risk exposure at critical moments of a particular business process supported by SAP. Whether it is about Purchase-to-Pay, Order-to-Cash or other processes, the process control specialists of axl & trax establish an overview of the process and the specific risks in the process implementation. Based on this, an assessment is made of the defined and implemented controls (programmed, configurable, procedural or manual) through interviews and SAP system inspection to verify whether risk is properly addressed. The result is an audit report highlighting the observations and any potential weaknesses identified in the process or its corresponding implementation in SAP.

Security Governance Audits focus on healthy and good practices in the domain of user access management at strategic and tactical level. Equipped with in-depth knowledge of today’s good and successful practices in the market as well as the commonly accepted best practices like ISO2700x and COBiT, specialists of axl & trax assess current company posture and discuss potential areas of improvement and advice on how to gradually grow SAP security governance to the next maturity level.

License Optimalization Services offer the opportunity to test whether an organization is in control over its purchased licenses and their use within SAP.  The license optimalization audit helps to map the allocated user license types with granted access rights and actual use of transaction codes. This detailed analysis report can be used to change the user license allocation and thereby reflect SAP system usage reality and/or reduce the yearly payable license fees to SAP. In that respect, this service is often considered an ROI-service.