ProfileTailor Dynamics for Segregation of Duties

Identify & Solve Conflicts Before They Occur

Quickly Resolve SoD Conflicts With ProfileTailor Dynamics

Take Control Over Segregation of Duties

Segregation of Duties (SoD) is a common requirement from auditors, which must be met.  The ProfileTailor Dynamics for Segregation of Duties module is a single control point to enforce segregation of duties rules on multiple platforms.  It helps with eliminating segregation of duties conflicts while complying with SOX regulations easily and quickly, using our unique behavior-based user profiling methods.

When you start an SoD project, you start with rules. The rules define what combinations of activities will conflict with SOX regulations. Only after a sound rule definition is defined can you proceed to find the violations to these rules.

You will be able to identify SoD violations by authorization roles or by specific users. If a violation is pre-approved, you can create a remediation (mitigation factor) quickly so this violation will not appear again in the reports.

Easily define SoD rules using only a browser, or an uploaded Excel document

Manage rules so you can separate them to groups, and activate or deactivate them together

Start with our built in best-practices, so you don’t have to start from scratch, or quickly upload your own set of rules

Quickly identify SoD violations and resolve any violation within a matter of minutes

Identify Violations Before They Occur

ProfileTailor Dynamics for  Segregation of Duties enables the identification of conflicts and violations of  SoD combinations on both the static level of granting authorizations for users – and on the dynamic level, as a compensating control.  A “What If” simulator allows a testing platform for potential violations. The system monitors actual real-time behavior usage for every SAP® user – and sends alerts about any unusual or unacceptable activity, including risk severity levels.

ProfileTailor Dynamics   uniquely builds a dynamic user profile for each user, so it provides information about what a user can or cannot do (authorizations) and of actual usage of the system on a day-to-day basis. Using this information, the system also alerts to any abnormal user behavior.

Best Practices for Segregation of Duties

Key Features and Benefits

Quickly Identify Violations to SOD

Generates many different types of reports and matrices, all of which serve to quickly identify violations.

Complete Segregation of Duties Solution

Allow auditors and security managers to implement one SoD ruleset and enforce it on multiple applications simultaneously.

Rich Ruleset, Fully Customizable

Includes various methods to create and maintain SoD rulesets easily and effectively, in order to maximize the level of control.

Designed For Every Organization

An on-premise solution or as cloud/SAAS installation as a continuous inspection solution. Also can be used in a single inspection mode.

Comprehensive Reporting

Automation of in-house and outsourced auditing tasks through ProfileTailor Dynamics for Segregation of Duties saves an average of 30% of external auditing hours, including SAP audits, SoD/SOX projects and pre-defined risk reports.

Reports on all roles containing a SoD violation

Reports on all users that have a combination of roles, activities, or objects that cause SoD violations

Reports on all users that have actually performed activities that violate SoD combination or rules

Maintaining A Clean Environment

How do you keep the situation clean and avoid seeing new violations in each audit report? To keep it clean, ProfileTailor Dynamics includes a set of workflow processes and features that can be used to:

Prevent a New Situation of Violating SoD

Using pre-defined workflow process of requesting authorizations. This process of approvals includes a built-in SoD violation check, and if it’s found that the requested authorization violates any of the SoD rules, it will be automatically redirected to the SOX manager, who can take further action.

Conduct a Periodic Process of Access Certification

As part of the SOX regulations, managers need to recertify their employees’ authorizations on a periodic basis. This can be done quickly with the pre-configured process for authorization review, included in ProfileTailor. Managers just love the simplicity of the process and the lack of hassle.

Comprehensive Workflow for Emergency Access

Use a comprehensive workflow process to allow access to production environments for IT personnel. ProfileTailor Dynamics includes a uniquely detailed process, that complies with GRC regulations, allows granting timely access, while tracking the performed activities.

Supporting Applications From

Take ProfileTailor Dynamics AI for a Test Drive