Emergency Access Management (EAM), formerly known as Super User Privileged Management (SPM), is a valuable tool that provides robust detective control for superuser type access to SAP systems. The investment in its implementation can be wasted though, if the transaction logs that it creates are not reviewed and acted upon. In fact, it can even create a false sense of security unless logs are objectively removed.
Breaches of policy will go undetected if logs are not monitored, so it is no longer an effective control. It is easy to understand why EAM reports go unchecked – there can be high volumes to review, and it is probably not a core activity for whoever checks the logs internally. If your logs are not reviewed, EAM is not fulfilling its control objective.
An SLA will guarantee that your logs are analysed, breaches of your controls are reported, and the audit trail therefore remains complete.
The service is very easy to set up. We work with you and your audit managers to agree the monitoring process. This might be a case of sampling a certain number of logs, or for undertaking full log reviews, depending upon the size and risk appetite of the organisation.
The agreed monitoring process will be fully documented, and the service will go live. Integrc provides a sign – off of logs that are satisfactory, investigates when criteria are met that indicate an issue, and provides evidence of any escalations or issues raised is kept. All logs are subsequently stored for audit purposes.
Integrc’s managed service provides a guarantee that control of EAM is enforced, that superuser access is being controlled, and that costs to do this reliably are significantly reduced.
- Reviews and analyses EAM logs
- Investigates issues that meet set criteria
- Provides evidence of escalations
- Stores logs for audit purposes
