WHAT IS GLBA AND HOW IS IT RELATED TO SAP
The Gramm-Leach-Bliley Act requires financial institutions and affiliated companies to protect consumers’ nonpublic personal information or personally identifiable information (PII).
Section 501 of the GLBA, “Protection of Nonpublic Personal Information,” requires financial institutions to establish appropriate standards related to the administrative, technical, and physical safeguards of customer records and information.
The scope of these safeguards is defined in the GLBA Data Protection Rule, which states that financial institutions must:
- Ensure the security and confidentiality of customer data
- Protect against any reasonably anticipated threats or hazards to the security or integrity of such data
- Protect against unauthorized access to, or use of, such data that would result in substantial harm or inconvenience to any customer
Financial institutions intensively use SAP systems to support their mission-critical business processes and shall comply with GLBA.
HOW CAN WE HELP TO MAKE YOUR SAP GLBA-COMPLIANT
With the help of our flagship product ERPScan Security Monitoring Suite and our professional services, such as SAP Security Audit and SAP Vulnerability Management, you can enhance your compliance with GLBA by identifying potential risks and eliminating them in due time.
ERPScan solutions go beyond GLBA:
- ERPScan tool or ERPScan Professional services team inventories SAP landscape, detects all important assets, and identifies places where critical data is stored.
- ERPScan identifies all users who have access to information assets from deep level authorizations perspective with the help of ERPScan Segregation of Duties module.
- ERPScan can help detecting all 7000+ misconfigurations and 3800+ vulnerabilities, which can be used to get unauthorized access to SAP systems, be it SAP ABAP, JAVA or HANA-based solution.
- ERPScan helps fixing all necessary issues with the help of ERPScan auto-correction functionality and detailed remediation descriptions for all issues.
- Finally, the solution continuously monitors SAP systems for new vulnerabilities.
In order to apply organization wide security policies in SAP environment and implement the required security control, we use SAP Cybersecurity Framework. The document describes what management and operational processes should be implemented in SAP and how to link them to high-level compliance requirements.