Close

HAVE QUESTIONS?

Contact us today.

Subscribe me to your mailing list

SAP Compliance with GLBA

WHAT IS GLBA AND HOW IS IT RELATED TO SAP

The Gramm-Leach-Bliley Act requires financial institutions and affiliated companies to protect consumers’ nonpublic personal information or personally identifiable information (PII).

Section 501 of the GLBA, “Protection of Nonpublic Personal Information,” requires financial institutions to establish appropriate standards related to the administrative, technical, and physical safeguards of customer records and information.

The scope of these safeguards is defined in the GLBA Data Protection Rule, which states that financial institutions must:

  • Ensure the security and confidentiality of customer data
  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such data
  • Protect against unauthorized access to, or use of, such data that would result in substantial harm or inconvenience to any customer

Financial institutions intensively use SAP systems to support their mission-critical business processes and shall comply with GLBA.

WHAT SHOULD YOU DO TO COMPLY YOUR SAP WITH GLBA

  • Inventory SAP systems in scope of GLBA
  • Identify personal information in SAP, information flows and users having access to the information (SAP users, roles and groups)
  • Detect misconfigurations and vulnerabilities providing unauthorized access to the personal information
  • Perform a security risk assessment
  • Protect the personal information:
    • Restrict access to the personal information
    • Eliminate vulnerabilities and misconfigurations
  • Eliminate vulnerabilities and misconfigurations in SAP components

HOW CAN WE HELP TO MAKE YOUR SAP GLBA-COMPLIANT

With the help of our flagship product ERPScan Security Monitoring Suite and our professional services, such as SAP Security Audit and SAP Vulnerability Management, you can enhance your compliance with GLBA by identifying potential risks and eliminating them in due time.

ERPScan solutions go beyond GLBA:

  • ERPScan tool or ERPScan Professional services team inventories SAP landscape, detects all important assets, and identifies places where critical data is stored.
  • ERPScan identifies all users who have access to information assets from deep level authorizations perspective with the help of ERPScan Segregation of Duties module.
  • ERPScan can help detecting all 7000+ misconfigurations and 3800+ vulnerabilities, which can be used to get unauthorized access to SAP systems, be it SAP ABAP, JAVA or HANA-based solution.
  • ERPScan helps fixing all necessary issues with the help of ERPScan auto-correction functionality and detailed remediation descriptions for all issues.
  • Finally, the solution continuously monitors SAP systems for new vulnerabilities.

In order to apply organization wide security policies in SAP environment and implement the required security control, we use SAP Cybersecurity Framework. The document describes what management and operational processes should be implemented in SAP and how to link them to high-level compliance requirements.

Interested? Request demo now

Contact us today.

Select your country:

Subscribe me your to mailing list