Context

High-risk SoD conflicts were identified in a live S/4 production environment, with no room for business disruption.

My Role

SAP GRC / Security lead owning risk analysis, remediation plan, and business coordination

Approach

  • Used GRC risk analysis to isolate the exact conflict combinations and impacted roles/users
  • Coordinated with business owners to understand operational timelines and critical activities
  • Applied controlled emergency access (Firefighter) only where required, with full logging and approvals
  • Redesigned roles to permanently separate duties and reduce recurrence
  • Implemented compensating controls where immediate redesign wasn’t feasible

Impact

  • Business operations continued without interruption
  • High-risk SoD conflicts were reduced and governed with traceable controls
  • Audit trail and evidence were clean and easy to validate