Security Project Team Leadership and Staffing

The Hermosa Beach Consulting Group is an organization of seasoned consultants contributing years of Big-4 or SAP America experience.  Our consultants have been involved with multiple projects and have a wide breadth of industry experience.  Our project leads have leadership experience with some of the largest and most complex global SAP implementations to date.

Training and Education

Each of our consultants is a technical expert in his or her field and has cross functional experience.  We provide specialized training catered to your company’s particular application security requirements.  Our staff has experience in leading technical security workshops, one-on-one training, as well as sessions for business process data owners to explain the authorization concept.  All of our implementation engagements include Knowledge Transfer to appropriate parties.

Best Practices Security Implementation Methodology

Our implementation methodology is adaptable to fit with any System Integrator’s approach and is scalable to the requirements of any size implementation.  We utilize a least privilege role design approach.  This ensures end users can only access what is required for their daily responsibilities.  The methodology is self-documenting and encourages client staff involvement, promoting Knowledge Transfer and handover to client security staff for on-going support.

The Hermosa Beach Consulting Group designs security to fit or improve client business process requirements without compromising the maintenance of a secure environment.  We help clients understand risk exposure, and through our least privilege design methodology, assist with strengthening business process controls.

Security Governance Policies and Procedures

Sound change management policies and procedures are an important part of maintaining a secure system environment.  Security Governance involves business ownership of the controls environment to ensure compliance with company policies and procedures.  The Hermosa Beach Consulting Group has industry best practice experience in the design and implementation of governance procedures to fit business requirements.  Policies and procedures are designed to ensure proper approval, communication, testing, and documentation are maintained before any changes are made within the secure environment.  Our consultants have experience in implementing both manual and workflow-driven governance solutions.

Technical and Business Process Expertise for Core R/3 Modules

Our methodology employs a least privilege security role design strategy.  The idea is to grant users only the access required to perform their jobs, while protecting sensitive data and maintaining compliance with legal regulations such as the Sarbanes-Oxley Act, ITAR, and other government or contractual obligations.  Least privilege role design empowers businesses to control access to information and functionality within a flexible and manageable environment.

Our approach requires our consultants to be experts in the technical aspects of SAP security as well as have a strong working knowledge of the business processes they are working to secure.  Each SAP module is secured by its own particular authorizations.  We work with our clients to assist in the creation of a security model which offers maximum protection with minimal on-going support requirements.

Technical and Business Process Expertise for SAP HR

Introducing HR data into a centralized ERP instance presents its own data security concerns.  With regulations around individuals’ privacy ever increasing, companies need to develop comprehensive data protection for personal information.  Our consultants are familiar with HR data security issues and best practices for securing data within the SAP application.

We can assist with the implementation of Manager Self-Service (MSS) and Employee Self-Service (ESS).  Our consultants are well experience with Structural Authorizations and the implications of their use.

Also, the implementation of the HR module allows security to be assigned to users based upon the HR Organizational Structure.  This method of security role assignment can greatly reduce overhead of on-going Security Production Support., as it allows users to be assigned appropriate access automatically, based upon where they belong in the Organizational Structure.

Technical Expertise for SAP Component Systems

Many companies implement additional SAP component systems in conjunction with R/3.  The Hermosa Beach Consulting Group has experience with securing all of the component systems.  Our methodology covers any component systems which may be implemented as we encourage our clients to standardize their security model across all component systems.  Users should be consistently restricted across any system to which they logon.  Each of the component systems is unique in its security requirements.  We have in-depth experience with the following systems:

• Enterprise Portal (EP)
• Business Warehouse (BW)
• Strategic Enterprise Management (SEM)
• Enterprise Buyer Professional (EBP)
• Customer Relationship Management (CRM)
• Business Consolidations System (both BCS and SEM-BCS)
• Workplace (WP)

Application Security Evaluation Services

During an implementation, many companies have found that it is a good idea to have an independent quality review of their methodology, design, and implementation strategy.  We have assisted several companies throughout their implementations by evaluating their security and making recommendations for improvement or areas in which to focus.