GRC Tool Implementation

Managing access risks can be complicated and time-consuming. If there is a large number of users with various access rights, this task can be practically impossible to manage without a proper tool. A suitable GRC tool can more easily help you achieve a clean access control environment and keep it clean afterwards.

If you are a GRC consultant, you know that convincing all customers to install a suitable GRC tool can be a long shot. You may end up servicing part of your customer base without a tool and/or working with different tools across your customer base. Having you own tool, configured to your own quality standards, which you are able to deploy to serve multiple customers, could be a game changer.

We help you assess your tooling needs, select a suitable one and implement it to your specific needs. In the process, we also equip selected stakeholders with skills on how to maintain this tool in the long run.

Based on our decades of experience in creating and using GRC tools, we have selected two software products, for which we can support the implementation: SAP GRC and MARC. These two products suit businesses of different scales and with varying needs and budgets.

If you are a GRC consultant or service provider who is interested in using a tool on behalf of your customers, MARC would be your choice. When you have MARC installed, you can perform analytics on third-party data belonging to as many customers, as often as you like.

Software products we work with

MARC is a flexible and affordable GRC solution, which is focused on helping businesses achieve access risk compliance.

MARC can be used either in online or offline mode. Online, it provides continuous compliance monitoring via direct connection to your SAP system.

Another alternative is to run MARC offline, which allows for analytics to be done only at specific points in time.

MARC is made up of various products, one of which is Access Conflict Monitor. This product is used for performing user analytics (and is also our chosen tool to use in our services here).

Other products include Compliant Access Management (to manage user access provisioning), Privilege Access Management, and Unlock Password Reset.

There is only one version of MARC, which is continuously updated with improvements. For the Cloud version, all updates are provided as part of the subscription fee.

Any size of organisation can use MARC. It is customisable to your rulebook and takes a relatively short time to implement and run.

We provide services for all products of MARC, with a significant focus on Access Control Monitor (ACM).

SAP GRC is a solution which provides a wall-to-wall risk management system for SAP applications.

If correctly configured and managed properly, SAP GRC can provide substantial comfort over your internal control environment.

SAP GRC solutions are installed directly on-site and connected to the target SAP environment.

SAP GRC solutions are composed of various products, one of which is SAP Access Control. This product monitors and manages access into the linked SAP NetWeaver environment in real-time. It assists with user access provisioning, management of privileged access, etc.

Other SAP GRC products include Process Control and Risk Management.

The current version of SAP GRC is release 12.0 SP08. Any organisations using a previous version (i.e. version 10.0 or 10.1) will have to upgrade to release 12.0 before maintenance for 10.x expires at the end of 2020.

SAP GRC is typically more suited to large organisations with considerable budgets. The implementation process itself usually takes at least a few months.

Our services focus on SAP Access Control product only (not other SAP GRC products).


End to End GRC
Implementation & Support

What we can help you with:

  • Designing and building your chosen product, whether you choose to work with MARC or SAP GRC
  • Creating a tailored rulebook and content for the product
  • Designing your day-to-day GRC activities

GRC Upgrade

What we can help you with:

  • Upgrading your SAP GRC Access Control product from release 10.0/10.1 to release 12.0
  • Designing an updated, tailored content if required
  • Training your users on any changes/updates to the system and processes
  • Providing GRC support post go-live

Configuration Validation

What we can help you with

  • Performing a pre- and post-implementation assessment of your SAP GRC Access Control configurations against your business and security requirements
  • Providing GRC support post go-live

Not sure about what you need?

Take our free quiz here for a quick high-level view of your SAP access environment!

OR, if you are ready for a more thorough assessment:

Get in touch and we’ll walk you through a 30-minute diagnostic about your SAP access environment. We’ll evaluate the various aspects of SAP access management with you and suggest areas where improvements can be achieved.