MARC is a GRC application which aims to simplify the process of managing and monitoring SAP user access and configurations. There are 5 products which make up MARC, but the main feature and most-used for our services is a product called Access Conflict Monitor (ACM).

ACM is used to perform analytics on SAP access rights in order to identify segregation of duties (SoD) and critical access violations. It can be configured before each analytics run, in order to customise the rulebook used for the run, the authorisation data that is to be analysed and other settings (such as the selection of users to be included in the analytics).

Other products within the MARC suite includes Compliant Access Management (used to manage changes to user access rights) and Privilege Access Management (for managing temporary broad access rights). For a full suite of products, please click here.

Find out more about how MARC compares with SAP GRC here.

How we use MARC

We use MARC to perform access analytics for our customers. It is used to support all our services, with the exception of Training.

In particular, the following are specific services which use MARC at their core:

  • User Access Analytics: MARC is used to analyse access rights within a particular client’s SAP system, in order to identify any violations against their access risk rulebook.
  • GRC Tool Implementation: MARC is one of the tools that we can implement to help you achieve a well-managed SAP access environment.

Why we chose MARC

  • Focused on SAP MARC was developed by a team with decades of experience in SAP. Its access analytics is based on the unique SAP authorisation concept and is performed down to authorisation object level, which allows for accurate results.
  • Specialises on access risks MARC ACM module has been designed to follow the natural flow that takes place in an access risk management process. It supports the documentation and customisation of risks, rulebook and specific configurations for running the access analytics, as well as documentation of mitigating controls.
  • Advanced reporting MARC ACM’s reporting features countless reporting options, including customised summarisation options, which allows us to create reports which meet specific client needs.
  • Flexible MARC can be used online and offline, allowing us to provide options to suit different clients. This flexibility also means clients can choose the level of involvement they need in running the access analytics.
  • Easy to use MARC is easy to implement and use for a variety of customers, requiring no extensive or lengthy preparation before using it. This means that clicking a web-link and entering a user-ID with password are all you need to do to start using MARC, and little investment is required to get it ready for use.

Who is MARC for?

  • End users MARC can be used to run access analytics by the end users themselves via an online connection to their SAP system, which allows continuous access risk checking, or offline mode, in which analytics is performed as and when required.
  • Consultants Via the offline connection, consultants can run access analytics for their clients in the respective clients’ own MARC environment.

Click here to find out more.

Get our newsletter delivered to your inbox monthly

Blog posts, webinars, tips and more! Make sure you don’t miss out by signing up for our newsletter.​