Using Security Software To Assist Compliance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management
10:39 AM
Ted Kemp
Ted Kemp

Using Security Software To Assist Compliance

A natural gas distributor and oil producer implemented software that reports the actions individual employees undertake on its ERP system.

Energen, a Birmingham, Ala.-based diversified energy company, is taking reporting software it acquired for internal security monitoring purposes and plans to use it to assist its compliance with the Sarbanes-Oxley act.

The $842 million natural gas distributor and oil producer in May implemented software from Approva, Vienna, Va., that it uses to report the actions individual employees undertake through its SAP enterprise resource planning system. Energen is now testing the software, called BizRights, on a separate SAP system containing duplicated ERP data that the company uses for training and quality assurance.

The Approva software is also expected to help publicly traded Energen comply with the demands of Sarbanes-Oxley. "The objective is to say, we need to know what access each user has when they get into this [ERP] system," said Sage Wagner, Energen's SAP security administrator.

Energen has been an SAP shop for about two years, and about 500 of its 1,200 employees use the ERP to do their jobs, Wagner said. Each user is assigned roles that allow them to carry out specific transaction codes, such as the creation of a purchase order or invoice. The ERP further enables employees to carry out "authorization objects," which might for instance involve the filling of an individual data field within a transaction code screen.

Energen can use the Approva software to link to the ERP and track which of Energen's 2,000 transaction codes and, more specifically, which authorization objects individual employees use. BizRights creates reports for Energen's security, audit department or CFO that can show, for example, which employees have been updating the company's production tables.

That flexibility of use has made the software viable as a compliance tool as well as a security package. Individual duties and employees are segregated within BizRights workflows to ensure that only staff members who are cleared to carry out specific duties attempt to do so.

"If a person requests new access for a new role in SAP, they will go through [BizRights] and go through the automated workflow," Wagner said. "The first thing the software does is check to see if the request violates the segregation of duties that we've identified."

Energen has teamed with Approva to test an upcoming element of the application that will take the software's current capabilities further by adding alerts capability. Wagner expects such preventative functionality to further improve Energen's ability to comply with Sarbanes-Oxley.

Approva charges $150,000 for a BizRights package that monitors up to 5,000 employees on an ERP system. Costs increase for more users, and annual maintenance is 18 percent.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll