The SAP Systems processes personal data by its modules. Therefore, e.g. the Federal Data Protection Act (Act) has to be considered.

Although SAP is structured as international standard software and being used for all business aspects, the user shall not automatically assume that the legal requirements of the German or European data protection laws are Automatically fulfilled when using SAP.

For example the standard SAP profiles are often structured in a way that there are more privileges given than necessary. Due to the complexity of the authorization concept provided by the standard profiles, user often take over those standard profiles without any further checks and leave privileges unaltered. Often, more data are collected with SAP, as necessary for the fulfillment of the objective pursued and the technical and organizational measures that are required by the Federal Data Protection Act are not adequately implemented.

The Data Protection Officer should be consulted at the launch of an SAP system early in the project work, where the responsibility for the proper implementation of SAP remains the responsibility of project management.

The audit of SAP systems is carried out by us, together with your SAP experts. Our audit covers on request, both the base system as well as other modules such as HR / FI / CRM.

First, the documentation of a preliminary analysis is subjected by us. The findings are based on a conceptual analysis of safety-critical and data protection aspects.

A conceptual analysis is then followed by the analysis of SAP security parameters and the default permissions assigned as safety-critical.

The following is a detailed analysis of the system.

We search for safety-critical settings, incorrect permissions and profiles or wrong data field. The identified weaknesses will be assessed in cooperation with the SAP administrators.

From this, we will propose measures for improvement. The results are documented in an understandable report.