Anglian Water has implemented a new governance, risk and compliance (GRC) service from su53 to ensure the security of its SAP applications
Anglian Water has implemented a new governance, risk and compliance (GRC) service from su53 to ensure the security of its SAP applications.
Su53’s Managed Security Service is said to offer firms a cost-effective approach for maintaining SAP GRC controls and expertise. Companies dealing with SAP GRC issues often face a combination of internal workers, contractors, freelancers, outsource partners and temporary staff all working across a number of different locations. This can drive up the cost and complexity of managing the environment.
The su53 Managed Security Service includes a number of features that the company says helps with managing GRC controls. These include security reporting, which provides regular or ad-hoc compliance assessment and GRC/risk review; security advisory and technical support, which manages the GRC system, handling issues and service requests as well as upgrades and support packages and security processing.
Anglian Water has outsourced most of its IT to CSC but wanted to in-source its SAP security operations and used su53’s consultants to achieve that, Sandra San Vicente, IS security risk manager at the firm said. The company started using SAP for about 12 years and has significantly added to its SAP portfolio since then and San Vicente told CBR that it had reached the stage where the security side of its SAP installations had got, "very complex and not many people understood it."
"Su53’s consultants have provided the essential expertise and support during new projects, helped boost the skills of our in-house team, and worked with us to ensure all the necessary knowledge is effectively transferred," San Vicente said, adding that the flexibility of su53’s consultants – who would often work on projects for a couple of days a week as needed – was key.
Although many organisations, including Anglian Water, initially bring su53 in for a specific project, Martyn Proctor, managing director at su53, said that strategic relationships often develop. "Clients come to us when they realise there are potential problems that need addressing before an audit. However, over time they discover that the continually changing nature of their business means that controls need to be constantly updated," he said.
The company is based in Northern Ireland so it benefits from lower operating costs and means customer data is kept within the European region, which Proctor said is key for gaining customer support and trust.
Proctor said that su53 believes it is filling a hole in the market that none of the bigger vendors are addressing yet but added the firm isn’t looking to expand its horizons just yet. "Any application that is installed across the network at a business means complexity and security issues," he told CBR. "We are currently very focused on SAP because it’s an enormous market and will certainly keep us going for a while. There is no harm in being a specialist in this sort of space."