Managing Business Access Conflicts
About Thirdware CELEBRATING 20 YEARS OF PROVIDING SERVICES IN QAD AND QAD ENABLEMENT. INDUSTRIES MILESTONES AUTOMOTIVE ELECTRONICS LIFE SCIENCES CONSUMER PRODUCTS FOOD & BEVERAGE FINANCIAL RETAIL TELECOMMUNICATIONS IT SERVICES EXPERTISE 1995: QAD Asia Pacific 2000: Ford 20% Equity 2005: Oracle/Hyperion Partner & SAP Partner 2008: CXO Cockpit Partner 2013: Salesforce & BIRST Partner Consulting and Implementation Application Management Services Upgrades, Transitions & Separations Application Development Services Trainings & Learning Services 300+ HAPPY CUSTOMERS 900+ DEDICATED EMPLOYEES GLOBAL OPERATIONS
Visteon Fast Facts
Business Issues Lack of visibility into QAD SOD Issues. Analysis and mitigation of SOD Conflicts were reactive and un-sustainable. Heavy workload for internal control / security team in – Analyzing and executing QAD access Preparing reports manually for audit requirements Maintenance and propagation of SOD Matrix
BAC Solution BAC Solution Features Maintain SOD Matrix Standard SOD Matrix SOD Analysis including Simplified Screen QAD Specific User Access Requests Online Conflict Analysis Approval Workflow Integration with QAD User Access Analysis & Deactivation Manage temporary user requests
QAD Security Functions User Access Mgmt. Domain level security Menu, Groups & Roles Menu & Group level Reports Role based security Simplified Screens
Business Access Control Functions User Access Mgmt. SOD Conflict Matrix Domain level security Menu, Groups & Roles Menu & Group level Reports Role based security Simplified Screens SOD Conflict Status Analysis Maintain SOD Conflict Matrix SOD Conflict data based on access provided to users
Business Access Web Application User Access Mgmt. SOD Conflict Matrix Domain level security Web-based Provisioning Tool Menu, Groups & Roles Menu & Group level Reports Role based security QAD Access Approval Workflow Simplified Screens SOD Conflict Status Analysis Web-based provisioning tool with real-time SOD Conflict Query for users/ approvers SOD Conflict based approval workflow
Solution Architecture Webapp Admin QAD Domain, Menu, Groups, Simplified Screen QAD to WebApp Domain, Menu, Users Conflict Data User Conflict Data QAD Visteon Rule Book Webapp to QAD Rulebook Updates VESS VESS VESS to WebApp User Access Request User Access Request - QAD Webapp to QAD Ticket Status User Access Request Approver Dashboard Approvals QAD User Creation/Update Webapp to QAD User Updates
Sample Conflict Matrix Linked to Std. QAD Menus & Groups 27.6.4.6 AR Payment Automatic Checks 27.6.5.1 AR Payment Manual Job Description : Code that indicates unique roles/responsibilities applicable in QAD Job Description :Process Incoming Payment Process Incoming Payment 27.6.4.6 AR Payment Automatic Checks High Conflict 5.13.1 Purchase Order Receipts Manage Good Receipts 27.6.5.1 AR Payment Manual 5.13.14 PO Shipper Maintenance 5.13.20 PO Shipper Receipt
Linking Menus to Job Description JD Code & Job Description QAD Menus applicable for the Job Description
Solution Walkthrough User Access Request from Visteon Security System. When Application is “QAD / MfgPro” control is transferred to BAC WebApp SOD Conflict status is Validated and Reported to user when roles are selected
User can see the individual group level conflict status Solution Walkthrough User can see the individual group level conflict status
User submits the access request with reason for access needed. Solution Walkthrough User submits the access request with reason for access needed.
Solution Walkthrough Approval Dashboard Access Requests Count By Conflict Status Individual Ticket with Conflict Status
Solution Walkthrough Conflict Status Approval Levels Low Conflict Medium Conflict Access Control Team High Conflict Security Administrator
Key Benefits All User Access are validated for SOD Conflict Status during submission. All User Access Conflicts are reviewed, approved and recorded. Automation of User Creations and User Deletions. Temporary User Access controlled by Start & End Date. Users and Functional Approvers have visibility to SOD Conflicts and are empowered to make access request decisions. Automated process to monitor usage and action on inactive userids Removed the burden on internal control to continually audit / address the access requests. Reduced workload on Security Control team. Approximately 60 Person Days of effort saved on monthly basis.