Available on-premise as multi-user Client/Server installation or as a single-user PC version, or in the cloud (SaaS).
CSI Authorization Auditor (CSI AA) is the audit & monitoring application for authorization and role setup in SAP environments. CSI AA makes a snapshot of a SAP system to gain insight into the past or current authorization setup of the SAP system.
CSI AA reveals weaknesses in your authorization concept but also helps identifying undesired authorizations, accumulation of access rights, unsecured back doors and cross-system Segregation of Duties. Assess your risk exposure by finding inconsistencies between what people are allowed to do, can do, did and can almost do. CSI Authorization Auditor comes with a pre-defined SoD engine with more than 400 SoD conflicts.
CSI AA further supports the security & control processes by allowing documenting control measures, such as compensating controls.
pdf CSI AA Leaflet - v13 (1.53 MB) - pdf CSI AA Brochure - v04 (219 KB)
CSI Authorization Auditor maintains the audit queries (rule set) and SoD conflicts (role based). Delta reporting is possible between various analyses. Because transaction code access and authorization access is checked separately, this module can verify the completeness of SAP GRC rule sets. Other features include statistical error reporting such as overwritten organizational values, unused roles, user types, manual and changed authorizations.
CSI Authorization Auditor now also reports all causing information to support remediation projects. The dashboards and trending overviews enable management to monitor the SoD statuses. The user access procedure with preventive SoD analysis ensures that the system stays clean.
CSI Authorization Auditor can be used to document all risks, control objectives and control measures. A control measure can be a manual or a configurable control. Configurable controls are analyzed automatically. It replaces your current documentation with control checks to be performed.
With one license you can audit or monitor an unlimited number of SAP systems and unlimited number of users.