Why Review Your ERP System Access Strategy

 

Home / Blog / Why Review Your ERP System Access Strategy

 

Why Review Your ERP System Access Strategy

Author: Rob Bradsell, Principle Consultant 

Published: 27th January 2022

 

Data Security has always been a hot topic, with many companies adopting the latest strategies and technology to keep their data safe from 3rd parties. However, many fail to notice that while they may be doing a great job at protecting their data from external threats, they often slip up when protecting their data internally.

“Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle.”   What Is Data Security, IBM

Protecting your data internally also includes controlling your ERP, ensuring that users have the correct access to the data they need at the time they need it. Whilst it may sound simple enough, many companies have limited, or sometimes no controls in place to ensure the appropriate security levels are adhered to.

We have seen many companies fail to get their user access strategy right, with previous customer reviews showing many users having a much greater level of freedom in the system and to the data than needed. We have even seen companies that allow everyone into payroll and payroll data including employees’ salaries and benefits.  You can imagine the issues that may arise from that situation.

 

Some of the Root Causes

So, how does this situation occur?  It can be for a number of reasons but most commonly we find that it’s due to companies copying user roles from one to another, without realising or properly understanding the level of access the original user had.  Sometimes we find that the security levels within the ERP system are misunderstood by those with administrator rights, or we find problems resulting as a combination of these scenarios.

To prevent staff from accessing data they shouldn’t, companies need to have a strategy in place that enables tighter and stricter controls around the access that their users have.

 

ERP Access Strategies

What strategies should your Company consider implementing in order to get your ERP Access Strategy right?

Decide what data is confidential. 

What is deemed to be confidential data and who within the company is to have access to this data? This could include payroll sensitive data, company bank accounts, Gross and Net Profit %, financial information such as Profit & Loss and Balance Sheet Reporting. 

Define roles and responsibilities.

Clearly outline each role within the company and what security levels that role is required to have. This includes looking at whether that role is to have access to Enquiry, Maintenance and Reporting capabilities in the various modules.

Set up company roles and access levels within the ERP system.

Once the roles within the company have clearly been defined, set up the access levels in the ERP system to mirror these responsibilities.  These levels should then be tested and reviewed before rolling them out to the user.

Perform regular system audits.

Conducting regular checks of user access levels to identify who is accessing what information is critical to ensure the integrity of the system. These regularly performed audits should be done to ensure users are pointing at the correct role. This is most important when an employee has had a role change and/or new roles are added to the user.

Alert notifications can also be utilised in certain circumstances. For example they could be set to send emails to appropriate people to show who may have accessed certain data or to identify that data has been changed e.g. banking details for suppliers, employees etc. There should be some sort of written policy in place advising that company data is to be treated with the greatest degree of confidentiality.

Remove ex-employees.

Ensure that employees who have left the company are made inactive so that they can no longer log into the system and access data. This should be part of the employee off boarding process and should be signed off by the Department Manager and IT team.

Carefully define new user privileges.

Similar to the off boarding process, the on boarding process should include access rights and privileges for the new user to be agreed upon and signed off by the Department Manager and IT team.

 

How is your Company Handling ERP Access?

Having an ERP Access Strategy is vital for your Company to keep on top of who is in your ERP system, and what security level they have. While conducting an internal review of your ERP systems’ user access can be a lengthy process, the establishment of appropriate procedures and regular system audits is important in keeping confidential data safe.

If you need guidance in keeping your data safe we are here to help. Get in touch with Scope Systems and we can work together to develop and implement an effective ERP User Access Strategy.

 

Discover more.

Consulting

Improve Your Budgeting and Forecasting

Budgeting is one of those unavoidable tasks that most of us would prefer not to do, investing in a budgeting solution can help improve your processes.
Read More
Improve Your Budgeting and Forecasting
Consulting

Improving Your Passwords Strength

A password is the first line of defence in protecting not only your own personal data, but also confidential company data. Check out our tips for creating a strong and memorable password.
Read More
Improving Your Passwords Strength
Consulting

What You Need to Know About STP Phase 2

Are you ready for the upcoming reporting changes for STP Phase 2? Learn what you need to do now to prepare and what to expect.
Read More
What You Need to Know About STP Phase 2
Consulting

Modern Enterprise Data Architecture – Data Lake or Data Warehouse?

For data to be transformed into understandable information it first needs to be stored somewhere accessible, most commonly in a Data Warehouse or Data Lake.
Read More
Modern Enterprise Data Architecture – Data Lake or Data Warehouse?
Consulting

Greater Visibility Across Mining Supply Chains Will Reduce Supplier Risk

With accurate inventory data, you can measure supplier performance and help reduce extended lead times across your mining supply chain.
Read More
Greater Visibility Across Mining Supply Chains Will Reduce Supplier Risk
Consulting

Is Your Tenement Management System Time Consuming?

Ensuring your multiple tenements activities are being recorded and reported on is vital, as failing to do so can affect your whole mining operation and lead to costly penalties.
Read More
Is Your Tenement Management System Time Consuming?
Consulting

Intelligent Inventory Management Solutions will Transform the Mining Industry

An inventory management solution will give mining companies data-driven insights to help increase profits by focusing on having the right stock to meet demand.
Read More
Intelligent Inventory Management Solutions will Transform the Mining Industry
Pronto Xi

How Your ERP System can Help Relieve Worker Shortages

With shortages of skilled workers across many industries, optimising your ERP system can reduce the stress caused by gaps in your workforce.
Read More
How Your ERP System can Help Relieve Worker Shortages
Consulting

Are You Making the Best Inventory Decisions for Your Business?

Managing your mining inventory is a complex and time-consuming task if you don't have the right tools and processes in place.
Read More
Are You Making the Best Inventory Decisions for Your Business?
Consulting

Software Fatigue – When Software Implementations Go Wrong

A new business system is meant to streamline business processes, however instead of providing greater efficiently sometimes they do the exact opposite.
Read More
Software Fatigue – When Software Implementations Go Wrong
Pronto Xi

Why Exploration Miners Need to Invest in an Industry Specific ERP Solution

Exploration miners need to invest in better technologies to more effectively report costs to their shareholders.
Read More
Why Exploration Miners Need to Invest in an Industry Specific ERP Solution
Consulting

Why Review Your ERP System Access Strategy

Companies enthusiastically adopt the latest technology to keep their data safe from 3rd parties, however many fail to notice their internal data threats.
Read More
Why Review Your ERP System Access Strategy
Consulting

Retaining and Maintaining Your CRM Software

Depending on the size of your business, and the number of customers you have, CRM software may be invaluable in helping you to maintain your customer relationships.
Read More
Retaining and Maintaining Your CRM Software
Pronto Xi

Why Upgrade Your Pronto Version?

Why invest in a Pronto upgrade? What tangible benefit is there in going onto the latest available version? To answer these questions, we’ve noted down a few key considerations.
Read More
Why Upgrade Your Pronto Version?
Consulting

ERP vs Best-in-Breed

Since the introduction of cloud based app style software, the intense debate on a single integrated ERP solution versus best-in-breed software has been re-ignited.
Read More
ERP vs Best-in-Breed
Industry News

Light at the End of the Decline…Metaphorically Speaking

Our Sales and Marketing Manager, Sonia Turner gives insight into her experience over the past 5 years working with Scope Systems.
Read More
Light at the End of the Decline…Metaphorically Speaking
Service Support

Questioning Your ERP

Business Intelligence solutions help drive your business towards greater operational improvements.
Read More
Questioning Your ERP
Industry News

Bulls and Bears…The Year in Review

With the ringing of the New Financial Year bell, also comes the need to look at the year in review and ask the question, Bullish or Bearish?
Read More
Bulls and Bears…The Year in Review
Service Support

Investigative Support Calls

Scope Systems Service Desk Consultant Sergey Volchkov talks about his experience investigating Pronto Xi support calls and what can be done to make the process quicker and more efficient. 
Read More
Investigative Support Calls
Industry News

Beyond The Horizon

The theme of the recent AMEC conference was “Beyond the Horizon” and with rousing opening speeches from Sean L’Estrange and Andrew Forrest you would have left thinking that the Horizon was very much closer than the doom sayers would.
Read More
Beyond The Horizon
{"slides_column":1,"slides_scroll":1,"dots":"true","arrows":"true","autoplay":"true","autoplay_interval":2000,"speed":300,"lazyload":""}

Take the next step.

Get the help you need now. One of our experts will call you to discuss your needs and help start you on the path to greater control.

© Scope Systems Pty Ltd 2022
Business Management Software Solutions