Checkeos y auditoria de SAP R/3

En el caso en que se deba realizar una auditoria sobre SAP R/3, es bueno tener una lista de controles a realizar y que permitan revisar su infraestructura y su seguridad:

• R/3 Security- Audit Check
• SAP R/3 user ID SAP* and other system user id has been adequately secured.
• The production system has been set to productive.
• Access Restriction: SCC4 and SE06
• S_DEVELOP is securedChange management is secured and controlled
• Transport access to production is restricted
• Developer access in production
• Change critical number range is restricted
• Custom tables has authorization groupLocking of sensitive systems transaction codesBDC user types should has only required accessRun Program in the back ground
• Changes to critical SAP R/3 tables are logged
• Scheduling and Monitoring Batch jobs
• Access to run reports should be restricted.
• Critical and custom SAP R/3 tables are restricted

Fuente: SAP Security Online