SAP Compliance with GLBA

What is GLBA and how is it related to SAP

The Gramm-Leach-Bliley Act requires financial institutions and affiliated companies to protect the consumers’ nonpublic personal information or Personally Identifiable Information (PII).

Section 501 of the GLBA, “Protection of Nonpublic Personal Information,” stipulates financial institutions to design, implement, and maintain appropriate administrative, technical, and physical safeguards of customer records and information.

The scope of these safeguards is defined in the GLBA Data Protection Rule that lays down the following set of instruction for financial institutions:

  • Ensure the security and privacy of the customer data;
  • Protect it from any reasonably anticipated threats or hazards to its security or integrity;
  • Protect it from unauthorized access or use of such data that would result in substantial harm or inconvenience to a customer.

Financial institutions extensively use SAP systems to support their mission-critical business processes and, consequently, must comply with the GLBA.

How to ensure compliance with the GLBA

  • Inventory SAP systems in the scope of the GLBA.
  • Identify personal information in your SAP, information flows and users with access to the information (SAP users, roles, and groups).
  • Detect misconfigurations and vulnerabilities that allow unauthorized access to personal data.
  • Perform security risk assessment.
  • Protect personal data:
    • Restrict access to personal data.
    • Eliminate vulnerabilities and misconfigurations in SAP components.

How can we help with the GLBA compliance

With the assistance of our flagship product, ERPScan Smart Cybersecurity Platform for SAP, and our professional services, such as SAP Security Audit and SAP Vulnerability Management, you can ensure compliance with the GLBA by identifying potential risks and eliminating them in due time.

ERPScan solutions go beyond the GLBA:

  • ERPScan’s flagship product and ERPScan Professional services team inventories the SAP landscape, detects all important assets, and identifies places where critical data is stored.
  • ERPScan identifies all users who have access to information assets from deep level authorization perspective with the help of ERPScan Segregation of Duties module.
  • ERPScan detects 7000+ misconfigurations and 3800+ vulnerabilities, which can allow unauthorized access to SAP systems, be it SAP ABAP, JAVA or HANA-based solution.
  • ERPScan auto-correction functionality helps to fix all arising issues and provides detailed remediation descriptions for them.
  • Finally, the solution continuously monitors SAP systems for new vulnerabilities.

In order to apply organization-wide security policies in the SAP environment and implement the required security controls, we use SAP Cybersecurity Framework. The document describes what management and operational processes should be performed in SAP and how to link them to the compliance requirements.

Interested? Request demo now

Contact us today.

    Select your country:

    Subscribe me your to mailing list