slide 1:

By combining data-centric security capabilities with attribute-based policies Appsian’s Adaptive Data Security and Analytics products enable enterprises to apply dynamic fine-grained controls to their most critical business transactions. For customers using SAP GRC Appsian can extend the existing access control policies to improve the effectiveness of internal controls and enhance the reporting capabilities for direct real-time visibility into transaction usage violations and compliance risk. Appsian and SAP GRC Enhance Access Governance with Adaptive Data Security and Analytics Appsian Real-Time Analytics • Monitor transaction usage master data changes SoD violations • View actual SoD violations with user data and transaction correlation • Segment reports by user/data attributes • Drill down into end-user usage events Appsian Adaptive Data Control • Deploy attribute-based access control policies interlaced with SAP GRC • Implement real-time preventive SoD controls and business process controls • Enforce dynamic field-level controls Improve Visibility Enhance Control SAP GRC Access Control • Core foundation relies on role-based access controls • Relies on generic SoD rules • Limited to static controls at the transaction level © Appsian 2019 www.appsian.com infoappsian.com SAP GRC Reporting Capabilities • Relies on scheduled audits • Frequent false-positives on SoD violations • Limited context to log records • Raw CSV export format • Requires manual correlation of events

slide 2:

Appsian and SAP GRC Enhance Access Governance with Adaptive Data Security and Analytics SAP GRC Access Control • Provides the right access to the right people • Helps detect manage and prevent access violations • Access request administration – Workflow driven access requests and approvals • Automates reviews of role access authorizations risks and controls SAP GRC Process Control • Enables centralized documentation of controls and policies and covers the risks and regulations impacting an enterprise • Allows testing of controls to manage risk • Helps evaluate the controls and remediate issues using a range of tools • Allows monitoring of controls • Provides actionable insights • Helps to enable preventive controls • Makes internal processes more efficient by automation Appsian Adaptive Data Security Analytics for SAP • Access control at the transaction and data level • Preventive business process controls • Preventive Segregation of Duties controls • Real-time analytics for application usage business risk and compliance Appsian Products SAP GRC Core foundation relies on Attribute Based Access control Core foundation relies on Role Based Access Control Ability to implement Realtime SoD Violation rules Allows you to set up generic SoD rules Granular Access control using ABAC Transaction Level Access Control using RBAC Allows segregation of Data in reports using ABAC Who When What and How Need customization to support data filtering in reports Analytical reports to drill down into end user usage events to capture business risks and anomalies N/A Combine Business Rules with IT Security to Deliver Data- Centric ERP Protection Cannot consume IT security requirements Analytical reports to drill down into usage events that tie back to Compliance risks N/A