For managing Risks, Netsuite provides very good controls, with some better than its peers. For example, the ability to set two factor authentication against Roles was the first for any Oracle Applications.
With that being said, there are still thousands of Permissions and settings within the Application that need to be considered when implementing and reviewing Security. Many of these Permissions need to be grouped together in order to form duties (and hence begin Separation of Duties), these Duties make reporting and analysis much easier.
The problems include: what do you look for to create these Duties? What Duties to separate?
Seecuring provides the ability to make sense of Netsuite Permissions, and have them structured into 'Duties' that can be segregated or reported on stand alone.
* Analysis of access to the Sensitive and Critical elements of the Application
* Segregation of Duties analysis and remediation
* Review impact of making changes to your security and make the right decisions to get your Controls and Configurations resolved
* Assign actions to your team for fixing issues
* Create exceptions to Violations, stored and ready to be reported on as part of your Access Certification - sometimes Users need to break the Rules and you will have compensating controls.
* Identify and work with you to create processes to manage Support and System/Power Users such as the Administrator
* Ensure your issues are being resolved by measuring progress over time, if you need a Role removing from a User, Seecuring will let you know if it has been done
There is no software to deploy or install, and our solution of Technology and Services is based on a Subscription so no high up-front costs.
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.