Organizations face increasing challenges in meeting mandatory data protection enforcement standards, like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) (taking effect in 2020). In addition, it is expected that several US state-specific legislation will come into effect in the coming months.
These laws affect entities enormously. Organizations will also have to monitor where and how they receive Personally Identifiable Information (PII) through retention life from the moment they acquire it. They also need to keep records of data processing, consent forms, and lots of other documents. All of these factors inevitably increase the time required for the successful completion of an audit, while new regulations simultaneously reduce the time allotted for the same review. The emerging regulatory environment puts pressure on companies to develop new strategies for managing access to PII and reporting on uses. Needless to say, once properly assessed as a competitive asset, PII has become a liability with a distinct cost of keeping.
Are businesses still able to manage compliance with data privacy?
The answer is no. Recently, several companies have come under fire lately for data breaches.
Marriott was slapped a $123 million fine for a data breach in 2018. British Airways also faces, under GDPR, $230 million (for bad data security policies resulting in a breach). Although this accounts for 1.5 percent of the annual revenue of British Airways, regulatory fines may equate to 4 percent of the annual revenue of an entity.
Performing ERP Audits While Deck is Stacked
Traditional on-site ERP systems with logging capabilities consistent with an understanding of PII usage were not installed. Logs are intended for troubleshooting, finding system bugs, and ensuring all applications are running properly. The PII of the device was not a concern, so knowing access and use wasn’t important.
Given that companies are expected to perform audits more frequently, more effectively, and use ERP systems that need multiple report triangulation (thereby exponentially increasing audit times) to get a clear understanding of usage, an audit’s average cost has risen.
Audits of ERP Compliance Can Be Cheaper and Quicker Than Expected
Considering the current regulatory environment for data, organizations will attempt to improve their audit capabilities by focusing on data logging strategies (not just system performance).
Appsian’s PeopleSoft and SAP Security Platforms, incorporating granular logging capabilities that monitor user activity and data access, take data access into account and then compile patterns into easy-to-use analytics dashboards. All designed to provide the same user snapshot that once took weeks to manually compile with traditional logging capabilities – but with Appsian, it’s only taking a few minutes now.
The ERP audit techniques with Appsian can now suit the time and resource allocation needed by current and future data privacy regulations. And because these strategies can be easily integrated into conventional ERP systems that can (at one time) be considered an audit responsibility, you can extend the life of your legacy ERP system – thus maximizing your ROI and not being forced into costly and resource-draining projects.
Contact us to learn more about Appsian and how our Security Solutions can help prepare and manage compliance audits for your company.