the motivation to write this document comes with the GRC Document Collaboration Topics project. Leo has requested more information about EAM audit trails and utilisation from a business point of view.
SAP Access Control with its module Emergency Access Management (EAM) enables users to perform activities outside their job role under a Firefighter ID in a controlled and auditable environment. A Firefighter ID can be checked out temporarily by assigned users (Firefighters) directly in the plug-in systems (if decentralized approach is set up) or from the GRC box. The application then tracks, monitors and logs the activities performed with the Firefighter ID and sends the logs to a pre-defined controller for subsequent audit trails.
The following flowchart provides a high-level overview of the EAM utilisation and log review process.
Some notes and clarifications of the process and its decisions:
In case of inappropriate usage, or also when the Firefighter ID Controller wants more information, the work item can be forwarded to the Firefighter. The Firefighter can then provide more details in the Notes tab and return the work item back to the Controller.
In case of inappropriate usage the Firefighter ID Controller has to decide whether the Firefighter ID needs to be removed, the Firefighter to be trained properly, or to impose sanctions against the Firefighter. In addition most of the cases the inappropriate actions need to be withdrawn/corrected.
More information and what data gets logged can be seen here: Emergency Access Management Reporting
Looking forward to your valuable feedback.
Thanks for reading.