Freedom of Information Request
I write in response to your freedom of information request sent by you by email on 27th
August, 2018. Your Request
You have requested the following information: Can you please confirm if you currently use or plan to use any of the following software:
1. SAP Business Integrity Screening
2. SAP Access Control
3. SAP Process Control
4. SAP Audit Management
5. Identity Access Management
6. SAP GRC
7. SAP Risk Management
8. SAP Global Trade Services
Where do you advertise any SAP related procurement opportunities?
In the event that you currently use any of the aforementioned software:
Do you have a support contract with an external provider for SAP Support?
If you employ any of the aforementioned software or have a support contract what is the renewal
Where is your SAP infrastructure located and in what format?
When is the contract for third party support of your SAP infrastructure due for renewal?
Do you manage SAP Security, SAP Role Authorisations and SAP Role Designs internally or through
an external provider?
If SAP Security, SAP Role Authorisations and SAP Role Designs is managed through an external
provider, what is the renewal date?
Which organisational department is responsible for managing overall SAP Security, Role
Authorisations and Role Design?
When is your next internal and external audit covering SAP roles and access?
S4C is only obliged to respond to requests made under the Freedom of Information Act 2000
(the “Act”) for information held for purposes other than those of journalism, art or literature.
When dealing with requests for information held for purposes other than those of journalism,
art or literature S4C’s obligations include:
confirming or denying whether we hold information of the description specified in the
communicating the information requested to the applicant. You should note that this
is effectively a decision that the information can be released into the public domain
and not simply to the specific applicant.
There are a number of exemptions that exist within the Act which impact on these
I confirm that the information requested is not held by S4C, as we do not use any of the
aforementioned software or services. All SAP security, authorisations and role designs are
managed internally by our IT Department.
If you are not satisfied with the way in which your request has been dealt with, you have the
right to refer the matter to the S4C Authority Complaints and Compliance Committee within
21 days for an internal review.
If you are not satisfied with the outcome of the Complaints and Compliance Committee’s
review, you may refer the matter for appeal to the Information Commissioner. The
Information Commissioner may be contacted at the address below:
Secretary to the S4C Authority