Security and Compliance Software

The Pensions Regulator did not have the information requested.

Dear The Pensions Regulator,

Can you confirm the SAP ERP version you are currently using?

Who provides your SAP Security, Authorisations and Role Design support?

Can you please confirm if you currently use SAP Access Control?

If you do use Access Control, what version is installed (options are v5.3, v10.0, v10.1 or v12.0)?

Do you have a support contract with an external provider to support SAP Access Control install?

Can you please confirm if you currently use SAP Process Control?

If you do use Process Control, what version is installed (options are v5.3, v10.0, v10.1 or v12.0)?

Do you have a support contract with an external provider to support SAP Process Control install?

Can you please confirm if you currently use SAP Risk Management?

If you do use Risk Management, what version is installed (options are v5.3, v10.0, v10.1 or v12.0)?

Do you have a support contract with an external provider to support SAP Risk Management install?

Can you confirm if you currently have any other SAP GRC software installed?

List of SAP GRC software includes, but not exclusive to:
i. Business Integrity Screening
ii. Single Sign-On
iii. Identity Management
iv. Audit Management
v. UI Masking
vi. UI Logging
vii. Read Access Logging
viii. BusinessObjects Access Control
ix. Versa GRC

If you do not have any SAP GRC installed/utilised, are there any plans to purchase and install the GRC software?

If you have implemented any of the aforementioned software and have a support contract what is the renewal date of that contract?

Where is your SAP infrastructure located and in what format?

When is the contract for third party support of your SAP infrastructure due for renewal?

Where do you advertise any SAP related procurement opportunities?

Yours faithfully,

Thomas

Dear Thomas

 

Freedom of Information Act 2000 (FoIA) – request for information

 

Thank you for your email dated 16 November 2018 in which you have made a
request for information.

 

Your request has been passed to the Corporate Governance and Compliance
team and is being dealt with in accordance with the FoIA.  We will respond
to your request by 14 December 2018, which is 20 working days from the
date after we received your request. We will inform you in advance if we
are unlikely to meet this time frame together with the reasons why.

 

For further information on our FoIA policy please use the following link:
[1]http://www.thepensionsregulator.gov.uk/d...

 

If you have any queries about this request please do not hesitate to
contact me.

 

Please quote reference FOI-3463 in any correspondence you may have with
us.

 

Yours sincerely,

 

 

 

 

 

Mark Johnson

Business Partner, Corporate Governance and Compliance team

Email: [2][email address]

Direct Line: 01273 627611

 

Please note that information obtained by The Pensions Regulator (TPR) may
be ‘restricted’ within the meaning of section 82 of the Pensions Act 2004.
If so, TPR, and any person who receives the information directly or
indirectly from TPR, is subject to the restrictions on its further use and
disclosure set out in that section. Your attention is drawn in particular
to the provisions of section 82(1) and 82(2) of the Pensions Act 2004.
Onward disclosure of restricted information other than in accordance with
the Pensions Act 2004 is a criminal offence.

TPR is a data controller for the purposes of the General Data Protection
Regulation (GDPR) and the Data Protection Act 2018 (DPA). For information
about how we process personal data, please see our [3]privacy notice.

This email and the information contained in it may be privileged and/or
confidential. It is for the intended addressee(s) only. If you are not an
intended recipient, please notify
[4][email address]

 

 

References

Visible links
1. http://www.thepensionsregulator.gov.uk/d...
2. mailto:[email address]
3. https://www.thepensionsregulator.gov.uk/...
4. mailto:[email address]

Dear Thomas

 

Freedom of Information Act 2000 (FoIA) – request for information

 

Thank you for your request for information dated 16 November 2018 which I
have dealt with under the terms of the FoIA.

 

You have requested the following information:

 

“Can you confirm the SAP ERP version you are currently using?

 

Who provides your SAP Security, Authorisations and Role Design support?

                       

Can you please confirm if you currently use SAP Access Control?

 

If you do use Access Control, what version is installed (options are v5.3,
v10.0, v10.1 or v12.0)?

 

Do you have a support contract with an external provider to support SAP
Access Control install?

 

Can you please confirm if you currently use SAP Process Control?

 

If you do use Process Control, what version is installed (options are
v5.3, v10.0, v10.1 or v12.0)?

 

Do you have a support contract with an external provider to support SAP
Process Control install?

 

Can you please confirm if you currently use SAP Risk Management?

 

If you do use Risk Management, what version is installed (options are
v5.3, v10.0, v10.1 or v12.0)?

 

Do you have a support contract with an external provider to support SAP
Risk Management install?

 

Can you confirm if you currently have any other SAP GRC software
installed?

 

List of SAP GRC software includes, but not exclusive to:

 

i. Business Integrity Screening

ii. Single Sign-On

iii. Identity Management

iv. Audit Management

v. UI Masking

vi. UI Logging

vii. Read Access Logging

viii. Business Objects Access Control

ix. Versa GRC

 

If you do not have any SAP GRC installed/utilised, are there any plans to
purchase and install the GRC software?

 

If you have implemented any of the aforementioned software and have a
support contract what is the renewal date of that contract?

 

Where is your SAP infrastructure located and in what format?

 

When is the contract for third party support of your SAP infrastructure
due for renewal?

 

Where do you advertise any SAP related procurement opportunities?”

 

I can confirm that we do not hold the information you have requested as we
do not use SAP.

 

Internal review

 

If you are dissatisfied with the handling of your request, you have the
right to ask for an internal review.  Requests for an internal review
should be submitted within two months of the date you received our
response to your original request and should be emailed to the Head of
Complaints and Information Disclosure at [1][email address] or,
alternatively, sent to the following address:

 

The Pensions Regulator,

Napier House, Trafalgar Place,

Brighton, BN1 4DW.

 

Please remember to quote the reference number FOI-3463 in any future
communications.

 

If you are not content with the outcome of the internal review, you may
apply directly to the Information Commissioner (ICO) for a decision. 
Generally, the ICO will not investigate your complaint until you have
exhausted our own appeal process.

 

The ICO can be contacted at: [2]https://ico.org.uk/concerns/getting/ or
alternatively you can write to them at the following address:

 

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Yours sincerely

 

 

 

 

 

 

Mark Johnson

Business Partner, Corporate Governance and Compliance team

Email: [3][email address]

Direct Line: 01273 627611

 

 

Please note that information obtained by The Pensions Regulator (TPR) may
be ‘restricted’ within the meaning of section 82 of the Pensions Act 2004.
If so, TPR, and any person who receives the information directly or
indirectly from TPR, is subject to the restrictions on its further use and
disclosure set out in that section. Your attention is drawn in particular
to the provisions of section 82(1) and 82(2) of the Pensions Act 2004.
Onward disclosure of restricted information other than in accordance with
the Pensions Act 2004 is a criminal offence.

TPR is a data controller for the purposes of the General Data Protection
Regulation (GDPR) and the Data Protection Act 2018 (DPA). For information
about how we process personal data, please see our [4]privacy notice.

This email and the information contained in it may be privileged and/or
confidential. It is for the intended addressee(s) only. If you are not an
intended recipient, please notify
[5][email address]

 

 

References

Visible links
1. mailto:[email address]
2. https://ico.org.uk/concerns/getting/
3. mailto:[email address]
4. https://www.thepensionsregulator.gov.uk/...
5. mailto:[email address]