Security and Compliance Software

The request was refused by Government Chemist.

Dear Government Chemist,

Can you confirm the SAP ERP version you are currently using?

Who provides your SAP Security, Authorisations and Role Design support?

Can you please confirm if you currently use SAP Access Control?

If you do use Access Control, what version is installed (options are v5.3, v10.0, v10.1 or v12.0)?

Do you have a support contract with an external provider to support SAP Access Control install?

Can you please confirm if you currently use SAP Process Control?

If you do use Process Control, what version is installed (options are v5.3, v10.0, v10.1 or v12.0)?

Do you have a support contract with an external provider to support SAP Process Control install?

Can you please confirm if you currently use SAP Risk Management?

If you do use Risk Management, what version is installed (options are v5.3, v10.0, v10.1 or v12.0)?

Do you have a support contract with an external provider to support SAP Risk Management install?

Can you confirm if you currently have any other SAP GRC software installed?

List of SAP GRC software includes, but not exclusive to:
i. Business Integrity Screening
ii. Single Sign-On
iii. Identity Management
iv. Audit Management
v. UI Masking
vi. UI Logging
vii. Read Access Logging
viii. BusinessObjects Access Control
ix. Versa GRC

If you do not have any SAP GRC installed/utilised, are there any plans to purchase and install the GRC software?

If you have implemented any of the aforementioned software and have a support contract what is the renewal date of that contract?

Where is your SAP infrastructure located and in what format?

When is the contract for third party support of your SAP infrastructure due for renewal?

Where do you advertise any SAP related procurement opportunities?

Yours faithfully,

Thomas

Dear Thomas

Thank you for your request for information dated 28 November 2018.

Unfortunately the Government Chemist is unable to provide you with the
information requested as its disclosure could be used to research and
exploit potential software vulnerabilities and, as a result, the
information is exempt from disclosure under section 31(1)(a) of the
Freedom of Information Act 2000.

Section 31(1)(a) is a qualified exemption, therefore, the Government
Chemist is required to carry out a public interest test. If the public
interest in disclosing the information outweighed the public interest in
withholding the information the exemption would no longer apply and the
Government Chemist would be obliged to release the information. In this
instance, it is considered that the public interest in maintaining the
exemption outweighs the public interest in its disclosure.

Yours sincerely

Government Chemist

 

-------------------------------------------------------------------

 

Dear Government Chemist,

 

Can you confirm the SAP ERP version you are currently using?

 

Who provides your SAP Security, Authorisations and Role Design support?

 

Can you please confirm if you currently use SAP Access Control?

 

If you do use Access Control, what version is installed (options are v5.3,
v10.0, v10.1 or v12.0)?

 

Do you have a support contract with an external provider to support SAP
Access Control install?

 

Can you please confirm if you currently use SAP Process Control?

 

If you do use Process Control, what version is installed (options are
v5.3, v10.0, v10.1 or v12.0)?

 

Do you have a support contract with an external provider to support SAP
Process Control install?

 

Can you please confirm if you currently use SAP Risk Management?

 

If you do use Risk Management, what version is installed (options are
v5.3, v10.0, v10.1 or v12.0)?

 

Do you have a support contract with an external provider to support SAP
Risk Management install?

 

Can you confirm if you currently have any other SAP GRC software
installed?

 

List of SAP GRC software includes, but not exclusive to:

i. Business Integrity Screening

ii. Single Sign-On

iii. Identity Management

iv. Audit Management

v. UI Masking

vi. UI Logging

vii. Read Access Logging

viii. BusinessObjects Access Control

ix. Versa GRC

 

If you do not have any SAP GRC installed/utilised, are there any plans to
purchase and install the GRC software?

 

If you have implemented any of the aforementioned software and have a
support contract what is the renewal date of that contract?

 

Where is your SAP infrastructure located and in what format?

 

When is the contract for third party support of your SAP infrastructure
due for renewal?

 

Where do you advertise any SAP related procurement opportunities?

 

Yours faithfully,

 

Thomas

 

show quoted sections