Technology Risk Partners stopped offering this service on Thursday 6 April 2023.

Any existing contracts for this service are still valid.
Technology Risk Partners

IT Audit Automation - SAP S4 Hana

We use modern data science and AI techniques to help design secure responsibilities, resolve SoD conflicts, monitor sensitive configurations, and detect suspicious transactions to protect against payment fraud and error.

Features

  • Automated SoD Analysis
  • Rulebook of more than 1000 controls
  • Responsibility Simulation
  • User Simulation
  • Audit Report
  • Automated IT Controls Analysis

Benefits

  • Activity based SoD Model
  • Audit Trail
  • Promotes Independence
  • Consistency Across organization
  • Access Request Workflow
  • SoD Risk Alert
  • What-if Analysis
  • Activity based IT Controls Model

Pricing

£15,000 to £30,000 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at arun.majumdar@techriskpartners.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 3 7 2 7 9 3 8 2 5 9 2 5 3 0

Contact

Technology Risk Partners Arun Majumdar
Telephone: 07768012397
Email: arun.majumdar@techriskpartners.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Can be disclosed as required.
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Not Applicable
System requirements
Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
According to SLA.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
When you opt for our services, you will have the option of initiating a chat right from the solution itself.
Web chat accessibility testing
N.A
Onsite support
Yes, at extra cost
Support levels
Our developers can provide on-site support to the client, be it as a technical account manager or cloud support engineer.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide the script and the white paper. In case any more assistance is needed we provide both onsite training and online training.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
There will be an option
End-of-contract process
There is no additional cost

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Is mobile friendly.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Get history, when invoked, sends the name of a customer account and gets the history of the customer's transactions.
Accessibility standards
None or don’t know
Description of accessibility
NA
Accessibility testing
NA
API
Yes
What users can and can't do using the API
NA
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
As per customer's requirement.

Scaling

Independence of resources
Being a cloud service, iRM is easily scalable.

Analytics

Service usage metrics
Yes
Metrics types
As per requirement.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users will have the option to export data from the solution.
Data export formats
  • CSV
  • Other
Other data export formats
  • Xlsx
  • Xml
Data import formats
  • CSV
  • Other
Other data import formats
  • Xml
  • Xlsx

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
IRM has mutually agreed implementation period and if the deadline is not met, there might be further discussions on extending the timeline. If an agreement is not met, iRM does not charge their customers.
Approach to resilience
This information is available on request.
Outage reporting
A public dashboard, customer support and email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
This information will be shared on further enquiry.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
This information is available on request.
Information security policies and processes
This information is available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Components of our services are tracked through their lifetime and changes are assessed for security impact.
Vulnerability management type
Undisclosed
Vulnerability management approach
This information will be shared on further enquiry.
Protective monitoring type
Undisclosed
Protective monitoring approach
This information will be shared on further enquiry.
Incident management type
Undisclosed
Incident management approach
This information will be shared on further enquiry.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Social Value

Fighting climate change

Fighting climate change

This information will be shared on further enquiry.
Covid-19 recovery

Covid-19 recovery

This information will be shared on further enquiry.
Tackling economic inequality

Tackling economic inequality

This information will be shared on further enquiry.
Equal opportunity

Equal opportunity

This information will be shared on further enquiry.
Wellbeing

Wellbeing

This information will be shared on further enquiry.

Pricing

Price
£15,000 to £30,000 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Access of iRM solution with limited controls is given for free trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at arun.majumdar@techriskpartners.com. Tell them what format you need. It will help if you say what assistive technology you use.