Sound United – SAP cleaning and redesigning authorisation
Written by Meindert Keuning
Sound United is a leading developer of premium consumer sound and home integration technologies, adding to its broad portfolio of hospital and home medical technology and wellness solutions. Sound United has been taken over by Massimo in 2022. Masimo (NASDAQ: MASI) is a global medical technology company that develops and produces a wide array of industry-leading monitoring technologies, including innovative measurements, sensors, and patient monitors. Powered by the Masimo Hospital Automation™ platform, Masimo connectivity, automation, and telehealth and telemonitoring solutions are improving and automating care delivery both in the hospital and beyond. Today, Masimo is publicly traded and employs more than 8,000 people worldwide (including approximately 1,800 as part of its recent acquisition of Sound United). Licensing agreements allow Masimo technology to work inside monitoring devices from a host of manufacturers, including Philips, Atom, Mindray North America, GE Medical, Spacelabs, and Zoll. Throughout its more than 30 year journey, Masimo’s mission – to improve patient outcomes, reduce the cost of care, and take noninvasive monitoring to new sites and applications – has remained strong.
Sound United is working on improving their SAP environment and BR1GHT was asked to support them to reduce risks in their SAP by cleansing SAP authorisations (get clean) and defining and implementing pre-conditions to stay clean. This Client Experience shows what we have done helping Sound United.
Sound United has had an SAP system for more than 15 years already. The initial concept has been set up in early 2010 and has – next to the required changes- never been updated again. Next to the fact that their external auditor raised critical SAP security issues, Sound United has been taken over by Massimo which implies that Sound United has to comply with Sox controls as well.
Sound United has implemented Soterion technology to get and stay clean. BR1GHT is supporting Sound United on the following three main topics:
(1) Solving key SAP basis risks
Solving the key SAP basis risks which are mitigated by the end of the year 2022 and support with implementing and training of Soterion. BR1GHT started this engagement to perform his analysis by making use of Soterion. Next to that we have taken all the external audit findings and combined these as on backlog which has been approached agile. BR1GHT has supported Sound United in mitigating their key risks in SAP in the areas of fire fighting, SAP security configuration settings, and limiting access to critical access. This was done for their global SAP kernel, BW kernel, and some local SAP instances. Next to that we have implemented and supported the Soterion technology. Soterion was just bought but not used. BR1GHT has supported Sound united in the training of Soterion.
(2) Authorization redesign
Sound United has asked BR1GHT to support a structural setup of their authorization structure within SAP. So that their SAP authorization risks are mitigated and the fundament of the authorization concept is strong and robust. BR1GHT has supported Sound United in the authorization redesign. BR1GHT did this engagement on a fixed fee engagement, so the client
knew upfront the costs for this project. We could do this engagement on a fixed fee engagement because we knew the SAP environment quite well as we analyzed the SAP environment in Phase 1 and Sound United has switched on the logs appropriately. Within this redesign, we use the Soterion technology daily. To design and implement risk-free single roles, to simulate risks when combining roles in business workshops, and to analyze the quality of the result. Soterion is key in an efficient authorization redesign. Sound United has chosen to use the standard Soterion rule set, it is also possible to configure client-specific SoD and risk rule sets when desired.
We have delivered an authorization design with is free of key risks and Sods. The SoDs which are in the system are approved by the business and mitigated controls are designed and implemented to reduce the risk. The Soterion Technology enables Sound United to automate its internal controls using workflows:
- User access creation / revoking access and simulation of access rights
- Inactive/dormant users
- Firefighting for highly privileged accounts
- SoD risk-free
- Automatic User certification
- Automatic role certification
(3) SAP Authorization Maintenance Support
Parallel to the redesign project, BR1GHT is discussing with Sound United how they could stay clean. We are going to discuss several alternatives including our shared service center in South Africa which could support Sound United in the stay clean activities.
Sound United is a company that delivers top-notch quality products. First-time right is important to them. That culture matched BR1GHT’s culture. We are grateful to work with such a company and have experienced people with a positive mindset and the willingness to learn and make things better. Furthermore, being part of Masimo and given Masimos’ mission to improve people’s wellbeing by developing new technology solutions for health care, makes us proud to work for this beautiful company.
BR1GHT employees are knowledgeable, pro active and have supported us to implement and use Soterion technology. With Soterion, we reduced the SAP risks efficiently and involved the business actively by assessing and simulating risks during the definition of the business roles. BR1GHT truly brings unique knowledge and experience to te table to reach our goals effectively with an managed and efficient authorisation concept.