Elkjøp Nordic was founded in Norway in 1962. Since then, they have grown to become the market leader in consumer electronics and kitchen appliances retail in the Nordic countries. The group consists of around 11,000 employees, and more than 400 stores in Norway, Sweden, Denmark and Finland, Greenland, Iceland and the Faroe Islands.
Elkjøp Nordic has been being part of Curry’s UK (Dixons Carphone plc) since 1999.
They are currently running these SAP systems: ECC, TM, EWM, F&R, CAR, EM and SLT.
Elkjøp encountered difficulties in managing large projects with tight deadlines, including the extensive use of external consultants who required additional authorizations using broad-access transaction codes.
The use of consultants made it challenging for Elkjøp to gain a clear understanding of the full scope of the project, and resulted in loss of control over role additions. Challenges included:
Another challenge they faced was a one-size-fits-all approach to roles, rather than creating roles tailored to specific needs, leading to inefficiencies and potential security risks.
Elkjøp concluded that they needed greater control over their systems, and support with setting up and managing these controls.
An implementation completed in only a matter of days resulted in an immediate return on investment.
Elkjøp chose the solution from EPI-USE Labs’ partner Soterion, as it offered industry best practices for SAP roles and authorisations.
Soterion's compliance software solves GRC (Governance, Risk management and Compliance) for SAP clients. The GRC tool was an excellent starting point for risk identification and management, enabling the team to obtain analytical and statistical views of their access risks, including SoD categorisation, critical transactions and privacy risks. They could also identify superfluous functions and transactions, which facilitated identifying remediation opportunities.
Soterion's big data mining and drill-down utilities made it possible to perform an in-depth analysis, while its standard reporting functionality included online reporting with live drill-down capabilities on current data. This enabled Elkjøp to have a comprehensive and effective approach to managing access risks and maintaining control over authorisation processes.
The GRC solution from EPI-USE Labs and Soterion raised awareness in the company, and moved the responsibility back to the business, rather than being with the IT team.
The implementation of the solution initiated a risk remediation project that raised awareness in the company, and started moving the responsibility back to the business, rather than the IT team. Also, the company did an extensive clean-up process to address the Principle of Least Privilege.
Soterion is now configured to run a monthly deactivation process for inactive users, and all users and authorisations are centrally provisioned.
We were also pleasantly surprised by how efficient the EPI-USE Labs helpdesk team was, and the personal level of service.