Nikon gets the full picture of their risks, thanks to Soterion

The challenge: Lack of visibility of their system’s risks

As the Nikon Corporation is listed on the Tokyo Stock Exchange, Nikon Europe BV – and the entire group – is required to be compliant with the J-SOX framework (also known as the Japanese Sarbanes-Oxley Act).

In an attempt to take a visual approach to their SoD (Segregation of Duties) risks, for the past ten years the IT team had been doing everything manually, exporting large amounts of data to Microsoft Excel to analyse SoD conflicts using SM20 log files.

The company realised that they were not getting the full picture, and were only able to skim the surface of their challenge. They needed to find a mature and sophisticated GRC (Governance, Risk and Compliance) solution to help them address compliance.

Tackling the risks with Soterion for GRC

Nikon Europe BV introduced SAP Access Control, and made a number of management changes. Having realised they needed additional tools to analyse and review critical access and SoD conflicts, they then implemented Soterion as their GRC solution for SAP systems.

As soon as they connected their SAP system to the Soterion cloud, they started to see tangible benefits in their risk management. Their risk exposure was even higher than anticipated, so they immediately started to mitigate the risks that Soterion highlighted.

They used the following Soterion modules:

• Basis Review: to inspect their SAP Basis configuration against a set of rules based on industry best practices to establish full compliance.
• Periodic Review Manager: which allows enterprise users to periodically review the access risk of their SAP users in their SAP systems easily and efficiently, to improve the visibility of their GRC environment.
• Self-Service: for password reset services, which will save the team a lot of manual time in resetting and locking users’ passwords.

Achieving GRC compliance

GRC compliance is a long-term project, but even so, the Nikon team is already seeing benefits from using Soterion.

The IT team saves a lot of manual work time by having a tool with which to automate workflows for new users, reset passwords, clean up superfluous roles or transactions, activate risk templates, and adjust risk settings quickly and easily.

Soterion has given them the ability to understand their company’s risk exposures, and thus the power to act on them.

About Nikon

Nikon is a world-leading provider of imaging products and services. Their innovative optics technology – from consumer to professional cameras, lenses to system accessories – is powered by over 100 years of experience. The brand is globally recognised for setting new standards in design and performance.

Nikon is committed to leading imaging culture and enables some of the world’s best visual artists to reach their creative potential through visual storytelling.