SAP trust center

As company you are relying on SAP to provide support and services. But how do you know if SAP is doing a good job on this part?

If an internal auditor or external auditor asks you to show or explain the elements of SAP delivered support, where do you get the information?

SAP trust center

SAP has a good site to start with this information: the SAP trust center.

Here you can find:

  • Security policies
  • Security frameworks
  • List of sub-processors employed by SAP to provide services (sub-processor can be on infrastructure level like AWS, Azure, etc, but also manpower like Accenture, TCS, etc.)
  • Compliance documents like SOC1, SOC2, ISO 27001, ISO 9001, etc reports (or go directly to the compliance finder)

Not all reports are public. For some you must be customer of the product or service. Some parts require acknowledgement of non-disclosure agreement before you can get the report.

Security white paper

Another good document is the SAP security white paper.

SAIS_MONI: Generic audit report about system changes

SAIS_MONI is a central audit report about system changes. It collect changes from client opening, audit log, change log, transport log and more, in one central place.

Questions that will be answered in this blog are:

  • How to install the SAIS_MONI tool?
  • How to run the SAIS_MONI tool?

How to install the SAIS_MONI tool?

The SAIS_MONI tool is installed via OSS note 2423576 – SAIS | Generic audit report about system changes. Or it is standard as of the basis support package stated in this note.

Bug fix notes:

How to run the SAIS_MONI tool?

You start the tool with transaction SAIS_MONI:

Depending on your input the output will be shown as ALV output.

For a full description of each option, read OSS note 2915635 – SAIS | Generic audit report about system changes.

Logging for users is described in OSS note 139418 – Logging of user actions (ABAP server).

Bug fix OSS notes

Bug fix notes: