Here is the official SAP post:
A couple of things that caught my eye:
- The journey began in 2021 under the guidance of SAP’s Chief Security Officer. According to their blog post, they managed to close the gaps by the end of 2023, which means it took them about two years to reach this milestone.
- The starting point remains unclear. Given SAP’s existing adherence to many compliance standards, it’s likely that they started at a relatively high level of maturity, but there are no specific details about their initial position.
- No specifics on the challenges. SAP hasn’t disclosed which areas had the most significant gaps or were the most challenging to address during this process. Perhaps they will reveal it in their planned webinar.
Custom self-assessment methodology. SAP hired EY to do the assessment and developed their own self-assessment methodology. They even went further. Here is a direct quote from the site: "This methodology was reviewed and validated by a global independent audit firm, and the results of the self-assessment were further reviewed and validated by a second, global independent auditor."
According to their brochure, if you are an SAP customer, you can get the assessment methodology from your SAP representative. I wish they just made it public. Also, I am sure you could also check with your local EY partner
[link] [comments]