7 March 2018

How To-Increase Security and Compliance Studio supports GDPR Compliance

How To-Increase Security and Compliance Studio supports GDPR Compliance

To-Increase Security and compliance studio helps you implement your GDPR Audit and privacy requirements in one place if you are using D365 for FOE. It also supports the key GDPR requirement of "Data protection by Design and default” by ensuring the security concepts are implemented in a fashion where the users get the minimum possible access that helps them complete their work optimally.

To-Increase Security and Compliance Studio has features to track any changes to user-defined PII (Personally Identifiable Information) information in D365 for FOE using data security. Key cornerstones of this solution are Security, Audit, Compliance and Transparency.

6 key GDPR Compliance takeaways from our Security and Compliance Studio

  1. Security Management - Easily setup role based security – simply record your process and match and/or create your security role. Supports the GDPR principle of "Data protection by design and default" by assigning the roles to user with the minimum required access.
  2. Audit Management - Significantly reduce time on internal IT audits since auditors are provided dynamic access to all the relevant data in simple-to-understand views. This data is automatically collected at Global-, Role- and User-level. It contains a current and historic list of security events and logs across all legal entities. In case of a data breach or fraud, these audit logs are of tremendous help to track the reason and subsequently also inform the Data subject.
  3. Compliance Management - Avoid data misuse and fraud by making sure that users can only access data and functions that are needed for their role. It also provides easier SoD creation forms, embedded insights to bring out any SoD violations including non-compliant role definitions and role assignments in the Charts. Organizations should ensure that they capture all GDPR specific SoD rules in D365 FOE and regularly monitor the in-compliance charts in SCS.
  4. Security Request Management - The “My security requests” feature allows your employees to review and learn processes, act upon them and submit feedback. GDPR related Security, Audit and compliance requirements can be captured in the Security request management system. Also, there is a list of user management features available to make it easier for a security or compliance officer to implement requests like; Copy security setup, Import users from Azure AD with multiple options, Manage access to organizations, Stand-Ins, assign stand-In, Assign users to roles, etc.
  5. Actionable BI charts - Enhance transparency with predefined embedded insights. Charts provide actionable BI in workspaces with drill-down features. All workspaces come with predefined charts and graphs. Noncompliance Charts in the Audit workspace should be part of the GDPR required Data Protection Officer Dashboard.
  6. Data Security - Data security feature in Security and Compliance Studio helps you define and monitor track any changes to user-defined PII (Personally Identifiable Information) or PHI (Protected Health Information) in D365 for FOE using data security. Table security recordings and Task recordings with PII data form fields help the organizations to run an audit report showing complete history.

Example incompliance identified during DPIA in Security and Compliance studio:
Security Audit
GDPR related SoD violations within security role definitions are depicted in actionable charts in Security and Compliance Studio.

Recap - To-Increase Security and Compliance studio helps configure your ERP security properly to address internal and external security risks before they result in unauthorized access and usage of ERP resources and data. Security and Compliance Studio is a trusted solution for companies newly implementing, using, or upgrading to D365 for FOE.

For more actionable ideas and insights into achieving GDPR compliance, download the eBook here

Eric Van Hofwegen
Eric Van Hofwegen,
Eric Van Hofwegen,
Solutions Consultant

Also interesting