SAP SuccessFactors offers a variety of Audit Tools which, enables organizations to determine who has accessed or changed sensitive data such as personal data.
In this blog, Audit Tools and their advantages are introduced. You will learn how these tools can be used in terms of sensitive data protection.
The most useful tools are as follows:
- Change Audit
- Check Tool
- Ad Hoc Reporting
- Last Change time stamps
Change auditing capabilities enable you to track changes that have been made to different kinds of data in your system. You can audit changes to personal data, system configuration, or other business data. Generated audit reports are available for download for a period of 48 hours and then purged from storage. Change audit reports tell you which data records were changed during a given period, what the change was, who changed them, and when. Changes are captured in logs whether they’re made in the user interface, via API, or with an import file. Reports are available for many types of data, including personal data, configuration data, and other types of data in the HXM Suite. Use the self-service audit reporting tool to create the most common reports directly from the Admin Center.
Changes to Personal Data
You can create change audit reports to track changes to personal data across the SAP SuccessFactors HXM Suite, including:
- Changes made about a specific user’s personal data (changes made by anyone to John’s personal data)
- Changes made by a specific user to other people’s personal data (changes made by John to anyone else’s personal data)
Changes to Other Data
You can create change audit reports on wide range of data types from across the SAP SuccessFactors HXM Suite, including:
- Role-based permissions
- Proxy assignments
- Basic and extended user information
- Feature settings
– Go to Admin Center > Change Audit Reports and select the appropriate tab based on your audit requirements
– Select Create Personal Data Report to create an audit report on changes to personal data across the HXM Suite, for data protection and privacy.
– Select Create Configuration Data Report to create an audit report on changes to configuration of your system.
– Select Create Business Data Report to create an audit report on other types of changes.
– By turning on Recurrence switch for each report you can set up a recurring schedule for the report.
– Download Report:
You have access to the result of reports in Admin Center > Change Audit Reports > Access Reports
– Change audit logging is enabled for the following solutions: Compensation (except Rewards and Recognition), Performance and Goals (except Continuous Performance Management), Succession and Development (except Mentoring), Employee Profile, User Management, Proxy Management, and Role-Based Permissions.
– To optimize system performance, limit your search to only the required data. The more modules you choose, the longer the report takes to compile.
– Audit reports cover a maximum time range of seven days. If you want to audit a longer period of time, create multiple reports. For example, if you want to audit data for a full month, run four separate reports of seven days each.
– As a best practice, set up report generation to recur at least 3 days after the end of the time range you want to audit. Some types of audit data can take up to 72 hours to be made ready for reporting.
– Audit reports are automatically purged after 48 hours. Be sure to check the report you are interested in within 48 hours of generation and archive it if necessary. Otherwise, you may have to run it again.
– Alternatively, if you don’t want to wait for the email, you can always check job status and download completed reports by going to Change Audit Reports > Access Reports.
Change Audit Use Cases
Here are some business scenarios that might require a change audit.
You may be required to produce change audit reports on certain types of data in order to comply with legal or regulatory requirements. For example, you might need to audit changes to personal data due to data protection and privacy requirements. Or you may need audit reports to demonstrate internal business controls on other types of changes, such as to financial data. For data protection and privacy, we provide self-service change audit reports on personal data across the HXM Suite. For other types of compliance, we provide change audit reports on a wide variety of data, for different audit use cases.
The security of data in your system is governed by extensive role-based permissions. To ensure that permissions are managed properly in your system, you can audit changes to role-based permission and proxy settings. We provide change audit reports for permission roles, permission groups, user role assignments, and proxy management settings.
Change audit reports can help you detect unexpected changes to your system and identify the source of the changes. You can use information in the report to determine whether the change was appropriate and if preventative action is required. We provide a change audit report on Provisioning settings, which enables you to track changes made to your system configuration by people outside your company, such as SAP Cloud Product Support or implementation partners.
You can use change audit reports to recover data or configuration settings that were changed accidentally. You can use the reports to determine what data was changed when and see both the old and new value. You can use this information to restore the old value if necessary. We provide change audit reports that can be used for this purpose, on a wide variety of data across the HXM Suite.
Sometimes, you might find the system doesn’t work as expected. There can be different reasons for this, such as:
- Some data is inconsistent.
- The system is not configured correctly.
With the check tool, you can identify what’s wrong, rather than simply creating a support case
The SAP SuccessFactors check tool helps you identify and resolve issues when your system doesn’t work as you expect. The check tool quickly identifies these types of problems so that you can avoid support tickets. You might still need to create a support ticket if the problem is severe, but even in severe cases, the check tool can save you time because it can export the results of the check and your configuration for support. When you run the check tool, you see:
- A list of issues in your configuration or data and the severity of each issue.
- A solution or recommendation to address the issue.
– Go to Admin Center.
– In the tools search field, type Check Tool.
– In Application, select the application you want to check.
Tip: All Applications runs checks in all your applications.
For example, to run checks for Time Off, select Time Off. You see the checks for the application you selected. The description for each check describes the situation you hope to find in running the check. For example, in running the check Accrual lookup by seniority is consistent, you hope to find that the lookup is indeed consistent.
– Click the check the box at top left in the table to run all checks.
– If you want to run only some checks, select them individually.
Tip: To understand what a check does, right click the Check ID. The system then displays some information on the check.
– Click Run Checks to check your applications for the checks you selected.
– Evaluate the results and resolve the issues. If you encounter an error you cannot resolve, contact Support by creating a ticket.
- For some checks there is Quick Fix feature that you can use to immediately correct any issues that check find.
- A configuration Export feature is available for some application. You can use to immediately correct any issues the check find.
AD HOC REPORTING
Ad Hoc Reporting provides a flexible, intuitive platform for users to easily create custom reports and share them across the organization. Ad Hoc Reporting belongs to the basic features that SuccessFactors pre delivers and it doesn’t matter which module you subscribe to.
Ad Hoc Reporting is most commonly used for Operational and Transactional Data to generate Online, BIRT Template or to Export Data into another system/tool. E g Excel, CSV, PDF, PPT.
Ad Hoc Reports are available in Reporting as a table report which you can select the domain and data which you would like to have the report on.
Ad Hoc Reporting allow to report on most of the data for all Modules excluding Learning Management System (LMS) & Metadata Framework (MDF).
Anyone with proper permission can generate Ad Hoc Reports
you can select the criteria and filter the data you are reporting
Go to Admin Center > Reporting > Table Reporting > Select the Data Structure ( can be single , cross or multiple domain).
Then you can continue with selecting data, Configurations, columns and filters.
You can download the results as csv, xml or PDF
LAST CHANGE TIME STAMPS
In SAP SuccessFactors, any changes to employee data ( personal and employment ) is recorded and you can see the date and time when a field has been changed. You can also see who made the changes.
This is a feature also available for any foundation object.
For example, When you check the history of job information, you have the information as when and which fields were changed by who.
All the above Audit Tools are available any time and in any data privacy scenarios in which you wish to run them. Base on your organization audit policy you can decide the frequency of running audit tools, however it is recommended to run them on a recurring basis as data privacy and protection is one of the most first priorities.
Change Audit gives you more feature to report on any changes in personal, configuration or business data which you also can schedule them to run on a recurring basis. On the other hand, you need to consider system performance when you schedule recurring reports. Change Audit can run after implementation.
Check Tool is more about configuration which can help experts to find out any inconsistency during implementation or post go live.
Ad Hoc Reports can be created and run any time based on organization requirement. Ad Hoc can save for later use or can be shared with other users.
Last Change Time Stamps are available on any eligible fields and object which you have access any time.
Previously, there was Read Audit available as one of the audit tool which, SAP has removed for now and will be available after enhancements.
SAP has not announced a date for the release of Read Audit, however we will update you as soon as they provide the road map.