{"id":6323,"date":"2025-08-07T10:10:51","date_gmt":"2025-08-07T08:10:51","guid":{"rendered":"http:\/\/inprosec.com\/mitigating-controls-in-sap-grc\/"},"modified":"2025-08-07T13:21:22","modified_gmt":"2025-08-07T11:21:22","slug":"mitigating-controls-in-sap-grc","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/","title":{"rendered":"Mitigation Controls in SAP\u00ae GRC"},"content":{"rendered":"<p>In this article, we will explore how <strong>Mitigation Controls<\/strong> in <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/process-control\/\"><strong>SAP\u00ae GRC<\/strong><\/a> help manage risks across the GRC ecosystem. This article focuses on the <strong>Access Control <\/strong>and <strong>Process Control<\/strong> modules, comparing their key functions and how they impact security and compliance within organizations.<\/p>\n\n<h2><b>SAP\u00ae <\/b><b>GRC<\/b><\/h2>\n<p><a href=\"https:\/\/www.inprosec.com\/en\/sap-grc-modules-benefits\/\"><strong>SAP\u00ae GRC<\/strong><\/a> is a solution provided by <a href=\"https:\/\/www.sap.com\/uk\/index.html\">SAP\u00ae<\/a> that helps organizations <strong>reduce risks<\/strong>, <strong>provide decision-making information<\/strong>, and <strong>increase efficiency<\/strong> through automation:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8326\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc.png\" alt=\"\" width=\"349\" height=\"324\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc.png 515w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-300x278.png 300w\" sizes=\"(max-width: 349px) 100vw, 349px\" \/><\/p>\n<p>The SAP\u00ae GRC area includes different modules, and here we will focus on the most important ones:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8328\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-2.png\" alt=\"\" width=\"350\" height=\"342\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-2.png 552w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-2-300x293.png 300w\" sizes=\"(max-width: 350px) 100vw, 350px\" \/><\/p>\n<p>When it comes to mitigation controls, they can be maintained within two different modules: <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/access-control\/\"><strong>Access Control<\/strong><\/a> and <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/process-control\/\"><strong>Process Control<\/strong><\/a>. However, the maintenance of Mitigation Controls is different in each of them.<\/p>\n<h3><b>SAP<\/b><span style=\"font-weight: 400;\">\u00ae <\/span><b>GRC Access Control<\/b><\/h3>\n<p>This module focuses on the technical area of User and Role Management. In summary, the tools provided by the Access Control module are:<\/p>\n<ul>\n<li><strong>Access Risk Analysis (ARA)<\/strong>, which helps define and control access risks within a system.<\/li>\n<\/ul>\n<ul>\n<li><strong>Access Request Management (ARM)<\/strong>, which helps define and execute the user provisioning process in a system.<\/li>\n<\/ul>\n<ul>\n<li><strong>Emergency Access Management (EAM)<\/strong>, which helps define and execute the Emergency Access Provisioning process in an SAP\u00ae system.<\/li>\n<\/ul>\n<ul>\n<li><strong>Business Role Management (BRM)<\/strong>, which helps define and execute the role management process in an SAP\u00ae system.<\/li>\n<\/ul>\n<p>The first module, <strong>Access Risk Analysis (ARA)<\/strong>, is the one that <strong>manages the definition and use of Mitigation Controls<\/strong>. Below, you will find a screenshot showing the different fields required for the creation of a Mitigation Control:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8330\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-3.png\" alt=\"\" width=\"720\" height=\"350\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-3.png 1031w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-3-300x146.png 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-3-1024x498.png 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-3-600x292.png 600w\" sizes=\"(max-width: 720px) 100vw, 720px\" \/><\/p>\n<ul>\n<li><strong>Mitigating Control ID:<\/strong> the ID that will identify the Mitigation Control being created.<\/li>\n<li><strong>Name:<\/strong> a brief description included within the mitigation control.<\/li>\n<li><strong>Description<\/strong>: a long description that provides all the information about the Mitigation Control.<\/li>\n<li><strong>Organization:<\/strong> the scope in which the mitigating control is applicable.<\/li>\n<li><strong>Process:<\/strong> the business process to which the mitigation control belongs.<\/li>\n<li><strong>Subprocess:<\/strong> the subprocess to which the Mitigation Control belongs.<\/li>\n<\/ul>\n<p>Apart from the first tab (&#8220;General&#8221;), the Mitigation Control has 4 more tabs:<\/p>\n<ul>\n<li><strong>Access Risk:<\/strong> This is where the Access Risks to which this Mitigation Control applies are set.<\/li>\n<li><strong>Owners:<\/strong> Here, an Owner must be included for the Mitigation Control, who will be responsible for its periodic review.<\/li>\n<li><strong>Reports:<\/strong> Documentation tab.<\/li>\n<li><strong>Attachments and Links:<\/strong> Here, documents with more information about the mitigation control can be uploaded (or referenced to a specific site).<\/li>\n<\/ul>\n<p>Once we understand what information is included as part of the Mitigation Control definition, it is important to know what can be done with this within the <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/access-control\/\">SAP\u00ae GRC Access Control<\/a> module.<\/p>\n<p>Mitigation controls are mainly used within the ARA, ARM, and BRM modules. Let\u2019s see what can be done in each of them.<\/p>\n<h4><b>Access Risk Analysis (ARA)<\/b><\/h4>\n<p>Mitigation Controls can be assigned to a specific user or role, and this will mitigate the risk. It is important to understand that each Mitigating Control will only be applicable when the Risks selected within the Master Data appear. A risk cannot be mitigated if no Mitigation Control is linked to it. Once we mitigate the User\/Role, they will be excluded from the Risk Analysis (only for the Risks to which you assigned a Mitigating Control; if no Risk is mitigated, the User\/Role will continue to appear for that Risk).<\/p>\n<h4><b>Access Request Management (ARM)<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h4>\n<p>When executing the User Provisioning process, a Mitigation Control can be assigned to a User before the actual assignment within the system. This will help identify the Risks that were reviewed and approved.<\/p>\n<p>On the other hand, there is a specific periodic review of Mitigation Controls within the ARM tool. This will help periodically review the Master Data of the Mitigation Controls to ensure everything is up-to-date.<\/p>\n<h4><b>Business Role Management (BRM)\u00a0<\/b><\/h4>\n<p>Similar to the previous case in the ARM module, when executing the Role Provisioning process, a mitigation control can be assigned to a Role that is going to be promoted to the Production system. It is important to note that when mitigating a Role, this will extend to all Users who currently have the Role assigned within the SAP\u00ae system.<\/p>\n<h3><b>SAP<strong>\u00ae<\/strong><\/b> <b>GRC Process Control<\/b><\/h3>\n<p>The <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/process-control\/\"><strong>SAP\u00ae GRC Process Control<\/strong><\/a> module differs from <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/access-control\/\">the SAP\u00ae GRC Access Control<\/a> module because it not only stores documentation but also performs monitoring operations within the SAP\u00ae system.<\/p>\n<p>The Master Data for Mitigation Controls is much more detailed than the example we reviewed in the SAP\u00ae GRC Access Control Module:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8332\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-4.png\" alt=\"\" width=\"724\" height=\"350\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-4.png 1600w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-4-300x145.png 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-4-1024x495.png 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-4-600x290.png 600w\" sizes=\"(max-width: 724px) 100vw, 724px\" \/><\/p>\n<p>The main differences are:<\/p>\n<ul>\n<li><strong>Control Automation:<\/strong> defines whether the Control is automatic, semi-automatic, or manual.<\/li>\n<li><strong>Level of Evidence:<\/strong> defines whether the Control needs to be tested.<\/li>\n<li><strong>Purpose:<\/strong> indicates whether the Control is Preventive or Detective.<\/li>\n<\/ul>\n<p>Additionally, the following tabs are key to defining the master data:<\/p>\n<ul>\n<li><strong>Regulation:<\/strong> set the Regulation in which the Mitigation Control applies.<\/li>\n<li><strong>Risk:<\/strong> set the Risk that may arise if the Control does not function as expected.<\/li>\n<li><strong>Performance Plan:<\/strong> set the test steps and the responsible persons for each of them when performing the Control test.<\/li>\n<li><strong>Attachment and Links:<\/strong> upload all information related to the mitigation control that will be sent to the responsible party when testing the control.<\/li>\n<\/ul>\n<p>There are two types of operations that <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/process-control\/\"><strong>SAP\u00ae GRC Process Control<\/strong><\/a> can perform:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8334\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-5.png\" alt=\"\" width=\"350\" height=\"291\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-5.png 543w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-5-300x250.png 300w\" sizes=\"(max-width: 350px) 100vw, 350px\" \/><\/p>\n<p>As mentioned earlier, the Process Control system can perform operations to verify if the Controls are functioning as expected within the system.<\/p>\n<p>The following image detects all the GL accounts created within an SAP\u00ae system and identifies the person who created them. Additionally, as we discussed earlier, the advantage of Process Control is the ability to perform follow-up activities to ensure everything aligns with the Organization\u2019s Policies.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8336\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-6.png\" alt=\"\" width=\"760\" height=\"350\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-6.png 1197w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-6-300x138.png 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-6-1024x471.png 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/controles-mitigacion-en-sap-grc-6-600x276.png 600w\" sizes=\"(max-width: 760px) 100vw, 760px\" \/><\/p>\n<h3><strong>SAP\u00ae Access Control and Process Control: Key Tools for Risk Mitigation in Your Organization<\/strong><\/h3>\n<p>The <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/access-control\/\">SAP\u00ae GRC Access Control<\/a> module helps organizations document Mitigation Controls and use them specifically for Access Risks.<\/p>\n<p>On the other hand, the <a href=\"https:\/\/www.inprosec.com\/en\/services\/sap-grc\/process-control\/\">SAP\u00ae GRC Process Control<\/a> module offers more advanced capabilities, excelling in automating Mitigation Controls and identifying deficiencies that do not comply with the Mitigation Control description. Both solutions are essential to ensure security and compliance within an organization.<\/p>\n<p>At <a href=\"https:\/\/www.inprosec.com\/en\/\"><strong>Inprosec<\/strong><\/a>, we have <strong>SAP\u00ae GRC experts<\/strong> who can help you implement and optimize these modules in your company. If you have any questions or would like more information, please <strong>do not hesitate to contact us<\/strong> by clicking <a href=\"https:\/\/www.inprosec.com\/en\/contact\/\">here<\/a> or continue exploring our <a href=\"https:\/\/www.inprosec.com\/en\/blog\/\">blog<\/a> to discover how we can help you strengthen your organization\u2019s security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article, we will explore how Mitigation Controls in SAP\u00ae GRC help manage risks across the GRC ecosystem. This article focuses on the Access Control and Process Control modules, comparing their key functions and how they impact security and compliance within organizations. SAP\u00ae GRC SAP\u00ae GRC is a solution provided by SAP\u00ae that helps&#8230;<\/p>\n","protected":false},"author":6,"featured_media":13576,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[60,52],"tags":[149,154,151],"class_list":["post-6323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-grc-en","category-technical-article","tag-access-control-en","tag-process-control-en","tag-sap-grc-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Mitigation Controls in SAP\u00ae GRC - Inprosec<\/title>\n<meta name=\"description\" content=\"The article provides an overview of Mitigating Controls in SAP GRC, their creation and usage in the whole GRC ecosystem. There is a special focus on both Access Control and Process Control modules, comparing the operative differences and impact in each of them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mitigation Controls in SAP\u00ae GRC\" \/>\n<meta property=\"og:description\" content=\"The article provides an overview of Mitigating Controls in SAP GRC, their creation and usage in the whole GRC ecosystem. There is a special focus on both Access Control and Process Control modules, comparing the operative differences and impact in each of them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-07T08:10:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-07T11:21:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/08\/Mitigating-Controls-in-SAP\u00ae-GRC.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"Mitigation Controls in SAP\u00ae GRC\",\"datePublished\":\"2025-08-07T08:10:51+00:00\",\"dateModified\":\"2025-08-07T11:21:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/\"},\"wordCount\":1050,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Mitigating-Controls-in-SAP\u00ae-GRC.png\",\"keywords\":[\"Access Control\",\"Process Control\",\"SAP GRC\"],\"articleSection\":[\"SAP GRC\",\"Technical Article\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/\",\"name\":\"Mitigation Controls in SAP\u00ae GRC - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Mitigating-Controls-in-SAP\u00ae-GRC.png\",\"datePublished\":\"2025-08-07T08:10:51+00:00\",\"dateModified\":\"2025-08-07T11:21:22+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"The article provides an overview of Mitigating Controls in SAP GRC, their creation and usage in the whole GRC ecosystem. There is a special focus on both Access Control and Process Control modules, comparing the operative differences and impact in each of them.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Mitigating-Controls-in-SAP\u00ae-GRC.png\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Mitigating-Controls-in-SAP\u00ae-GRC.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/mitigating-controls-in-sap-grc\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mitigation Controls in SAP\u00ae GRC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Mitigation Controls in SAP\u00ae GRC - Inprosec","description":"The article provides an overview of Mitigating Controls in SAP GRC, their creation and usage in the whole GRC ecosystem. There is a special focus on both Access Control and Process Control modules, comparing the operative differences and impact in each of them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/","og_locale":"en_US","og_type":"article","og_title":"Mitigation Controls in SAP\u00ae GRC","og_description":"The article provides an overview of Mitigating Controls in SAP GRC, their creation and usage in the whole GRC ecosystem. There is a special focus on both Access Control and Process Control modules, comparing the operative differences and impact in each of them.","og_url":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/","og_site_name":"Inprosec","article_published_time":"2025-08-07T08:10:51+00:00","article_modified_time":"2025-08-07T11:21:22+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/08\/Mitigating-Controls-in-SAP\u00ae-GRC.png","type":"image\/png"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"Mitigation Controls in SAP\u00ae GRC","datePublished":"2025-08-07T08:10:51+00:00","dateModified":"2025-08-07T11:21:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/"},"wordCount":1050,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/08\/Mitigating-Controls-in-SAP\u00ae-GRC.png","keywords":["Access Control","Process Control","SAP GRC"],"articleSection":["SAP GRC","Technical Article"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/","url":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/","name":"Mitigation Controls in SAP\u00ae GRC - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/08\/Mitigating-Controls-in-SAP\u00ae-GRC.png","datePublished":"2025-08-07T08:10:51+00:00","dateModified":"2025-08-07T11:21:22+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"The article provides an overview of Mitigating Controls in SAP GRC, their creation and usage in the whole GRC ecosystem. There is a special focus on both Access Control and Process Control modules, comparing the operative differences and impact in each of them.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/08\/Mitigating-Controls-in-SAP\u00ae-GRC.png","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/08\/Mitigating-Controls-in-SAP\u00ae-GRC.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/mitigating-controls-in-sap-grc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"Mitigation Controls in SAP\u00ae GRC"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=6323"}],"version-history":[{"count":12,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6323\/revisions"}],"predecessor-version":[{"id":13579,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6323\/revisions\/13579"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/13576"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=6323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=6323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=6323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}