Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Vendors access to production data

Do you have any guidelines for allowing suppliers/vendors access to production data? What type of security should be in place? Do you know anyone who has done this and been successful?
We are playing with this idea as well. Obviously, access for suppliers/vendors should be limited to precisely the data and functionality they need to know. This is an area that we will continue to see recommendations in the next few years due to many companies' emphasis on Supply Chain projects.

The biggest hurdles I have uncovered are managing the user accounts from a distance: how do we track users, turnover, and password management? I have noted that many companies are turning to off-the-shelf provisioning products that manage many of these 'opportunities' and allow for distributed administation by a vendor delegate. My personal opinion is that vendor access should be limited to functionality and data specific to that vendor's business relationship. Furthermore, user accounts should be "silo'd" in an associated user group and reviewed on a periodic basis (hopefully automatically) for usage and access. Obviously, I suspect that any organization allowing vendors access will have supporting legal and contractual language that governs both use and the expectation of confidentiality.

Dig Deeper on SAP security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.