S 3.52 Training on SAP systems
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Supervisor, User, Administrator
The administration, operation, and use of an SAP system are all complex processes. For this reason, anyone who works with an SAP system absolutely must receive the proper training. This applies especially to the administrators.
Training
Training programmes on all subjects and products related to SAP are offered by SAP itself and by third parties. The scope of the programmes ranges from training suitable for people who use the SAP systems during their normal office work - i.e. which cover detailed application-specific training - to programmes suitable for training administrators and that also include detailed technical training. For large companies or government agencies with a large number of employees, it makes sense to develop in-house training programmes and offer these to the employees.
The contents of training programmes must be adapted to reflect how the persons to be trained actually use the system. Part of the training programme must handle security-related subjects so that the trainees are aware of potential security issues when handling SAP systems.
It is recommended to hold awareness-raising programmes at regular intervals to refresh awareness of security issues and to point out modified or new situations, mechanisms, or procedures. In general, it is important to shift awareness of security issues from a purely informal attitude to a proactive attitude over the course of time.
Online information
SAP provides extensive online information on the products and solutions they offer. All information is available on the Internet (see S 2.346 Use of the SAP documentation).
Administrators should use these sources of information regularly to keep informed, especially in terms of Java-based technologies. When consulting such sources of information, subjects relating to security should be given special attention.
Review questions:
- Are all persons working with the SAP system sufficiently trained in secure use of SAP?
- Do SAP administrators regularly inform themselves about security-relevant topics in connection with handling of SAP systems?