Sure Transports What is Sure Transports The SarbanesOxley

Sure Transports What is Sure Transports? The Sarbanes–Oxley Act (SOX) was instituted as a reaction to a number of major Corporate and Accounting scandals, most notably the collapse of Enron in 2001. Non compliance penalties range from the loss of exchange listing to Multimillion Dollar fines and imprisonment The problem with SOX is that even if a company’s Accounting Practices are perfect and they pass a SOX audit, if the data could have been corrupted/manipulated at the source (ie your SAP system), then no matter how good your Accounting Practices may be, the Financial Reporting can still be flawed Sure Transports is an add-on for SAP that introduces a Change Control System that integrates with the existing Transport System that already exists in SAP and provides Companies with tighter Controls and greater Transparency of their Development Lifecycles and Transport Processes NOTE: The Prototyping for this add-on has been completed, ie we have designed the basic screens, DB tables and found the required BAPIs to automate the Transport and Approval Processes. However we have not gone beyond this stage. The reason for this is that ideally we would like to find a “partner” with more Change Control or Compliance experience to be actively involved in the Implementation Phase

Sure Transports How does it work? New Requirement Auto Import of Transports Create Change Request / Release Auto Release of Transports Approval Workflow Development QA / Peer Review

Sure Transports What are the Benefits of using Sure Transports? Sure Transports will guarantee the following: • Every Development will have the required Approvals in place before Development starts • Every Development will have the required Documentation (ie Functional/Technical Specs/Program Documentation) before Developments are released from the Development System • Every Development will be Tested thoroughly with Test Scripts before Transports are imported into Production • Every Development will have a “Quality Assurance” or “Peer” Review to ensure the quality of the work is to a high standard before Transports are imported into Production • Transport Automation: Sure Transports will keep track of which Transports are required for each Development, as well as what Order they need to be imported in, and it will export and import them at the correct times • Automated Audit Report: Sure Transports will be able to generate a detailed Change Control Report of every single change on your system, complete with links to all the supporting Documentation

Sure Transports Existing SAP Audits do exist, but they are not ideal for a few reasons: • “Setup Time”: Time needs to be spent to give the Auditors the access they require, ie setting up User Accounts so that they can access your network, SAP system, etc • “Handholding”: Typically the Auditors themselves are not familiar with your infrastructure or SAP itself. Therefore you need to make resources available to assist them in getting the information they need • “Incomplete Audits”: It is not possible for an Auditor to check each and every change that has been made on your system. Typically they will select a handful of changes, and only check that all the approvals and documentation are in place for those changes, which means audits are incomplete

Sure Transports Change Request Before a developer can start working on a new requirement, a Change Request has to be created. A Change Request can be used to represent a new Requirement or even a Project The only documentation that is required is a high level Change Request Document. Based on a combination of the Request Type and Request Team, a lookup is done on a Config Table to find the appropriate “Approver” for this type of Request This Change Request will then be submitted to the appropriate “Approver”. Once the Change Request has been approved a Transport will be Created Automatically A Task will also be created automatically for that Transport and assigned to the Developer

Sure Transports Approvals The Approval Transaction simply lists all the Change Requests that are awaiting approval. From here the “Approver” can navigate to the Change Request to view the Documentation or they can approve the Change Request

Sure Transports Release It is possible to create multiple Releases for each Change Request. Effectively a Release can be a “Component” or “Version” of the original Change Request A Release contains the link to the Transports for that Change Request A release requires more detailed documentation than the Change request, specifically: • A Technical Spec • A Functional Spec • A Test Script

Sure Transports Why implement a Change Control System in SAP? The reason why it makes sense to implement a Change Control System in SAP are: • Transports: Typically a SAP Landscape will consist of a DEV System, a QA System and a Production System. Transports are used to move changes between the different systems, therefore if you control transports you control the Development lifecycle • SAP Business Workflow: Provides a number of tools for defining and analyzing workflows as well as for monitoring operations. Workflows are ideal for performing Approvals or QA/Peer Reviews • RFC: Remote Function Call is the proprietary SAP AG interface for communication between a SAP System and other SAP or third-party compatible system over TCP/IP or CPI-C connections. By using RFCs it means that it is possible to integrate Sure Transports with your existing Change Control System, ie your change Control System could still be used and it will automatically create Requests/Releases in Sure Transports

Sure Transports are used to transfer data from one SAP installation to another. Think of a Transport as a “bucket” that contains all the development objects. The most important thing about Transports is that every single development object has to be stored within them, and they are stored using the following key: • Program ID • Object Type • Object Name

Sure Transports QA / Peer Review When Development is complete a QA or Peer Review is required. Sure Transports will explode the Transport into all of it’s components as shown in this Example Based on the combination of the Program ID, Object Type and Object Name a lookup is done against a Config Table to see if there is a corresponding QA Function Module In this Example two objects require a QA, one of which has already been done

Sure Transports QA / Peer Review Function Example : Program Function This is an example of a Program QA Function that is called for Programs. It simply has a list of checks that need to be performed by the Reviewer. Once all checks have been performed and confirmed by the Reviewer, the Change Request Status will change, and the Transport will automatically be released

Sure Transports Transport Documentation Once the QA / Peer Review has been completed, the Transport will be released automatically At the same time, the Transport Documentation Tab will be updated with Sure Transport Specific Information

Sure Transports Audit Report The biggest advantage of using Sure Transports is the Audit Report that can be run, which contains important information such as: • The Change Request Number • Who requested the Change and when • Who approved the Change and when • Who the Developer was and how long the Development took • Who performed the QA / Peer review • Hyperlinks to important documentation such as the Business Requirements, Tech Spec, Functional Spec and Test Scripts • List of Objects linked to the Change Request In theory this report contains everything an auditor could possibly need

Sure Transports Installation One of our other products, Sure Landscapes, will be used to for the installation process. Sure Landscapes will automatically create the following objects on your system in a matter of seconds: • Development Class: A New Development will be created for Sure Transports and it will contain all objects required by Sure Transports • Transport: A new Transport will be created which will contain all components of Sure Transports • Domains, Domain Values • Data Elements • Structures • Database Tables • Programs, Program Texts, Program Screens

Sure Transports Cost and Support Contract Service Contract Initial Cost: TBC Monthly Cost: TBC 8 hours of Support per month 40 hours of Support per month Free Support during a SAP upgrade Free Sure Transports Updates SAP Sure will manage the QA / Peer Review Process