Case Study / International Medical Device Company

Smith+Nephew

International Medical Device Company Chooses Fastpath for SOD Management

The Challenge

In 1856, Thomas James Smith opened a small pharmacy in England, partnering with his nephew in 1896—and Smith+Nephew was born. Over the years, Smith+Nephew rose to the top as a leading medical technology company, providing advanced medical devices and wound care products. Today, the company has more than 15,000 employees worldwide and is one of the top 100 companies traded on the London Stock Exchange (FTSE-100). In 2019, it became evident that their aging GRC tool for SAP needed to be upgraded or replaced. “Every year, we work with our external and internal auditors, and the landscape is always

changing,” said Michal Orfin, SAP Security Solution Architect for Smith+Nephew. “So, when they indicated the SAP tool we were using was outdated and didn’t have the capabilities required to get them the information they needed for their auditing efforts, we decided to look for a replacement.” In addition, the SAP tool required manual work. Managing user access within systems was an arduous manual process, forcing the team to use Excel spreadsheets to check which roles had access, determining whether conflicts existed among them, creating SOD reports, and deciding how these conflicts should be mitigated.

“Fastpath’s report scheduler is a very good tool..and it’s very intuitive to use”

Michal Orfin, SAP Security Solution Architect for Smith+Nephew

The solution

In 2019, Smith+Nephew made the decision to go with Fastpath, choosing Fastpath’s Separation of Duties module along with Access Reviews, Access Certifications, Audit Trail, Identity Manager, and SAP Code Checker. Fastpath set up a dedicated implementation team of security and audit professionals to assist in the implementation.

Smith+Nephew has focused much of their attention on using Fastpath’s Separation of Duties (SOD) reporting and emergency access management for multiple connected systems. The dedicated aspect of Fastpath delivers these capabilities and positive results for SAP and provides a path for additional applications as well.

The results

With the implementation of Fastpath tools, those manual processes were essentially eliminated. “Fastpath’s report scheduler is a very good tool,” said Michal. “It lets you automate workflows for anything you need from the data. That is a great capability, and it’s very intuitive to use. You can create filters and use them on multiple reports if needed.”

Michal estimates that Fastpath has reduced the time required for managing user access by 50 hours per month. Smith+Nephew now has a foundation for this approach across not only SAP but additional applications as well.