Remote Access for Third Party Systems (Addendum A to LAN TPA Process)

1.5

Requirements for Remote Third Party Access:

  1. All Standard LAN TPA Requirements as defined in the existing TPA Process documentation on the SAP Corporate Portal
  2. Valid Business Requirement approved by an SAP executive
  3. SAV or McAfee AV running on the PC with automatic Virus Definition update Process
  4. SMS client locally managed and running on the PC with a regular MS update process

***Remote Access Application Requirements are subject to change as remote access security warrants…

Application Process for Remote Third Party Access:

Applicants seeking to remotely connect their systems to SAP must follow the standard TPA process as defined in the SAP Corporate portal In addition to the following process for Remote Connectivity. Those Third Parties seeking Remote Access for their systems should have an executive sponsor from an SAP Line of Business sign off on the access requirement. (e-mail or CSS Ticket confirmation required) Once this signoff has been granted, a TPA granting audit will be conducted by an SAP IT representative. This can either be performed in an SAP Office or remotely via WEBEX desktop sharing. The Standard TPA checklist will be used as the audit criteria. If all Criteria has been met, a TPA executable will be Installed on the PC. If the audit was conducted remotely, Temporary Access to Firepass will be granted to the user (by temporarily placing their user account in the Firepass exceptions group) so that IT may install this application onto the approved PC. (the PC must be on the SAP Network for the application to run). Once the application has been installed by SAP IT onto the approved machine, the user will be removed from the exceptions group in Firepass.

TPA Granting Appplication:

Once the TPA executable has been installed on these Third Party PC’s, they will be subject to the application checks performed by Firepass upon each connection. PC’s failing to meet the application checks will be placed in a quarantine network with no access to SAP Resources. The remediation link provided by Firepass will not execute against non-sap PC’s. It is the responsibility of the Third Party to keep all PC’s compliant with the Application requirement above.

The TPA granting application is valid for a 6 month interval. A new TPA granting application will be required on January 1 and July 1of each new calendar year. It is the responsibility of the Third Party to re-submit SAP LoB signoff to SAP IT to obtain the new application prior to the start of the next calendar year.