What is SoD risk level in SAP GRC-SAC - SAP GRC Access Control?

Key Concepts:
SoD risk level is a term used in SAP GRC Access Control (GRC-SAC) to refer to the risk associated with a particular Segregation of Duties (SoD) conflict. SoD conflicts occur when a user has access to two or more conflicting transactions, such as the ability to both create and approve a purchase order. The SoD risk level is determined by the severity of the conflict and the potential for financial loss or other damage that could result from it.

How to use it:
The SoD risk level is used to determine the appropriate action to take when a SoD conflict is identified. Depending on the risk level, an organization may choose to accept the conflict, mitigate it by assigning additional controls, or eliminate it by removing access rights from one of the conflicting transactions.

Tips & Tricks:
When assessing SoD risk levels, it is important to consider not only the potential financial impact of a conflict but also any other risks that may be associated with it. For example, a conflict between two transactions that could lead to data leakage or other security issues should be treated as a higher risk than one that only has financial implications.

Related Information:
For more information on SoD risk levels and how they are used in SAP GRC Access Control, please refer to SAP's documentation on the topic. Additionally, there are many third-party tools available that can help organizations identify and manage SoD conflicts.