SAP Indirect Usage—How to avoid compliance risks and costs
Indirect usage of SAP software has been a hot topic, after a UK court ruled in favor of SAP UK against Diageo Great Britain Ltd. The ruling required Diageo to pay additional license and support fees in the millions of dollars for indirect usage because they integrated their SAP systems with software from Salesforce, using SAP PI integrator software.
This news has forced many organizations to start paying closer attention to their compliance position. They want to ensure they’re not exposed to the same risk. In many cases, they know they likely are. In a survey conducted amongst SAP customers and members of the German-speaking SAP user group in 2016, it found that most SAP customers estimate that they are “possibly” to “very probably” exposed to financial risk in relation to SAP indirect use claims. There is no question this needs to be made a priority now.
To help you avoid non-compliant indirect usage of SAP software, here are the 4 ways to identify if you’re at risk.
Interfaces connect to the system Identify how many interfaces your organizations has. A SAP survey revealed that most respondents had more than 5 interfaces to non-SAP applications, while some organizations had more than 50.
Data flow Once the number of interfaces have been identified, they need to be categorized and that includes the data flowing across them. Since data can either flow one-way or bi-directional, raw customer data can be treated differently by vendors than the data produced by the system.
Users and roles Identify all users within your organization and their roles. Some user’s license type depends on the roles performed, but it should be determined not by the actions authorized to perform, but rather by those (actually) performing based on real usage data. This is more likely to result in an optimal license position.
Overlaps Identify the overlaps between users with direct and indirect access. There are cases when an indirect user also accesses the system directly for other purposes. If this occurs, a single license, SAP Named User for example, can cover the user’s activities through many/all interfaces.
Taking a proactive approach to understanding indirect usage exposure will help you engage with SAP on your terms—optimizing your outcome and helping you make smarter decisions about your SAP licensing.
This article was written in collaboration with licensing experts at The Software Consulting Group (SCG) and b.lay.
To discover how SCG can help your business be prepared for a SAP audit, contact Richard Liotta at 1-416-795-3667 or email him at: firstname.lastname@example.org.