Diagnostic SoD SAP \u2013 \u00c9valuez votre maturit\u00e9 | SWAWE<\/title><link href=\"https:\/\/fonts.googleapis.com\/css2?family=Days+One&family=DM+Sans:opsz,wght@9..40,300;9..40,400;9..40,500;9..40,600&display=swap\" rel=\"stylesheet\"><\/p>\n<style>*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}:root{ --navy:#004899;--navy-dk:#003370;--navy-lt:#EAF1FB; --orange:#ef7e26;--orange-lt:#FEF0E4; --sky:#31ade4;--sky-lt:#E3F4FC; --green:#00a878;--green-lt:#e0f7f1; --bg:#F2F6FB;--surface:#fff; --text:#1a2540;--muted:#5a6b8a;--border:#D9E4F0; --radius:14px;--shadow:0 2px 16px rgba(0,72,153,.10)}body{font-family:'DM Sans',sans-serif;background:var(--bg);color:var(--text);font-size:16px;min-height:100vh;padding:2rem 1rem 5rem}.wrap{max-width:780px;margin:0 auto}\/* \u2500\u2500 HEADER \u2500\u2500 *\/.hero{text-align:center;margin-bottom:2rem}.badge{display:inline-block;background:var(--navy);color:#fff;font-size:.68rem;font-weight:700;letter-spacing:.09em;text-transform:uppercase;padding:.3rem 1rem;border-radius:999px;margin-bottom:1rem}.hero h1{font-family:'Days One',sans-serif;font-size:clamp(1.6rem,4vw,2.2rem);color:var(--navy);line-height:1.2;margin-bottom:.75rem}.hero h1 em{font-style:normal;color:var(--orange)}.hero p{font-size:.97rem;color:var(--muted);max-width:560px;margin:0 auto 1.25rem;line-height:1.65}.audience-tags{display:flex;justify-content:center;gap:.5rem;flex-wrap:wrap;margin-bottom:.5rem}.aud-tag{font-size:.75rem;font-weight:500;padding:.25rem .85rem;border-radius:999px;border:1.5px solid}.aud-tag.p{background:var(--navy-lt);color:var(--navy);border-color:#b8d0ed}.aud-tag.m{background:var(--orange-lt);color:#b35a10;border-color:#f4c494}\/* \u2500\u2500 SCORE HEADER \u2500\u2500 *\/.score-header{background:var(--surface);border-radius:var(--radius);padding:1.1rem 1.5rem;box-shadow:var(--shadow);margin-bottom:2rem;display:flex;align-items:center;gap:1.25rem}.score-bar-bg{flex:1;height:12px;background:var(--border);border-radius:999px;overflow:hidden}.score-bar-fill{height:100%;width:0%;border-radius:999px;transition:width .5s ease;background:linear-gradient(90deg,var(--sky),var(--navy))}.score-info{min-width:120px;text-align:right}.score-pts{font-size:1rem;font-weight:700;color:var(--navy)}.score-pct{font-size:.75rem;color:var(--muted)}\/* \u2500\u2500 SECTION \u2500\u2500 *\/.section{margin-bottom:1.75rem}.section-header{display:flex;align-items:flex-start;gap:.85rem;margin-bottom:.75rem;padding:0 .2rem}.step-pill{min-width:34px;height:34px;border-radius:50%;background:var(--navy);color:#fff;font-size:.8rem;font-weight:700;display:flex;align-items:center;justify-content:center;flex-shrink:0;margin-top:2px}.section-title{font-size:1rem;font-weight:600;color:var(--navy);line-height:1.3}.section-subtitle{font-size:.78rem;color:var(--muted);margin-top:.15rem;line-height:1.4}\/* \u2500\u2500 QUESTION CARD \u2500\u2500 *\/.q-card{background:var(--surface);border-radius:var(--radius);box-shadow:var(--shadow);margin-bottom:.85rem;overflow:hidden;border:2px solid transparent;transition:border-color .2s}.q-card.answered{border-color:var(--sky)}.q-card.answered-no{border-color:var(--orange)}.q-body{padding:1rem 1.25rem}.q-top{display:flex;align-items:flex-start;gap:.5rem;margin-bottom:.85rem;flex-wrap:wrap}.q-num{font-size:.7rem;font-weight:700;color:var(--muted);flex-shrink:0;margin-top:3px}.q-text{font-size:.95rem;font-weight:600;color:var(--text);line-height:1.45;flex:1}\/* \u2500\u2500 R\u00c9PONSES \u2500\u2500 *\/.q-answers{display:grid;grid-template-columns:repeat(3,1fr);gap:.5rem}.ans-btn{border:2px solid var(--border);background:#fff;border-radius:10px;padding:.65rem .5rem;cursor:pointer;font-family:'DM Sans',sans-serif;font-size:.82rem;font-weight:600;color:var(--muted);text-align:center;transition:all .18s;line-height:1.3}.ans-btn:hover{border-color:var(--sky);color:var(--navy);background:var(--sky-lt)}.ans-btn.selected-oui{border-color:var(--green);background:var(--green-lt);color:var(--green)}.ans-btn.selected-partiel{border-color:var(--orange);background:var(--orange-lt);color:#b35a10}.ans-btn.selected-non{border-color:#e53e3e;background:#fff5f5;color:#c53030}.ans-icon{display:block;font-size:1.1rem;margin-bottom:.2rem}.ans-pts{display:block;font-size:.65rem;font-weight:400;opacity:.75;margin-top:.1rem}\/* \u2500\u2500 FEEDBACK \u2500\u2500 *\/.q-feedback{padding:.65rem 1.25rem;font-size:.8rem;line-height:1.5;border-top:1px solid var(--border);display:none;color:var(--muted)}.q-feedback.show{display:block}.q-feedback.fb-oui{background:var(--green-lt);color:#0a6b52;border-top-color:#b0e8d8}.q-feedback.fb-partiel{background:var(--orange-lt);color:#7a3d00;border-top-color:#f4c494}.q-feedback.fb-non{background:#fff5f5;color:#9b2c2c;border-top-color:#fed7d7}\/* \u2500\u2500 R\u00c9SULTAT \u2500\u2500 *\/.result-panel{display:none;background:var(--surface);border-radius:var(--radius);box-shadow:var(--shadow);overflow:hidden;margin-top:2rem}.result-panel.show{display:block}.result-top{padding:2rem;text-align:center;color:#fff}.result-top.niveau-0{background:linear-gradient(135deg,#c53030,#e53e3e)}.result-top.niveau-1{background:linear-gradient(135deg,#b35a10,var(--orange))}.result-top.niveau-2{background:linear-gradient(135deg,#1A5FA8,var(--sky))}.result-top.niveau-3{background:linear-gradient(135deg,var(--navy-dk),var(--navy))}.result-score-circle{width:90px;height:90px;border-radius:50%;background:rgba(255,255,255,.2);border:3px solid rgba(255,255,255,.5);display:flex;flex-direction:column;align-items:center;justify-content:center;margin:0 auto 1rem}.result-score-val{font-family:'Days One',sans-serif;font-size:1.8rem;line-height:1;color:#fff}.result-score-max{font-size:.65rem;opacity:.7;color:#fff}.result-niveau{font-family:'Days One',sans-serif;font-size:1.25rem;color:#fff;margin-bottom:.4rem}.result-desc{font-size:.88rem;color:rgba(255,255,255,.82);line-height:1.6;max-width:480px;margin:0 auto}.result-body{padding:1.5rem 2rem}.result-body h3{font-size:.9rem;font-weight:700;color:var(--navy);margin-bottom:.75rem;text-transform:uppercase;letter-spacing:.05em}.priority-list{list-style:none;display:flex;flex-direction:column;gap:.5rem;margin-bottom:1.5rem}.priority-list li{display:flex;align-items:flex-start;gap:.6rem;font-size:.875rem;color:var(--text);line-height:1.5}.priority-list li::before{content:\"\u2192\";color:var(--orange);font-weight:700;flex-shrink:0;margin-top:.1rem}.stats-strip{display:grid;grid-template-columns:repeat(3,1fr);gap:1rem;background:var(--bg);border-radius:10px;padding:1rem;margin-bottom:1.5rem}.stat-block{text-align:center}.stat-val{font-family:'Days One',sans-serif;font-size:1.3rem;color:var(--orange)}.stat-lbl{font-size:.72rem;color:var(--muted);margin-top:.15rem;line-height:1.3}.result-cta{display:flex;align-items:center;justify-content:space-between;gap:1rem;flex-wrap:wrap;background:linear-gradient(135deg,var(--navy-dk),var(--navy));border-radius:10px;padding:1.25rem 1.5rem}.result-cta-text h4{font-size:.95rem;font-weight:700;color:#fff;margin-bottom:.2rem}.result-cta-text p{font-size:.78rem;color:rgba(255,255,255,.7);margin:0}.btn-cta{background:var(--orange);color:#fff;font-weight:700;font-size:.875rem;padding:.65rem 1.5rem;border-radius:999px;text-decoration:none;white-space:nowrap;transition:filter .2s;display:inline-block}.btn-cta:hover{filter:brightness(1.1)}.voir-resultat-btn{background:var(--orange);color:#fff;font-family:'DM Sans',sans-serif;font-weight:700;font-size:1rem;padding:.8rem 2.5rem;border:none;border-radius:999px;cursor:pointer;transition:filter .2s;box-shadow:0 4px 16px rgba(239,126,38,.35)}.voir-resultat-btn:hover{filter:brightness(1.1)}.questions-restantes{font-size:.8rem;color:var(--muted);margin-top:.6rem}.reset-btn:hover{border-color:var(--navy);color:var(--navy)}\/* \u2500\u2500 BLOC SWAWE BAS DE PAGE \u2500\u2500 *\/.swawe-bloc{background:var(--navy);border-radius:var(--radius);overflow:hidden;margin-top:2.5rem;box-shadow:var(--shadow)}.swawe-bloc-header{text-align:center;padding:2rem 2rem 1.5rem}.swawe-bloc-label{font-size:.68rem;font-weight:700;text-transform:uppercase;letter-spacing:.1em;color:var(--orange);margin-bottom:.6rem}.swawe-bloc-title{font-family:'Days One',sans-serif;font-size:1.35rem;color:#fff;line-height:1.25;margin-bottom:.5rem}.swawe-bloc-sub{font-size:.875rem;color:rgba(255,255,255,.6);line-height:1.5}.swawe-features{display:grid;grid-template-columns:repeat(auto-fit,minmax(180px,1fr));gap:0;border-top:1px solid rgba(255,255,255,.1);border-bottom:1px solid rgba(255,255,255,.1)}.swawe-feat{padding:1.25rem 1.3rem;border-right:1px solid rgba(255,255,255,.1)}.swawe-feat:last-child{border-right:none}.swawe-feat-icon{font-size:1.3rem;margin-bottom:.5rem}.swawe-feat-title{font-size:.875rem;font-weight:600;color:var(--orange);margin-bottom:.35rem;line-height:1.3}.swawe-feat-desc{font-size:.78rem;color:rgba(255,255,255,.62);line-height:1.55}.swawe-stats{display:grid;grid-template-columns:repeat(3,1fr);padding:1.25rem 1.5rem;gap:1rem;border-bottom:1px solid rgba(255,255,255,.1)}.swawe-stat{text-align:center}.swawe-stat-val{font-family:'Days One',sans-serif;font-size:1.4rem;color:var(--orange)}.swawe-stat-lbl{font-size:.72rem;color:rgba(255,255,255,.5);margin-top:.15rem;line-height:1.3}.swawe-cta{display:flex;align-items:center;justify-content:space-between;gap:1rem;flex-wrap:wrap;padding:1.5rem 2rem}footer{text-align:center;margin-top:3rem;font-size:.73rem;color:var(--muted)}footer a{color:var(--muted)}<\/style>\n<p><\/head><body><\/p>\n<div class=\"wrap\"><\/p>\n<header class=\"hero\"> <\/p>\n<div class=\"badge\">Diagnostic SoD \u00b7 SWAWE<\/div>\n<p> <\/p>\n<h1>\u00c9valuez votre maturit\u00e9<!\u2013- [et_pb_br_holder] -\u2013><em>SoD dans SAP<\/em><\/h1>\n<p> <pee>R\u00e9pondez \u00e0 19 questions (Oui \/ Partiel \/ Non) et obtenez un score de maturit\u00e9 personnalis\u00e9 avec les priorit\u00e9s \u00e0 traiter.<\/pee><\/header>\n<p><\/p>\n<div class=\"score-header\"> <\/p>\n<div class=\"score-bar-bg\">\n<div class=\"score-bar-fill\" id=\"score-fill\"><\/div>\n<\/div>\n<p> <\/p>\n<div class=\"score-info\"> <\/p>\n<div class=\"score-pts\" id=\"score-pts\">0 \/ 38 pts<\/div>\n<p> <\/p>\n<div class=\"score-pct\" id=\"score-pct\">0 % de maturit\u00e9<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">0<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Diagnostic pr\u00e9alable \u2014 Gouvernance & maturit\u00e9 actuelle<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">\u00c9valuation du point de d\u00e9part avant toute d\u00e9marche SoD<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q1\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q1<\/span> <span class=\"q-text\">Disposez-vous d’une matrice SoD document\u00e9e et \u00e0 jour ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q1','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q1','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q1','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q1-oui\">\u2705 Bonne base. V\u00e9rifiez qu’elle est valid\u00e9e par les \u00e9quipes m\u00e9tiers (pas uniquement IT) et r\u00e9vis\u00e9e \u00e0 chaque \u00e9volution majeure du syst\u00e8me.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q1-partiel\">\u26a0\ufe0f Une matrice partielle est mieux que rien \u2014 mais les processus non couverts constituent des angles morts complets pour votre audit.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q1-non\">\u274c C’est le point de d\u00e9part prioritaire. Sans matrice, toutes vos analyses SoD reposent sur des bases instables et inopposables \u00e0 un auditeur.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q2\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q2<\/span> <span class=\"q-text\">Votre derni\u00e8re revue des droits d’acc\u00e8s date de moins de 6 mois ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q2','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q2','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q2','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q2-oui\">\u2705 Bonne cadence. Pour les organisations soumises \u00e0 SOX ou Sapin II, une revue trimestrielle voire continue est recommand\u00e9e.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q2-partiel\">\u26a0\ufe0f Une revue partielle laisse des p\u00e9rim\u00e8tres entiers sans contr\u00f4le. Les d\u00e9parts et changements de poste non refl\u00e9t\u00e9s cr\u00e9ent des risques r\u00e9els.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q2-non\">\u274c Au-del\u00e0 de 6 mois, les mouvements de personnel rendent les r\u00e9sultats non fiables. Votre situation actuelle est probablement tr\u00e8s diff\u00e9rente de votre derni\u00e8re analyse.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q3\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q3<\/span> <span class=\"q-text\">Un propri\u00e9taire de risque est-il identifi\u00e9 pour chaque processus m\u00e9tier (Finance, Achats, RH\u2026) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q3','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q3','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q3','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q3-oui\">\u2705 Excellent. Un ownership clair est la condition sine qua non pour que les rem\u00e9diations aboutissent r\u00e9ellement.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q3-partiel\">\u26a0\ufe0f Les processus sans propri\u00e9taire identifi\u00e9 ne seront jamais rem\u00e9di\u00e9s efficacement \u2014 les conflits y persistent ind\u00e9finiment.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q3-non\">\u274c Sans ownership, aucune rem\u00e9diation n’aboutit. La gouvernance SoD doit \u00eatre port\u00e9e par les m\u00e9tiers, pas uniquement par l’IT.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">1<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Construction de la matrice SoD<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">Qualit\u00e9 et profondeur du r\u00e9f\u00e9rentiel d’incompatibilit\u00e9s<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q4\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q4<\/span> <span class=\"q-text\">Votre matrice SoD couvre-t-elle les processus Achats, Ventes, Comptabilit\u00e9 et Ressources humaines \/ Paie g\u00e9r\u00e9s dans SAP ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q4','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q4','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q4','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q4-oui\">\u2705 Les domaines prioritaires sont couverts. Notez que certains processus (comme la RH\/Paie) sont parfois g\u00e9r\u00e9s hors SAP \u2014 v\u00e9rifiez bien le p\u00e9rim\u00e8tre r\u00e9el de votre analyse.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q4-partiel\">\u26a0\ufe0f Les processus non couverts sont des angles morts. Attention : si certains processus (ex. RH\/Paie) ne sont pas dans SAP, il faut l’identifier explicitement plut\u00f4t que de laisser la question sans r\u00e9ponse.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q4-non\">\u274c Achats, Ventes et Comptabilit\u00e9 concentrent la majorit\u00e9 des risques de fraude. Commencez par ces domaines \u2014 et v\u00e9rifiez si RH\/Paie est g\u00e9r\u00e9 dans SAP ou dans un autre syst\u00e8me.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q5\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q5<\/span> <span class=\"q-text\">Vos r\u00e8gles SoD descendent-elles au niveau des objets d’autorisation SAP (au-del\u00e0 des simples t-codes) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q5','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q5','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q5','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q5-oui\">\u2705 C’est le niveau d’analyse le plus pr\u00e9cis. Vos r\u00e9sultats sont probablement bien moins pollu\u00e9s par les faux positifs.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q5-partiel\">\u26a0\ufe0f Une analyse t-code seulement g\u00e9n\u00e8re 40 \u00e0 60 % de faux positifs. Votre \u00e9quipe passe du temps \u00e0 traiter des conflits qui n’en sont pas r\u00e9ellement.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q5-non\">\u274c Sans analyse au niveau des objets d’autorisation (ACTVT, BUKRS\u2026), vos r\u00e9sultats contiennent probablement entre 40 et 60 % de faux positifs \u2014 ce qui nuit \u00e0 la cr\u00e9dibilit\u00e9 de toute votre d\u00e9marche GRC.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q6\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q6<\/span> <span class=\"q-text\">Chaque r\u00e8gle SoD dispose-t-elle d’un niveau de criticit\u00e9 (Haute \/ Moyenne \/ Basse) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q6','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q6','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q6','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q6-oui\">\u2705 La priorisation est la cl\u00e9 d’une d\u00e9marche efficace. Vos \u00e9quipes peuvent concentrer l’effort l\u00e0 o\u00f9 le risque est r\u00e9el.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q6-partiel\">\u26a0\ufe0f Sans priorisation compl\u00e8te, certains conflits critiques risquent d’\u00eatre trait\u00e9s avec la m\u00eame urgence que des conflits mineurs.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q6-non\">\u274c Sans priorisation, les \u00e9quipes traitent tous les conflits avec la m\u00eame urgence \u2014 et s’\u00e9puisent sur des risques mineurs au d\u00e9triment des vrais enjeux.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q7\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q7<\/span> <span class=\"q-text\">La matrice a-t-elle \u00e9t\u00e9 co-valid\u00e9e par les \u00e9quipes m\u00e9tiers ET le contr\u00f4le interne (pas uniquement l’IT) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q7','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q7','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q7','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q7-oui\">\u2705 Une matrice co-sign\u00e9e par les m\u00e9tiers est indiscutable lors d’un audit. C’est votre meilleure protection.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q7-partiel\">\u26a0\ufe0f Une validation partielle fragilise votre position. Les auditeurs externes v\u00e9rifieront syst\u00e9matiquement qui a approuv\u00e9 quoi.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q7-non\">\u274c Une matrice valid\u00e9e uniquement par l’IT sera contest\u00e9e lors d’un audit externe. Les propri\u00e9taires de processus (DAF, Responsable Achats, DRH\u2026) doivent imp\u00e9rativement co-signer.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">2<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Analyse des acc\u00e8s SoD dans SAP<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">Qualit\u00e9 et profondeur de la d\u00e9tection des conflits<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q8\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q8<\/span> <span class=\"q-text\">Vos comptes utilisateurs d\u00e9sactiv\u00e9s ont-ils bien \u00e9t\u00e9 archiv\u00e9s et leurs droits d’acc\u00e8s supprim\u00e9s dans SAP ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q8','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q8','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q8','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q8-oui\">\u2705 Bonne hygi\u00e8ne des identit\u00e9s. Un compte d\u00e9sactiv\u00e9 sans droits retir\u00e9s reste un vecteur d’acc\u00e8s potentiel \u2014 vous avez bien trait\u00e9 ce risque.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q8-partiel\">\u26a0\ufe0f Des comptes d\u00e9sactiv\u00e9s avec des droits encore actifs signalent un processus d’archivage incomplet. C’est un risque r\u00e9el d’acc\u00e8s non autoris\u00e9 \u00e0 corriger.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q8-non\">\u274c Un compte d\u00e9sactiv\u00e9 dont les droits n’ont pas \u00e9t\u00e9 supprim\u00e9s reste exploitable. Cela r\u00e9v\u00e8le un probl\u00e8me dans votre proc\u00e9dure de d\u00e9part\/changement de poste \u2014 \u00e0 corriger en priorit\u00e9.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q9\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q9<\/span> <span class=\"q-text\">Croisez-vous les habilitations th\u00e9oriques avec les transactions r\u00e9ellement ex\u00e9cut\u00e9es (logs SAP) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q9','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q9','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q9','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q9-oui\">\u2705 Vous distinguez les risques dormants des risques actifs. Votre priorisation des rem\u00e9diations est bien plus efficace.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q9-partiel\">\u26a0\ufe0f Un croisement partiel laisse des zones d’ombre. Certains risques av\u00e9r\u00e9s peuvent passer inaper\u00e7us.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q9-non\">\u274c Sans croisement avec les logs (SM20, STAD), vous traitez tous les conflits th\u00e9oriques avec la m\u00eame urgence \u2014 y compris ceux qui n’ont jamais \u00e9t\u00e9 exerc\u00e9s depuis des ann\u00e9es.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q10\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q10<\/span> <span class=\"q-text\">Simulez-vous l’impact d’un changement de r\u00f4le avant de le d\u00e9ployer en production ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q10','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q10','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q10','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q10-oui\">\u2705 Z\u00e9ro surprise post-d\u00e9ploiement. Vous anticipez les effets de bord avant qu’ils ne surviennent.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q10-partiel\">\u26a0\ufe0f Chaque d\u00e9ploiement sans simulation compl\u00e8te est un risque de cr\u00e9er de nouveaux conflits sans le savoir.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q10-non\">\u274c Chaque rem\u00e9diation non simul\u00e9e peut cr\u00e9er de nouveaux conflits. Vous risquez de traiter un probl\u00e8me en en cr\u00e9ant trois autres.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q11\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q11<\/span> <span class=\"q-text\">Vos rapports SoD sont-ils directement lisibles et exploitables par les managers m\u00e9tiers, sans interm\u00e9diaire IT ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q11','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q11','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q11','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q11-oui\">\u2705 Vos managers peuvent prendre des d\u00e9cisions de rem\u00e9diation sans d\u00e9pendre de l’IT. C’est un facteur cl\u00e9 de rapidit\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q11-partiel\">\u26a0\ufe0f Chaque passage par l’IT pour interpr\u00e9ter les r\u00e9sultats ralentit les d\u00e9cisions et cr\u00e9e des goulots d’\u00e9tranglement.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q11-non\">\u274c Des rapports incompr\u00e9hensibles pour les m\u00e9tiers = des rem\u00e9diations qui tardent. La gouvernance SoD doit parler le langage du risque, pas de la technique SAP.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">3<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Industrialisation & pilotage continu<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">Automatisation, tra\u00e7abilit\u00e9 et maturit\u00e9 op\u00e9rationnelle<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q12\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q12<\/span> <span class=\"q-text\">Vos analyses SoD sont-elles automatis\u00e9es (sans extraction manuelle Excel \/ SUIM) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q12','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q12','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q12','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q12-oui\">\u2705 Vous avez \u00e9limin\u00e9 le risque d’erreur humaine sur les grands volumes. Vos analyses sont reproductibles et fiables.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q12-partiel\">\u26a0\ufe0f L’automatisation partielle laisse des p\u00e9rim\u00e8tres expos\u00e9s aux erreurs manuelles \u2014 souvent pr\u00e9cis\u00e9ment l\u00e0 o\u00f9 les risques sont les plus \u00e9lev\u00e9s.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q12-non\">\u274c Les extractions Excel de plus de 50 000 lignes g\u00e9n\u00e8rent syst\u00e9matiquement des erreurs. Un seul fichier corrompu peut invalider tout un audit externe.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q13\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q13<\/span> <span class=\"q-text\">Une alerte se d\u00e9clenche-t-elle automatiquement \u00e0 chaque cr\u00e9ation ou modification de r\u00f4le SAP ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q13','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q13','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q13','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q13-oui\">\u2705 Vous d\u00e9tectez les nouveaux conflits avant qu’ils ne soient exploit\u00e9s. C’est le niveau de maturit\u00e9 le plus avanc\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q13-partiel\">\u26a0\ufe0f Sans alerte syst\u00e9matique, certaines modifications de r\u00f4les passent sous les radars entre deux revues \u2014 parfois pendant des mois.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q13-non\">\u274c D\u00e9tecter apr\u00e8s coup, c’est d\u00e9j\u00e0 trop tard. Les nouveaux conflits cr\u00e9\u00e9s entre deux revues peuvent rester actifs pendant des mois sans \u00eatre d\u00e9tect\u00e9s.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q14\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q14<\/span> <span class=\"q-text\">Toutes vos actions correctives sont-elles trac\u00e9es avec date, responsable et justification ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q14','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q14','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q14','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q14-oui\">\u2705 Vous \u00eates pr\u00eat \u00e0 tout moment pour un audit. Votre tra\u00e7abilit\u00e9 est votre meilleure preuve de contr\u00f4le.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q14-partiel\">\u26a0\ufe0f Une tra\u00e7abilit\u00e9 incompl\u00e8te fragilise votre position lors d’un audit \u2014 m\u00eame si les rem\u00e9diations ont \u00e9t\u00e9 effectu\u00e9es.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q14-non\">\u274c Un auditeur demandera syst\u00e9matiquement la preuve que les risques ont \u00e9t\u00e9 trait\u00e9s \u2014 par qui, quand, pour quelle raison. Sans tra\u00e7abilit\u00e9, votre d\u00e9marche n’est pas opposable.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q15\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q15<\/span> <span class=\"q-text\">Disposez-vous d’un processus formalis\u00e9 de d\u00e9rogation avec contr\u00f4le compensatoire pour les conflits in\u00e9vitables ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q15','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q15','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q15','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q15-oui\">\u2705 Votre approche est mature et r\u00e9aliste. Les conflits in\u00e9vitables sont encadr\u00e9s sans paralyser l’activit\u00e9 op\u00e9rationnelle.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q15-partiel\">\u26a0\ufe0f Un processus de d\u00e9rogation incomplet laisse des conflits sans encadrement \u2014 ni rem\u00e9diation, ni contr\u00f4le compensatoire document\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q15-non\">\u274c Certains conflits sont in\u00e9vitables (petites structures, postes cumul\u00e9s). L’inaction silencieuse n’est jamais acceptable. Une d\u00e9rogation document\u00e9e + contr\u00f4le compensatoire est la bonne r\u00e9ponse.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q16\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q16<\/span> <span class=\"q-text\">Couvrez-vous l’ensemble de vos syst\u00e8mes SAP dans l’analyse (ECC, S\/4HANA, BW, SRM\u2026) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q16','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q16','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q16','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q16-oui\">\u2705 Couverture compl\u00e8te. Les conflits inter-syst\u00e8mes \u2014 souvent les plus dangereux \u2014 sont inclus dans votre p\u00e9rim\u00e8tre d’analyse.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q16-partiel\">\u26a0\ufe0f Les syst\u00e8mes non couverts sont des angles morts. Un utilisateur peut cumuler des droits dangereux sur deux syst\u00e8mes diff\u00e9rents sans que cela ne soit d\u00e9tect\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q16-non\">\u274c Les conflits inter-syst\u00e8mes sont les plus souvent ignor\u00e9s et les plus dangereux. Un p\u00e9rim\u00e8tre limit\u00e9 \u00e0 un seul syst\u00e8me SAP laisse des risques majeurs non d\u00e9tect\u00e9s.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q17\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q17<\/span> <span class=\"q-text\">Pouvez-vous produire un rapport de conformit\u00e9 SoD \u00e0 tout moment, sans d\u00e9lai de pr\u00e9paration ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q17','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q17','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q17','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q17-oui\">\u2705 Vous abordez les audits avec s\u00e9r\u00e9nit\u00e9. La preuve de contr\u00f4le est disponible \u00e0 tout moment, sans stress de derni\u00e8re minute.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q17-partiel\">\u26a0\ufe0f Un rapport de conformit\u00e9 partiel fragilise votre position face aux auditeurs et aux instances de direction.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q17-non\">\u274c L’objectif final n’est pas de survivre \u00e0 l’audit, mais de l’aborder avec confiance. Un reporting continu est la seule fa\u00e7on d’y parvenir.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q18\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q18<\/span> <span class=\"q-text\">Votre organisation dispose-t-elle d’une vision continue et actualis\u00e9e de ses risques SoD (pas uniquement lors des audits) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q18','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q18','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q18','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q18-oui\">\u2705 F\u00e9licitations \u2014 c’est le niveau de maturit\u00e9 le plus avanc\u00e9. Votre gouvernance SoD est un pilier actif de votre strat\u00e9gie GRC.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q18-partiel\">\u26a0\ufe0f Une vision discontinue laisse des fen\u00eatres d’exposition entre les revues. Les risques peuvent s’accumuler sans \u00eatre d\u00e9tect\u00e9s pendant des mois.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q18-non\">\u274c Une analyse uniquement lors des audits, c’est naviguer \u00e0 vue 90 % du temps. La d\u00e9tection continue est la seule approche compatible avec les exigences r\u00e9glementaires modernes.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q19\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q19<\/span> <span class=\"q-text\">Vos comptes de service et comptes RFC font-ils l’objet d’une analyse SoD sp\u00e9cifique et d’une politique de s\u00e9curit\u00e9 d\u00e9di\u00e9e ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q19','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q19','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q19','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q19-oui\">\u2705 Excellent. Les comptes de service sont parmi les plus expos\u00e9s \u2014 les analyser et les encadrer avec une politique d\u00e9di\u00e9e d\u00e9montre une maturit\u00e9 SoD avanc\u00e9e.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q19-partiel\">\u26a0\ufe0f Une couverture partielle laisse des comptes techniques sans encadrement. Un compte RFC sans politique de mot de passe ni analyse SoD est une porte d’entr\u00e9e tr\u00e8s expos\u00e9e.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q19-non\">\u274c Les comptes de service et RFC sont les plus dangereux : souvent dot\u00e9s de droits tr\u00e8s \u00e9tendus, sans MFA, sans politique de mot de passe stricte, et rarement revus. Ils doivent absolument \u00eatre inclus dans vos analyses SoD.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div style=\"text-align:center;margin:1.5rem 0\"> <button class=\"voir-resultat-btn\" id=\"voir-resultat-btn\" onclick=\"showResult(currentPts(), currentPct())\" style=\"display:none\"> Voir mon r\u00e9sultat \u2192 <\/button> <\/p>\n<div class=\"questions-restantes\" id=\"questions-restantes\"><\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"result-panel\" id=\"result-panel\"> <\/p>\n<div class=\"result-top\" id=\"result-top\"> <\/p>\n<div class=\"result-score-circle\"> <span class=\"result-score-val\" id=\"res-score\">0<\/span> <span class=\"result-score-max\">\/ 38 pts<\/span> <\/div>\n<p> <\/p>\n<div class=\"result-niveau\" id=\"res-niveau\">\u2014<\/div>\n<p> <\/p>\n<div class=\"result-desc\" id=\"res-desc\">\u2014<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"result-body\"> <\/p>\n<div class=\"stats-strip\"> <\/p>\n<div class=\"stat-block\">\n<div class=\"stat-val\" id=\"res-oui\">0<\/div>\n<div class=\"stat-lbl\">r\u00e9ponses<!\u2013- [et_pb_br_holder] -\u2013>Oui<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"stat-block\">\n<div class=\"stat-val\" id=\"res-partiel\">0<\/div>\n<div class=\"stat-lbl\">r\u00e9ponses<!\u2013- [et_pb_br_holder] -\u2013>Partielles<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"stat-block\">\n<div class=\"stat-val\" id=\"res-non\">0<\/div>\n<div class=\"stat-lbl\">r\u00e9ponses<!\u2013- [et_pb_br_holder] -\u2013>Non<\/div>\n<\/div>\n<p> <\/div>\n<p> <\/p>\n<h3>Vos priorit\u00e9s d’action<\/h3>\n<p> <\/p>\n<ul class=\"priority-list\" id=\"res-priorities\"><\/ul>\n<p> <\/p>\n<div class=\"result-cta\"> <\/p>\n<div class=\"result-cta-text\"> <\/p>\n<h4>Discutons de votre situation<\/h4>\n<p> <pee>Nos experts SWAWE analysent vos r\u00e9sultats et vous proposent un plan d’action personnalis\u00e9.<\/pee> <\/div>\n<p> <a href=\"https:\/\/swawe.fr\/demande-de-demo\/\" class=\"btn-cta\">Demander une d\u00e9mo \u2192<\/a> <\/div>\n<p> <\/div>\n<p><\/div>\n<p><button class=\"reset-btn\" onclick=\"resetAll()\">\u21ba Recommencer le diagnostic<\/button><\/p>\n<div class=\"swawe-bloc\"> <\/p>\n<div class=\"swawe-bloc-header\"> <\/p>\n<div class=\"swawe-bloc-label\">Pourquoi SWAWE<\/div>\n<p> <\/p>\n<h2 class=\"swawe-bloc-title\">Ce que SWAWE change concr\u00e8tement sur votre SoD<\/h2>\n<p> <pee class=\"swawe-bloc-sub\">\u00c9valuez votre solution actuelle \u2014 chaque \u00ab\u00a0non\u00a0\u00bb est un risque non couvert<\/pee> <\/div>\n<p> <\/p>\n<div class=\"swawe-features\"> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\ud83c\udfaf<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">Analyse \u00e0 l’objet d’autorisation<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Le niveau le plus fin de SAP \u2014 \u00e9limine les 40 \u00e0 60 % de faux positifs que les analyses t-code classiques g\u00e9n\u00e8rent en masse.<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\u26a1<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">Simulation en temps r\u00e9el<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Visualiser l’impact d’un changement de r\u00f4le avant de l’appliquer \u2014 z\u00e9ro surprise post-d\u00e9ploiement.<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\ud83d\udcca<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">Tableaux de bord m\u00e9tiers<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Rapports lisibles par Finance, Achats, RH \u2014 sans passer par l’\u00e9quipe IT pour interpr\u00e9ter les r\u00e9sultats.<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\ud83d\udd04<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">D\u00e9tection continue<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Chaque modification de r\u00f4le d\u00e9clenche automatiquement une v\u00e9rification SoD. Fini les angles morts entre deux revues annuelles.<\/div>\n<p> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-stats\"> <\/p>\n<div class=\"swawe-stat\">\n<div class=\"swawe-stat-val\">+7 000<\/div>\n<div class=\"swawe-stat-lbl\">analyses de risques r\u00e9alis\u00e9es<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"swawe-stat\">\n<div class=\"swawe-stat-val\">+29 000<\/div>\n<div class=\"swawe-stat-lbl\">utilisateurs SAP sous contr\u00f4le<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"swawe-stat\">\n<div class=\"swawe-stat-val\">\u221274 %<\/div>\n<div class=\"swawe-stat-lbl\">de risques SoD constat\u00e9s<\/div>\n<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-cta\"> <\/p>\n<div class=\"swawe-cta-text\"> <\/p>\n<h3 style=\"color:#fff;font-family:'Days One',sans-serif;font-size:1.1rem;margin-bottom:.3rem;\">Pr\u00eat \u00e0 aller plus loin ?<\/h3>\n<p> <pee style=\"color:rgba(255,255,255,.75);font-size:.875rem;margin:0;\">Nos experts analysent vos r\u00e9sultats et vous proposent un plan d’action personnalis\u00e9.<\/pee> <\/div>\n<p> <a href=\"https:\/\/swawe.fr\/demande-de-demo\/\" class=\"btn-cta\">Demander une d\u00e9mo \u2192<\/a> <\/div>\n<p><\/div>\n<p><\/p>\n<footer> <pee>\u00a9 <strong>SWAWE<\/strong> \u00b7 <a href=\"https:\/\/swawe.fr\">swawe.fr<\/a> \u00b7 En partenariat avec <strong>Secureway<\/strong><\/pee><\/footer>\n<p><\/div>\n<p><script>const TOTAL_PTS = 38;const TOTAL_Q = 19;const answers = {};const feedbacks = { q1: { oui: \"Bonne base. V\u00e9rifiez qu'elle est valid\u00e9e par les \u00e9quipes m\u00e9tiers et r\u00e9vis\u00e9e \u00e0 chaque \u00e9volution majeure.\", partiel: \"Une matrice partielle laisse des processus sans couverture \u2014 autant d'angles morts pour votre audit.\", non: \"C'est le point de d\u00e9part prioritaire. Sans matrice, toutes vos analyses SoD reposent sur des bases instables.\" }, q4: { oui: null, partiel: null, non: \"Priorit\u00e9 #1 : couvrir P2P, O2C, R2R et HCM \u2014 les 4 domaines qui concentrent l'essentiel des risques de fraude.\" }, q5: { oui: null, partiel: \"Analyse t-code uniquement = 40\u201360 % de faux positifs. Descendre au niveau des objets d'autorisation.\", non: \"Analyse t-code uniquement = 40\u201360 % de faux positifs. Passer au niveau des objets d'autorisation SAP.\" }, q7: { oui: null, partiel: null, non: \"Faire co-valider la matrice par les propri\u00e9taires de processus m\u00e9tiers (DAF, Achats, DRH).\" }, q19: { oui: null, partiel: null, non: \"Inclure les comptes de service et RFC dans l'analyse SoD et d\u00e9finir une politique de securite specifique (mot de passe, droits minimaux, revue periodique).\" }, q19: { oui: null, partiel: null, non: \"Inclure les comptes de service et RFC dans l'analyse SoD et definir une politique de securite specifique (droits minimaux, mot de passe, revue reguliere).\" }, q9: { oui: null, partiel: null, non: \"Croiser les habilitations avec les logs SAP (SM20, STAD) pour identifier les risques actifs.\" }, q12: { oui: null, partiel: null, non: \"Automatiser les analyses pour \u00e9liminer les erreurs manuelles et gagner en fiabilit\u00e9 sur les grands volumes.\" }, q13: { oui: null, partiel: null, non: \"Mettre en place des alertes automatiques \u00e0 chaque modification de r\u00f4le SAP.\" }, q14: { oui: null, partiel: null, non: \"Tracer toutes les actions correctives (date, responsable, justification) pour les rendre opposables \u00e0 un auditeur.\" }, q18: { oui: null, partiel: null, non: \"Passer a une detection continue plutot qu'une analyse uniquement lors des audits.\" }};function currentPts(){ return Object.values(answers).reduce((s,a)=>s+a.pts,0); }function currentPct(){ return Math.round(currentPts()\/TOTAL_PTS*100); }function answer(qid, val, pts) { const card = document.getElementById(qid); const btns = card.querySelectorAll('.ans-btn'); btns.forEach(b => b.className = 'ans-btn'); const idx = val === 'oui' ? 0 : val === 'partiel' ? 1 : 2; btns[idx].classList.add('selected-' + val); ['oui','partiel','non'].forEach(v => { const fb = document.getElementById(qid + '-' + v); if (fb) fb.classList.remove('show'); }); const fb = document.getElementById(qid + '-' + val); if (fb) fb.classList.add('show'); card.classList.remove('answered','answered-no'); card.classList.add(val === 'non' ? 'answered-no' : 'answered'); answers[qid] = { val, pts }; updateScore();}function updateScore() { const answered = Object.keys(answers).length; const pts = currentPts(); const pct = currentPct(); document.getElementById('score-fill').style.width = pct + '%'; document.getElementById('score-pts').textContent = pts + ' \/ ' + TOTAL_PTS + ' pts'; document.getElementById('score-pct').textContent = pct + ' % de maturite'; const btn = document.getElementById('voir-resultat-btn'); const remaining = document.getElementById('questions-restantes'); if (answered >= 1) { btn.style.display = 'inline-block'; const restantes = TOTAL_Q - answered; remaining.textContent = restantes > 0 ? restantes + ' question' + (restantes > 1 ? 's' : '') + ' restante' + (restantes > 1 ? 's' : '') + ' \u2014 le resultat sera plus precis si vous les completez.' : 'Toutes les questions sont completees.'; } else { btn.style.display = 'none'; remaining.textContent = ''; } if (answered === TOTAL_Q) showResult(pts, pct);}function showResult(pts, pct) { const panel = document.getElementById('result-panel'); panel.classList.add('show'); panel.scrollIntoView({ behavior: 'smooth', block: 'start' }); document.getElementById('res-score').textContent = pts; const oui = Object.values(answers).filter(a => a.val === 'oui').length; const partiel = Object.values(answers).filter(a => a.val === 'partiel').length; const non = Object.values(answers).filter(a => a.val === 'non').length; document.getElementById('res-oui').textContent = oui; document.getElementById('res-partiel').textContent = partiel; document.getElementById('res-non').textContent = non; const top = document.getElementById('result-top'); const niveau = document.getElementById('res-niveau'); const desc = document.getElementById('res-desc'); top.className = 'result-top'; const answered = Object.keys(answers).length; const mention = answered < TOTAL_Q ? ' (base sur ' + answered + '\/' + TOTAL_Q + ' questions)' : ''; if (pct <= 30) { top.classList.add('niveau-0'); niveau.textContent = 'Niveau Debutant' + mention; desc.textContent = 'Votre demarche SoD est embryonnaire. Des risques importants sont probablement exposes sans etre detectes. Une mise en place structuree est urgente.'; } else if (pct <= 60) { top.classList.add('niveau-1'); niveau.textContent = 'Niveau En progression' + mention; desc.textContent = \"Les fondations existent mais la demarche reste fragile et incomplete. Des angles morts significatifs subsistent, notamment sur l'automatisation et la tracabilite.\"; } else if (pct <= 85) { top.classList.add('niveau-2'); niveau.textContent = 'Niveau Avance' + mention; desc.textContent = \"Votre gouvernance SoD est solide. Quelques points d'amelioration cibles permettraient d'atteindre un niveau optimise et de renforcer votre posture face aux audits.\"; } else { top.classList.add('niveau-3'); niveau.textContent = 'Niveau Optimise' + mention; desc.textContent = \"Felicitations \u2014 votre maturite SoD est excellente. Votre organisation dispose d'une gouvernance des acces SAP robuste, continue et defendable face a tout auditeur.\"; } const priorities = []; Object.entries(answers).forEach(([qid, a]) => { if (a.val !== 'oui' && feedbacks[qid] && feedbacks[qid][a.val]) { priorities.push(feedbacks[qid][a.val]); } }); const list = document.getElementById('res-priorities'); list.innerHTML = ''; if (priorities.length === 0) { list.innerHTML = '<\/p>\n<li>Aucune priorite critique identifiee \u2014 votre maturite SoD est optimale.<\/li>\n<p>'; } else { priorities.slice(0, 5).forEach(p => { const li = document.createElement('li'); li.textContent = p; list.appendChild(li); }); }}function resetAll() { Object.keys(answers).forEach(k => delete answers[k]); document.querySelectorAll('.ans-btn').forEach(b => b.className = 'ans-btn'); document.querySelectorAll('.q-feedback').forEach(f => f.classList.remove('show')); document.querySelectorAll('.q-card').forEach(c => c.classList.remove('answered','answered-no')); document.getElementById('score-fill').style.width = '0%'; document.getElementById('score-pts').textContent = '0 \/ 38 pts'; document.getElementById('score-pct').textContent = '0 % de maturite'; document.getElementById('result-panel').classList.remove('show'); document.getElementById('voir-resultat-btn').style.display = 'none'; document.getElementById('questions-restantes').textContent = ''; window.scrollTo({ top: 0, behavior: 'smooth' });}<\/script><\/body><\/html>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":9,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"class_list":["post-2511","page","type-page","status-publish","hentry"],"yoast_head":"\n<title>Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s<\/title>\n<meta name=\"description\" content=\"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s\" \/>\n<meta property=\"og:description\" content=\"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/\" \/>\n<meta property=\"og:site_name\" content=\"Swawe\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-02T10:09:43+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/\",\"url\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/\",\"name\":\"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/swawe.fr\\\/#website\"},\"datePublished\":\"2026-05-29T08:12:53+00:00\",\"dateModified\":\"2026-06-02T10:09:43+00:00\",\"description\":\"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/swawe.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d’acc\u00e8s | SWAWE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/swawe.fr\\\/#website\",\"url\":\"https:\\\/\\\/swawe.fr\\\/\",\"name\":\"Swawe\",\"description\":\"Your Compliance Companion\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/swawe.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n","yoast_head_json":{"title":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s","description":"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","og_locale":"en_US","og_type":"article","og_title":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s","og_description":"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9","og_url":"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","og_site_name":"Swawe","article_modified_time":"2026-06-02T10:09:43+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","url":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","name":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s","isPartOf":{"@id":"https:\/\/swawe.fr\/#website"},"datePublished":"2026-05-29T08:12:53+00:00","dateModified":"2026-06-02T10:09:43+00:00","description":"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9","breadcrumb":{"@id":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/swawe.fr\/"},{"@type":"ListItem","position":2,"name":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d’acc\u00e8s | SWAWE"}]},{"@type":"WebSite","@id":"https:\/\/swawe.fr\/#website","url":"https:\/\/swawe.fr\/","name":"Swawe","description":"Your Compliance Companion","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swawe.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages\/2511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/comments?post=2511"}],"version-history":[{"count":4,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages\/2511\/revisions"}],"predecessor-version":[{"id":2517,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages\/2511\/revisions\/2517"}],"wp:attachment":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/media?parent=2511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2511,"date":"2026-05-29T08:12:53","date_gmt":"2026-05-29T08:12:53","guid":{"rendered":"https:\/\/swawe.fr\/?page_id=2511"},"modified":"2026-06-02T10:09:43","modified_gmt":"2026-06-02T10:09:43","slug":"checklist-sod-sap-detecter-et-piloter-les-conflits-acces","status":"publish","type":"page","link":"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","title":{"rendered":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d’acc\u00e8s | SWAWE"},"content":{"rendered":"

[et_pb_section fb_built=\u00a0\u00bb1″ _builder_version=\u00a0\u00bb4.27.4″ _module_preset=\u00a0\u00bbdefault\u00a0\u00bb global_colors_info=\u00a0\u00bb{}\u00a0\u00bb][et_pb_row _builder_version=\u00a0\u00bb4.27.4″ _module_preset=\u00a0\u00bbdefault\u00a0\u00bb global_colors_info=\u00a0\u00bb{}\u00a0\u00bb][et_pb_column type=\u00a0\u00bb4_4″ _builder_version=\u00a0\u00bb4.27.4″ _module_preset=\u00a0\u00bbdefault\u00a0\u00bb global_colors_info=\u00a0\u00bb{}\u00a0\u00bb][et_pb_code _builder_version=\u00a0\u00bb4.27.4″ _module_preset=\u00a0\u00bbdefault\u00a0\u00bb hover_enabled=\u00a0\u00bb0″ global_colors_info=\u00a0\u00bb{}\u00a0\u00bb sticky_enabled=\u00a0\u00bb0″]Diagnostic SoD SAP \u2013 \u00c9valuez votre maturit\u00e9 | SWAWE<\/title><link href=\"https:\/\/fonts.googleapis.com\/css2?family=Days+One&family=DM+Sans:opsz,wght@9..40,300;9..40,400;9..40,500;9..40,600&display=swap\" rel=\"stylesheet\"><\/p>\n<style>*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}:root{ --navy:#004899;--navy-dk:#003370;--navy-lt:#EAF1FB; --orange:#ef7e26;--orange-lt:#FEF0E4; --sky:#31ade4;--sky-lt:#E3F4FC; --green:#00a878;--green-lt:#e0f7f1; --bg:#F2F6FB;--surface:#fff; --text:#1a2540;--muted:#5a6b8a;--border:#D9E4F0; --radius:14px;--shadow:0 2px 16px rgba(0,72,153,.10)}body{font-family:'DM Sans',sans-serif;background:var(--bg);color:var(--text);font-size:16px;min-height:100vh;padding:2rem 1rem 5rem}.wrap{max-width:780px;margin:0 auto}\/* \u2500\u2500 HEADER \u2500\u2500 *\/.hero{text-align:center;margin-bottom:2rem}.badge{display:inline-block;background:var(--navy);color:#fff;font-size:.68rem;font-weight:700;letter-spacing:.09em;text-transform:uppercase;padding:.3rem 1rem;border-radius:999px;margin-bottom:1rem}.hero h1{font-family:'Days One',sans-serif;font-size:clamp(1.6rem,4vw,2.2rem);color:var(--navy);line-height:1.2;margin-bottom:.75rem}.hero h1 em{font-style:normal;color:var(--orange)}.hero p{font-size:.97rem;color:var(--muted);max-width:560px;margin:0 auto 1.25rem;line-height:1.65}.audience-tags{display:flex;justify-content:center;gap:.5rem;flex-wrap:wrap;margin-bottom:.5rem}.aud-tag{font-size:.75rem;font-weight:500;padding:.25rem .85rem;border-radius:999px;border:1.5px solid}.aud-tag.p{background:var(--navy-lt);color:var(--navy);border-color:#b8d0ed}.aud-tag.m{background:var(--orange-lt);color:#b35a10;border-color:#f4c494}\/* \u2500\u2500 SCORE HEADER \u2500\u2500 *\/.score-header{background:var(--surface);border-radius:var(--radius);padding:1.1rem 1.5rem;box-shadow:var(--shadow);margin-bottom:2rem;display:flex;align-items:center;gap:1.25rem}.score-bar-bg{flex:1;height:12px;background:var(--border);border-radius:999px;overflow:hidden}.score-bar-fill{height:100%;width:0%;border-radius:999px;transition:width .5s ease;background:linear-gradient(90deg,var(--sky),var(--navy))}.score-info{min-width:120px;text-align:right}.score-pts{font-size:1rem;font-weight:700;color:var(--navy)}.score-pct{font-size:.75rem;color:var(--muted)}\/* \u2500\u2500 SECTION \u2500\u2500 *\/.section{margin-bottom:1.75rem}.section-header{display:flex;align-items:flex-start;gap:.85rem;margin-bottom:.75rem;padding:0 .2rem}.step-pill{min-width:34px;height:34px;border-radius:50%;background:var(--navy);color:#fff;font-size:.8rem;font-weight:700;display:flex;align-items:center;justify-content:center;flex-shrink:0;margin-top:2px}.section-title{font-size:1rem;font-weight:600;color:var(--navy);line-height:1.3}.section-subtitle{font-size:.78rem;color:var(--muted);margin-top:.15rem;line-height:1.4}\/* \u2500\u2500 QUESTION CARD \u2500\u2500 *\/.q-card{background:var(--surface);border-radius:var(--radius);box-shadow:var(--shadow);margin-bottom:.85rem;overflow:hidden;border:2px solid transparent;transition:border-color .2s}.q-card.answered{border-color:var(--sky)}.q-card.answered-no{border-color:var(--orange)}.q-body{padding:1rem 1.25rem}.q-top{display:flex;align-items:flex-start;gap:.5rem;margin-bottom:.85rem;flex-wrap:wrap}.q-num{font-size:.7rem;font-weight:700;color:var(--muted);flex-shrink:0;margin-top:3px}.q-text{font-size:.95rem;font-weight:600;color:var(--text);line-height:1.45;flex:1}\/* \u2500\u2500 R\u00c9PONSES \u2500\u2500 *\/.q-answers{display:grid;grid-template-columns:repeat(3,1fr);gap:.5rem}.ans-btn{border:2px solid var(--border);background:#fff;border-radius:10px;padding:.65rem .5rem;cursor:pointer;font-family:'DM Sans',sans-serif;font-size:.82rem;font-weight:600;color:var(--muted);text-align:center;transition:all .18s;line-height:1.3}.ans-btn:hover{border-color:var(--sky);color:var(--navy);background:var(--sky-lt)}.ans-btn.selected-oui{border-color:var(--green);background:var(--green-lt);color:var(--green)}.ans-btn.selected-partiel{border-color:var(--orange);background:var(--orange-lt);color:#b35a10}.ans-btn.selected-non{border-color:#e53e3e;background:#fff5f5;color:#c53030}.ans-icon{display:block;font-size:1.1rem;margin-bottom:.2rem}.ans-pts{display:block;font-size:.65rem;font-weight:400;opacity:.75;margin-top:.1rem}\/* \u2500\u2500 FEEDBACK \u2500\u2500 *\/.q-feedback{padding:.65rem 1.25rem;font-size:.8rem;line-height:1.5;border-top:1px solid var(--border);display:none;color:var(--muted)}.q-feedback.show{display:block}.q-feedback.fb-oui{background:var(--green-lt);color:#0a6b52;border-top-color:#b0e8d8}.q-feedback.fb-partiel{background:var(--orange-lt);color:#7a3d00;border-top-color:#f4c494}.q-feedback.fb-non{background:#fff5f5;color:#9b2c2c;border-top-color:#fed7d7}\/* \u2500\u2500 R\u00c9SULTAT \u2500\u2500 *\/.result-panel{display:none;background:var(--surface);border-radius:var(--radius);box-shadow:var(--shadow);overflow:hidden;margin-top:2rem}.result-panel.show{display:block}.result-top{padding:2rem;text-align:center;color:#fff}.result-top.niveau-0{background:linear-gradient(135deg,#c53030,#e53e3e)}.result-top.niveau-1{background:linear-gradient(135deg,#b35a10,var(--orange))}.result-top.niveau-2{background:linear-gradient(135deg,#1A5FA8,var(--sky))}.result-top.niveau-3{background:linear-gradient(135deg,var(--navy-dk),var(--navy))}.result-score-circle{width:90px;height:90px;border-radius:50%;background:rgba(255,255,255,.2);border:3px solid rgba(255,255,255,.5);display:flex;flex-direction:column;align-items:center;justify-content:center;margin:0 auto 1rem}.result-score-val{font-family:'Days One',sans-serif;font-size:1.8rem;line-height:1;color:#fff}.result-score-max{font-size:.65rem;opacity:.7;color:#fff}.result-niveau{font-family:'Days One',sans-serif;font-size:1.25rem;color:#fff;margin-bottom:.4rem}.result-desc{font-size:.88rem;color:rgba(255,255,255,.82);line-height:1.6;max-width:480px;margin:0 auto}.result-body{padding:1.5rem 2rem}.result-body h3{font-size:.9rem;font-weight:700;color:var(--navy);margin-bottom:.75rem;text-transform:uppercase;letter-spacing:.05em}.priority-list{list-style:none;display:flex;flex-direction:column;gap:.5rem;margin-bottom:1.5rem}.priority-list li{display:flex;align-items:flex-start;gap:.6rem;font-size:.875rem;color:var(--text);line-height:1.5}.priority-list li::before{content:\"\u2192\";color:var(--orange);font-weight:700;flex-shrink:0;margin-top:.1rem}.stats-strip{display:grid;grid-template-columns:repeat(3,1fr);gap:1rem;background:var(--bg);border-radius:10px;padding:1rem;margin-bottom:1.5rem}.stat-block{text-align:center}.stat-val{font-family:'Days One',sans-serif;font-size:1.3rem;color:var(--orange)}.stat-lbl{font-size:.72rem;color:var(--muted);margin-top:.15rem;line-height:1.3}.result-cta{display:flex;align-items:center;justify-content:space-between;gap:1rem;flex-wrap:wrap;background:linear-gradient(135deg,var(--navy-dk),var(--navy));border-radius:10px;padding:1.25rem 1.5rem}.result-cta-text h4{font-size:.95rem;font-weight:700;color:#fff;margin-bottom:.2rem}.result-cta-text p{font-size:.78rem;color:rgba(255,255,255,.7);margin:0}.btn-cta{background:var(--orange);color:#fff;font-weight:700;font-size:.875rem;padding:.65rem 1.5rem;border-radius:999px;text-decoration:none;white-space:nowrap;transition:filter .2s;display:inline-block}.btn-cta:hover{filter:brightness(1.1)}.voir-resultat-btn{background:var(--orange);color:#fff;font-family:'DM Sans',sans-serif;font-weight:700;font-size:1rem;padding:.8rem 2.5rem;border:none;border-radius:999px;cursor:pointer;transition:filter .2s;box-shadow:0 4px 16px rgba(239,126,38,.35)}.voir-resultat-btn:hover{filter:brightness(1.1)}.questions-restantes{font-size:.8rem;color:var(--muted);margin-top:.6rem}.reset-btn:hover{border-color:var(--navy);color:var(--navy)}\/* \u2500\u2500 BLOC SWAWE BAS DE PAGE \u2500\u2500 *\/.swawe-bloc{background:var(--navy);border-radius:var(--radius);overflow:hidden;margin-top:2.5rem;box-shadow:var(--shadow)}.swawe-bloc-header{text-align:center;padding:2rem 2rem 1.5rem}.swawe-bloc-label{font-size:.68rem;font-weight:700;text-transform:uppercase;letter-spacing:.1em;color:var(--orange);margin-bottom:.6rem}.swawe-bloc-title{font-family:'Days One',sans-serif;font-size:1.35rem;color:#fff;line-height:1.25;margin-bottom:.5rem}.swawe-bloc-sub{font-size:.875rem;color:rgba(255,255,255,.6);line-height:1.5}.swawe-features{display:grid;grid-template-columns:repeat(auto-fit,minmax(180px,1fr));gap:0;border-top:1px solid rgba(255,255,255,.1);border-bottom:1px solid rgba(255,255,255,.1)}.swawe-feat{padding:1.25rem 1.3rem;border-right:1px solid rgba(255,255,255,.1)}.swawe-feat:last-child{border-right:none}.swawe-feat-icon{font-size:1.3rem;margin-bottom:.5rem}.swawe-feat-title{font-size:.875rem;font-weight:600;color:var(--orange);margin-bottom:.35rem;line-height:1.3}.swawe-feat-desc{font-size:.78rem;color:rgba(255,255,255,.62);line-height:1.55}.swawe-stats{display:grid;grid-template-columns:repeat(3,1fr);padding:1.25rem 1.5rem;gap:1rem;border-bottom:1px solid rgba(255,255,255,.1)}.swawe-stat{text-align:center}.swawe-stat-val{font-family:'Days One',sans-serif;font-size:1.4rem;color:var(--orange)}.swawe-stat-lbl{font-size:.72rem;color:rgba(255,255,255,.5);margin-top:.15rem;line-height:1.3}.swawe-cta{display:flex;align-items:center;justify-content:space-between;gap:1rem;flex-wrap:wrap;padding:1.5rem 2rem}footer{text-align:center;margin-top:3rem;font-size:.73rem;color:var(--muted)}footer a{color:var(--muted)}<\/style>\n<p><\/head><body><\/p>\n<div class=\"wrap\"><\/p>\n<header class=\"hero\"> <\/p>\n<div class=\"badge\">Diagnostic SoD \u00b7 SWAWE<\/div>\n<p> <\/p>\n<h1>\u00c9valuez votre maturit\u00e9<!\u2013- [et_pb_br_holder] -\u2013><em>SoD dans SAP<\/em><\/h1>\n<p> <pee>R\u00e9pondez \u00e0 19 questions (Oui \/ Partiel \/ Non) et obtenez un score de maturit\u00e9 personnalis\u00e9 avec les priorit\u00e9s \u00e0 traiter.<\/pee><\/header>\n<p><\/p>\n<div class=\"score-header\"> <\/p>\n<div class=\"score-bar-bg\">\n<div class=\"score-bar-fill\" id=\"score-fill\"><\/div>\n<\/div>\n<p> <\/p>\n<div class=\"score-info\"> <\/p>\n<div class=\"score-pts\" id=\"score-pts\">0 \/ 38 pts<\/div>\n<p> <\/p>\n<div class=\"score-pct\" id=\"score-pct\">0 % de maturit\u00e9<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">0<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Diagnostic pr\u00e9alable \u2014 Gouvernance & maturit\u00e9 actuelle<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">\u00c9valuation du point de d\u00e9part avant toute d\u00e9marche SoD<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q1\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q1<\/span> <span class=\"q-text\">Disposez-vous d’une matrice SoD document\u00e9e et \u00e0 jour ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q1','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q1','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q1','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q1-oui\">\u2705 Bonne base. V\u00e9rifiez qu’elle est valid\u00e9e par les \u00e9quipes m\u00e9tiers (pas uniquement IT) et r\u00e9vis\u00e9e \u00e0 chaque \u00e9volution majeure du syst\u00e8me.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q1-partiel\">\u26a0\ufe0f Une matrice partielle est mieux que rien \u2014 mais les processus non couverts constituent des angles morts complets pour votre audit.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q1-non\">\u274c C’est le point de d\u00e9part prioritaire. Sans matrice, toutes vos analyses SoD reposent sur des bases instables et inopposables \u00e0 un auditeur.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q2\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q2<\/span> <span class=\"q-text\">Votre derni\u00e8re revue des droits d’acc\u00e8s date de moins de 6 mois ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q2','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q2','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q2','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q2-oui\">\u2705 Bonne cadence. Pour les organisations soumises \u00e0 SOX ou Sapin II, une revue trimestrielle voire continue est recommand\u00e9e.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q2-partiel\">\u26a0\ufe0f Une revue partielle laisse des p\u00e9rim\u00e8tres entiers sans contr\u00f4le. Les d\u00e9parts et changements de poste non refl\u00e9t\u00e9s cr\u00e9ent des risques r\u00e9els.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q2-non\">\u274c Au-del\u00e0 de 6 mois, les mouvements de personnel rendent les r\u00e9sultats non fiables. Votre situation actuelle est probablement tr\u00e8s diff\u00e9rente de votre derni\u00e8re analyse.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q3\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q3<\/span> <span class=\"q-text\">Un propri\u00e9taire de risque est-il identifi\u00e9 pour chaque processus m\u00e9tier (Finance, Achats, RH\u2026) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q3','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q3','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q3','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q3-oui\">\u2705 Excellent. Un ownership clair est la condition sine qua non pour que les rem\u00e9diations aboutissent r\u00e9ellement.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q3-partiel\">\u26a0\ufe0f Les processus sans propri\u00e9taire identifi\u00e9 ne seront jamais rem\u00e9di\u00e9s efficacement \u2014 les conflits y persistent ind\u00e9finiment.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q3-non\">\u274c Sans ownership, aucune rem\u00e9diation n’aboutit. La gouvernance SoD doit \u00eatre port\u00e9e par les m\u00e9tiers, pas uniquement par l’IT.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">1<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Construction de la matrice SoD<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">Qualit\u00e9 et profondeur du r\u00e9f\u00e9rentiel d’incompatibilit\u00e9s<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q4\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q4<\/span> <span class=\"q-text\">Votre matrice SoD couvre-t-elle les processus Achats, Ventes, Comptabilit\u00e9 et Ressources humaines \/ Paie g\u00e9r\u00e9s dans SAP ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q4','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q4','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q4','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q4-oui\">\u2705 Les domaines prioritaires sont couverts. Notez que certains processus (comme la RH\/Paie) sont parfois g\u00e9r\u00e9s hors SAP \u2014 v\u00e9rifiez bien le p\u00e9rim\u00e8tre r\u00e9el de votre analyse.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q4-partiel\">\u26a0\ufe0f Les processus non couverts sont des angles morts. Attention : si certains processus (ex. RH\/Paie) ne sont pas dans SAP, il faut l’identifier explicitement plut\u00f4t que de laisser la question sans r\u00e9ponse.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q4-non\">\u274c Achats, Ventes et Comptabilit\u00e9 concentrent la majorit\u00e9 des risques de fraude. Commencez par ces domaines \u2014 et v\u00e9rifiez si RH\/Paie est g\u00e9r\u00e9 dans SAP ou dans un autre syst\u00e8me.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q5\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q5<\/span> <span class=\"q-text\">Vos r\u00e8gles SoD descendent-elles au niveau des objets d’autorisation SAP (au-del\u00e0 des simples t-codes) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q5','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q5','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q5','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q5-oui\">\u2705 C’est le niveau d’analyse le plus pr\u00e9cis. Vos r\u00e9sultats sont probablement bien moins pollu\u00e9s par les faux positifs.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q5-partiel\">\u26a0\ufe0f Une analyse t-code seulement g\u00e9n\u00e8re 40 \u00e0 60 % de faux positifs. Votre \u00e9quipe passe du temps \u00e0 traiter des conflits qui n’en sont pas r\u00e9ellement.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q5-non\">\u274c Sans analyse au niveau des objets d’autorisation (ACTVT, BUKRS\u2026), vos r\u00e9sultats contiennent probablement entre 40 et 60 % de faux positifs \u2014 ce qui nuit \u00e0 la cr\u00e9dibilit\u00e9 de toute votre d\u00e9marche GRC.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q6\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q6<\/span> <span class=\"q-text\">Chaque r\u00e8gle SoD dispose-t-elle d’un niveau de criticit\u00e9 (Haute \/ Moyenne \/ Basse) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q6','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q6','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q6','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q6-oui\">\u2705 La priorisation est la cl\u00e9 d’une d\u00e9marche efficace. Vos \u00e9quipes peuvent concentrer l’effort l\u00e0 o\u00f9 le risque est r\u00e9el.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q6-partiel\">\u26a0\ufe0f Sans priorisation compl\u00e8te, certains conflits critiques risquent d’\u00eatre trait\u00e9s avec la m\u00eame urgence que des conflits mineurs.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q6-non\">\u274c Sans priorisation, les \u00e9quipes traitent tous les conflits avec la m\u00eame urgence \u2014 et s’\u00e9puisent sur des risques mineurs au d\u00e9triment des vrais enjeux.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q7\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q7<\/span> <span class=\"q-text\">La matrice a-t-elle \u00e9t\u00e9 co-valid\u00e9e par les \u00e9quipes m\u00e9tiers ET le contr\u00f4le interne (pas uniquement l’IT) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q7','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q7','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q7','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q7-oui\">\u2705 Une matrice co-sign\u00e9e par les m\u00e9tiers est indiscutable lors d’un audit. C’est votre meilleure protection.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q7-partiel\">\u26a0\ufe0f Une validation partielle fragilise votre position. Les auditeurs externes v\u00e9rifieront syst\u00e9matiquement qui a approuv\u00e9 quoi.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q7-non\">\u274c Une matrice valid\u00e9e uniquement par l’IT sera contest\u00e9e lors d’un audit externe. Les propri\u00e9taires de processus (DAF, Responsable Achats, DRH\u2026) doivent imp\u00e9rativement co-signer.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">2<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Analyse des acc\u00e8s SoD dans SAP<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">Qualit\u00e9 et profondeur de la d\u00e9tection des conflits<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q8\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q8<\/span> <span class=\"q-text\">Vos comptes utilisateurs d\u00e9sactiv\u00e9s ont-ils bien \u00e9t\u00e9 archiv\u00e9s et leurs droits d’acc\u00e8s supprim\u00e9s dans SAP ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q8','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q8','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q8','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q8-oui\">\u2705 Bonne hygi\u00e8ne des identit\u00e9s. Un compte d\u00e9sactiv\u00e9 sans droits retir\u00e9s reste un vecteur d’acc\u00e8s potentiel \u2014 vous avez bien trait\u00e9 ce risque.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q8-partiel\">\u26a0\ufe0f Des comptes d\u00e9sactiv\u00e9s avec des droits encore actifs signalent un processus d’archivage incomplet. C’est un risque r\u00e9el d’acc\u00e8s non autoris\u00e9 \u00e0 corriger.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q8-non\">\u274c Un compte d\u00e9sactiv\u00e9 dont les droits n’ont pas \u00e9t\u00e9 supprim\u00e9s reste exploitable. Cela r\u00e9v\u00e8le un probl\u00e8me dans votre proc\u00e9dure de d\u00e9part\/changement de poste \u2014 \u00e0 corriger en priorit\u00e9.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q9\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q9<\/span> <span class=\"q-text\">Croisez-vous les habilitations th\u00e9oriques avec les transactions r\u00e9ellement ex\u00e9cut\u00e9es (logs SAP) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q9','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q9','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q9','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q9-oui\">\u2705 Vous distinguez les risques dormants des risques actifs. Votre priorisation des rem\u00e9diations est bien plus efficace.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q9-partiel\">\u26a0\ufe0f Un croisement partiel laisse des zones d’ombre. Certains risques av\u00e9r\u00e9s peuvent passer inaper\u00e7us.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q9-non\">\u274c Sans croisement avec les logs (SM20, STAD), vous traitez tous les conflits th\u00e9oriques avec la m\u00eame urgence \u2014 y compris ceux qui n’ont jamais \u00e9t\u00e9 exerc\u00e9s depuis des ann\u00e9es.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q10\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q10<\/span> <span class=\"q-text\">Simulez-vous l’impact d’un changement de r\u00f4le avant de le d\u00e9ployer en production ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q10','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q10','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q10','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q10-oui\">\u2705 Z\u00e9ro surprise post-d\u00e9ploiement. Vous anticipez les effets de bord avant qu’ils ne surviennent.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q10-partiel\">\u26a0\ufe0f Chaque d\u00e9ploiement sans simulation compl\u00e8te est un risque de cr\u00e9er de nouveaux conflits sans le savoir.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q10-non\">\u274c Chaque rem\u00e9diation non simul\u00e9e peut cr\u00e9er de nouveaux conflits. Vous risquez de traiter un probl\u00e8me en en cr\u00e9ant trois autres.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q11\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q11<\/span> <span class=\"q-text\">Vos rapports SoD sont-ils directement lisibles et exploitables par les managers m\u00e9tiers, sans interm\u00e9diaire IT ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q11','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q11','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q11','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q11-oui\">\u2705 Vos managers peuvent prendre des d\u00e9cisions de rem\u00e9diation sans d\u00e9pendre de l’IT. C’est un facteur cl\u00e9 de rapidit\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q11-partiel\">\u26a0\ufe0f Chaque passage par l’IT pour interpr\u00e9ter les r\u00e9sultats ralentit les d\u00e9cisions et cr\u00e9e des goulots d’\u00e9tranglement.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q11-non\">\u274c Des rapports incompr\u00e9hensibles pour les m\u00e9tiers = des rem\u00e9diations qui tardent. La gouvernance SoD doit parler le langage du risque, pas de la technique SAP.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"section\"> <\/p>\n<div class=\"section-header\"> <\/p>\n<div class=\"step-pill\">3<\/div>\n<p> <\/p>\n<div> <\/p>\n<div class=\"section-title\">Industrialisation & pilotage continu<\/div>\n<p> <\/p>\n<div class=\"section-subtitle\">Automatisation, tra\u00e7abilit\u00e9 et maturit\u00e9 op\u00e9rationnelle<\/div>\n<p> <\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q12\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q12<\/span> <span class=\"q-text\">Vos analyses SoD sont-elles automatis\u00e9es (sans extraction manuelle Excel \/ SUIM) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q12','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q12','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q12','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q12-oui\">\u2705 Vous avez \u00e9limin\u00e9 le risque d’erreur humaine sur les grands volumes. Vos analyses sont reproductibles et fiables.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q12-partiel\">\u26a0\ufe0f L’automatisation partielle laisse des p\u00e9rim\u00e8tres expos\u00e9s aux erreurs manuelles \u2014 souvent pr\u00e9cis\u00e9ment l\u00e0 o\u00f9 les risques sont les plus \u00e9lev\u00e9s.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q12-non\">\u274c Les extractions Excel de plus de 50 000 lignes g\u00e9n\u00e8rent syst\u00e9matiquement des erreurs. Un seul fichier corrompu peut invalider tout un audit externe.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q13\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q13<\/span> <span class=\"q-text\">Une alerte se d\u00e9clenche-t-elle automatiquement \u00e0 chaque cr\u00e9ation ou modification de r\u00f4le SAP ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q13','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q13','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q13','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q13-oui\">\u2705 Vous d\u00e9tectez les nouveaux conflits avant qu’ils ne soient exploit\u00e9s. C’est le niveau de maturit\u00e9 le plus avanc\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q13-partiel\">\u26a0\ufe0f Sans alerte syst\u00e9matique, certaines modifications de r\u00f4les passent sous les radars entre deux revues \u2014 parfois pendant des mois.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q13-non\">\u274c D\u00e9tecter apr\u00e8s coup, c’est d\u00e9j\u00e0 trop tard. Les nouveaux conflits cr\u00e9\u00e9s entre deux revues peuvent rester actifs pendant des mois sans \u00eatre d\u00e9tect\u00e9s.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q14\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q14<\/span> <span class=\"q-text\">Toutes vos actions correctives sont-elles trac\u00e9es avec date, responsable et justification ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q14','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q14','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q14','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q14-oui\">\u2705 Vous \u00eates pr\u00eat \u00e0 tout moment pour un audit. Votre tra\u00e7abilit\u00e9 est votre meilleure preuve de contr\u00f4le.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q14-partiel\">\u26a0\ufe0f Une tra\u00e7abilit\u00e9 incompl\u00e8te fragilise votre position lors d’un audit \u2014 m\u00eame si les rem\u00e9diations ont \u00e9t\u00e9 effectu\u00e9es.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q14-non\">\u274c Un auditeur demandera syst\u00e9matiquement la preuve que les risques ont \u00e9t\u00e9 trait\u00e9s \u2014 par qui, quand, pour quelle raison. Sans tra\u00e7abilit\u00e9, votre d\u00e9marche n’est pas opposable.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q15\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q15<\/span> <span class=\"q-text\">Disposez-vous d’un processus formalis\u00e9 de d\u00e9rogation avec contr\u00f4le compensatoire pour les conflits in\u00e9vitables ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q15','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q15','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q15','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q15-oui\">\u2705 Votre approche est mature et r\u00e9aliste. Les conflits in\u00e9vitables sont encadr\u00e9s sans paralyser l’activit\u00e9 op\u00e9rationnelle.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q15-partiel\">\u26a0\ufe0f Un processus de d\u00e9rogation incomplet laisse des conflits sans encadrement \u2014 ni rem\u00e9diation, ni contr\u00f4le compensatoire document\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q15-non\">\u274c Certains conflits sont in\u00e9vitables (petites structures, postes cumul\u00e9s). L’inaction silencieuse n’est jamais acceptable. Une d\u00e9rogation document\u00e9e + contr\u00f4le compensatoire est la bonne r\u00e9ponse.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q16\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q16<\/span> <span class=\"q-text\">Couvrez-vous l’ensemble de vos syst\u00e8mes SAP dans l’analyse (ECC, S\/4HANA, BW, SRM\u2026) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q16','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q16','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q16','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q16-oui\">\u2705 Couverture compl\u00e8te. Les conflits inter-syst\u00e8mes \u2014 souvent les plus dangereux \u2014 sont inclus dans votre p\u00e9rim\u00e8tre d’analyse.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q16-partiel\">\u26a0\ufe0f Les syst\u00e8mes non couverts sont des angles morts. Un utilisateur peut cumuler des droits dangereux sur deux syst\u00e8mes diff\u00e9rents sans que cela ne soit d\u00e9tect\u00e9.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q16-non\">\u274c Les conflits inter-syst\u00e8mes sont les plus souvent ignor\u00e9s et les plus dangereux. Un p\u00e9rim\u00e8tre limit\u00e9 \u00e0 un seul syst\u00e8me SAP laisse des risques majeurs non d\u00e9tect\u00e9s.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q17\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q17<\/span> <span class=\"q-text\">Pouvez-vous produire un rapport de conformit\u00e9 SoD \u00e0 tout moment, sans d\u00e9lai de pr\u00e9paration ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q17','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q17','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q17','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q17-oui\">\u2705 Vous abordez les audits avec s\u00e9r\u00e9nit\u00e9. La preuve de contr\u00f4le est disponible \u00e0 tout moment, sans stress de derni\u00e8re minute.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q17-partiel\">\u26a0\ufe0f Un rapport de conformit\u00e9 partiel fragilise votre position face aux auditeurs et aux instances de direction.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q17-non\">\u274c L’objectif final n’est pas de survivre \u00e0 l’audit, mais de l’aborder avec confiance. Un reporting continu est la seule fa\u00e7on d’y parvenir.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q18\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q18<\/span> <span class=\"q-text\">Votre organisation dispose-t-elle d’une vision continue et actualis\u00e9e de ses risques SoD (pas uniquement lors des audits) ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q18','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q18','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q18','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q18-oui\">\u2705 F\u00e9licitations \u2014 c’est le niveau de maturit\u00e9 le plus avanc\u00e9. Votre gouvernance SoD est un pilier actif de votre strat\u00e9gie GRC.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q18-partiel\">\u26a0\ufe0f Une vision discontinue laisse des fen\u00eatres d’exposition entre les revues. Les risques peuvent s’accumuler sans \u00eatre d\u00e9tect\u00e9s pendant des mois.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q18-non\">\u274c Une analyse uniquement lors des audits, c’est naviguer \u00e0 vue 90 % du temps. La d\u00e9tection continue est la seule approche compatible avec les exigences r\u00e9glementaires modernes.<\/div>\n<p> <\/div>\n<p>  <\/p>\n<div class=\"q-card\" id=\"q19\"> <\/p>\n<div class=\"q-body\"> <\/p>\n<div class=\"q-top\"> <span class=\"q-num\">Q19<\/span> <span class=\"q-text\">Vos comptes de service et comptes RFC font-ils l’objet d’une analyse SoD sp\u00e9cifique et d’une politique de s\u00e9curit\u00e9 d\u00e9di\u00e9e ?<\/span> <\/div>\n<p> <\/p>\n<div class=\"q-answers\"> <button class=\"ans-btn\" onclick=\"answer('q19','oui',2)\"><span class=\"ans-icon\">\u2705<\/span>Oui<span class=\"ans-pts\">+2 pts<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q19','partiel',1)\"><span class=\"ans-icon\">\u26a0\ufe0f<\/span>Partiel<span class=\"ans-pts\">+1 pt<\/span><\/button> <button class=\"ans-btn\" onclick=\"answer('q19','non',0)\"><span class=\"ans-icon\">\u274c<\/span>Non<span class=\"ans-pts\">+0 pt<\/span><\/button> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-oui\" id=\"q19-oui\">\u2705 Excellent. Les comptes de service sont parmi les plus expos\u00e9s \u2014 les analyser et les encadrer avec une politique d\u00e9di\u00e9e d\u00e9montre une maturit\u00e9 SoD avanc\u00e9e.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-partiel\" id=\"q19-partiel\">\u26a0\ufe0f Une couverture partielle laisse des comptes techniques sans encadrement. Un compte RFC sans politique de mot de passe ni analyse SoD est une porte d’entr\u00e9e tr\u00e8s expos\u00e9e.<\/div>\n<p> <\/p>\n<div class=\"q-feedback fb-non\" id=\"q19-non\">\u274c Les comptes de service et RFC sont les plus dangereux : souvent dot\u00e9s de droits tr\u00e8s \u00e9tendus, sans MFA, sans politique de mot de passe stricte, et rarement revus. Ils doivent absolument \u00eatre inclus dans vos analyses SoD.<\/div>\n<p> <\/div>\n<p><\/div>\n<p><\/p>\n<div style=\"text-align:center;margin:1.5rem 0\"> <button class=\"voir-resultat-btn\" id=\"voir-resultat-btn\" onclick=\"showResult(currentPts(), currentPct())\" style=\"display:none\"> Voir mon r\u00e9sultat \u2192 <\/button> <\/p>\n<div class=\"questions-restantes\" id=\"questions-restantes\"><\/div>\n<p><\/div>\n<p><\/p>\n<div class=\"result-panel\" id=\"result-panel\"> <\/p>\n<div class=\"result-top\" id=\"result-top\"> <\/p>\n<div class=\"result-score-circle\"> <span class=\"result-score-val\" id=\"res-score\">0<\/span> <span class=\"result-score-max\">\/ 38 pts<\/span> <\/div>\n<p> <\/p>\n<div class=\"result-niveau\" id=\"res-niveau\">\u2014<\/div>\n<p> <\/p>\n<div class=\"result-desc\" id=\"res-desc\">\u2014<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"result-body\"> <\/p>\n<div class=\"stats-strip\"> <\/p>\n<div class=\"stat-block\">\n<div class=\"stat-val\" id=\"res-oui\">0<\/div>\n<div class=\"stat-lbl\">r\u00e9ponses<!\u2013- [et_pb_br_holder] -\u2013>Oui<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"stat-block\">\n<div class=\"stat-val\" id=\"res-partiel\">0<\/div>\n<div class=\"stat-lbl\">r\u00e9ponses<!\u2013- [et_pb_br_holder] -\u2013>Partielles<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"stat-block\">\n<div class=\"stat-val\" id=\"res-non\">0<\/div>\n<div class=\"stat-lbl\">r\u00e9ponses<!\u2013- [et_pb_br_holder] -\u2013>Non<\/div>\n<\/div>\n<p> <\/div>\n<p> <\/p>\n<h3>Vos priorit\u00e9s d’action<\/h3>\n<p> <\/p>\n<ul class=\"priority-list\" id=\"res-priorities\"><\/ul>\n<p> <\/p>\n<div class=\"result-cta\"> <\/p>\n<div class=\"result-cta-text\"> <\/p>\n<h4>Discutons de votre situation<\/h4>\n<p> <pee>Nos experts SWAWE analysent vos r\u00e9sultats et vous proposent un plan d’action personnalis\u00e9.<\/pee> <\/div>\n<p> <a href=\"https:\/\/swawe.fr\/demande-de-demo\/\" class=\"btn-cta\">Demander une d\u00e9mo \u2192<\/a> <\/div>\n<p> <\/div>\n<p><\/div>\n<p><button class=\"reset-btn\" onclick=\"resetAll()\">\u21ba Recommencer le diagnostic<\/button><\/p>\n<div class=\"swawe-bloc\"> <\/p>\n<div class=\"swawe-bloc-header\"> <\/p>\n<div class=\"swawe-bloc-label\">Pourquoi SWAWE<\/div>\n<p> <\/p>\n<h2 class=\"swawe-bloc-title\">Ce que SWAWE change concr\u00e8tement sur votre SoD<\/h2>\n<p> <pee class=\"swawe-bloc-sub\">\u00c9valuez votre solution actuelle \u2014 chaque \u00ab\u00a0non\u00a0\u00bb est un risque non couvert<\/pee> <\/div>\n<p> <\/p>\n<div class=\"swawe-features\"> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\ud83c\udfaf<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">Analyse \u00e0 l’objet d’autorisation<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Le niveau le plus fin de SAP \u2014 \u00e9limine les 40 \u00e0 60 % de faux positifs que les analyses t-code classiques g\u00e9n\u00e8rent en masse.<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\u26a1<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">Simulation en temps r\u00e9el<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Visualiser l’impact d’un changement de r\u00f4le avant de l’appliquer \u2014 z\u00e9ro surprise post-d\u00e9ploiement.<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\ud83d\udcca<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">Tableaux de bord m\u00e9tiers<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Rapports lisibles par Finance, Achats, RH \u2014 sans passer par l’\u00e9quipe IT pour interpr\u00e9ter les r\u00e9sultats.<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-feat\"> <\/p>\n<div class=\"swawe-feat-icon\">\ud83d\udd04<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-title\">D\u00e9tection continue<\/div>\n<p> <\/p>\n<div class=\"swawe-feat-desc\">Chaque modification de r\u00f4le d\u00e9clenche automatiquement une v\u00e9rification SoD. Fini les angles morts entre deux revues annuelles.<\/div>\n<p> <\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-stats\"> <\/p>\n<div class=\"swawe-stat\">\n<div class=\"swawe-stat-val\">+7 000<\/div>\n<div class=\"swawe-stat-lbl\">analyses de risques r\u00e9alis\u00e9es<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"swawe-stat\">\n<div class=\"swawe-stat-val\">+29 000<\/div>\n<div class=\"swawe-stat-lbl\">utilisateurs SAP sous contr\u00f4le<\/div>\n<\/div>\n<p> <\/p>\n<div class=\"swawe-stat\">\n<div class=\"swawe-stat-val\">\u221274 %<\/div>\n<div class=\"swawe-stat-lbl\">de risques SoD constat\u00e9s<\/div>\n<\/div>\n<p> <\/div>\n<p> <\/p>\n<div class=\"swawe-cta\"> <\/p>\n<div class=\"swawe-cta-text\"> <\/p>\n<h3 style=\"color:#fff;font-family:'Days One',sans-serif;font-size:1.1rem;margin-bottom:.3rem;\">Pr\u00eat \u00e0 aller plus loin ?<\/h3>\n<p> <pee style=\"color:rgba(255,255,255,.75);font-size:.875rem;margin:0;\">Nos experts analysent vos r\u00e9sultats et vous proposent un plan d’action personnalis\u00e9.<\/pee> <\/div>\n<p> <a href=\"https:\/\/swawe.fr\/demande-de-demo\/\" class=\"btn-cta\">Demander une d\u00e9mo \u2192<\/a> <\/div>\n<p><\/div>\n<p><\/p>\n<footer> <pee>\u00a9 <strong>SWAWE<\/strong> \u00b7 <a href=\"https:\/\/swawe.fr\">swawe.fr<\/a> \u00b7 En partenariat avec <strong>Secureway<\/strong><\/pee><\/footer>\n<p><\/div>\n<p><script>const TOTAL_PTS = 38;const TOTAL_Q = 19;const answers = {};const feedbacks = { q1: { oui: \"Bonne base. V\u00e9rifiez qu'elle est valid\u00e9e par les \u00e9quipes m\u00e9tiers et r\u00e9vis\u00e9e \u00e0 chaque \u00e9volution majeure.\", partiel: \"Une matrice partielle laisse des processus sans couverture \u2014 autant d'angles morts pour votre audit.\", non: \"C'est le point de d\u00e9part prioritaire. Sans matrice, toutes vos analyses SoD reposent sur des bases instables.\" }, q4: { oui: null, partiel: null, non: \"Priorit\u00e9 #1 : couvrir P2P, O2C, R2R et HCM \u2014 les 4 domaines qui concentrent l'essentiel des risques de fraude.\" }, q5: { oui: null, partiel: \"Analyse t-code uniquement = 40\u201360 % de faux positifs. Descendre au niveau des objets d'autorisation.\", non: \"Analyse t-code uniquement = 40\u201360 % de faux positifs. Passer au niveau des objets d'autorisation SAP.\" }, q7: { oui: null, partiel: null, non: \"Faire co-valider la matrice par les propri\u00e9taires de processus m\u00e9tiers (DAF, Achats, DRH).\" }, q19: { oui: null, partiel: null, non: \"Inclure les comptes de service et RFC dans l'analyse SoD et d\u00e9finir une politique de securite specifique (mot de passe, droits minimaux, revue periodique).\" }, q19: { oui: null, partiel: null, non: \"Inclure les comptes de service et RFC dans l'analyse SoD et definir une politique de securite specifique (droits minimaux, mot de passe, revue reguliere).\" }, q9: { oui: null, partiel: null, non: \"Croiser les habilitations avec les logs SAP (SM20, STAD) pour identifier les risques actifs.\" }, q12: { oui: null, partiel: null, non: \"Automatiser les analyses pour \u00e9liminer les erreurs manuelles et gagner en fiabilit\u00e9 sur les grands volumes.\" }, q13: { oui: null, partiel: null, non: \"Mettre en place des alertes automatiques \u00e0 chaque modification de r\u00f4le SAP.\" }, q14: { oui: null, partiel: null, non: \"Tracer toutes les actions correctives (date, responsable, justification) pour les rendre opposables \u00e0 un auditeur.\" }, q18: { oui: null, partiel: null, non: \"Passer a une detection continue plutot qu'une analyse uniquement lors des audits.\" }};function currentPts(){ return Object.values(answers).reduce((s,a)=>s+a.pts,0); }function currentPct(){ return Math.round(currentPts()\/TOTAL_PTS*100); }function answer(qid, val, pts) { const card = document.getElementById(qid); const btns = card.querySelectorAll('.ans-btn'); btns.forEach(b => b.className = 'ans-btn'); const idx = val === 'oui' ? 0 : val === 'partiel' ? 1 : 2; btns[idx].classList.add('selected-' + val); ['oui','partiel','non'].forEach(v => { const fb = document.getElementById(qid + '-' + v); if (fb) fb.classList.remove('show'); }); const fb = document.getElementById(qid + '-' + val); if (fb) fb.classList.add('show'); card.classList.remove('answered','answered-no'); card.classList.add(val === 'non' ? 'answered-no' : 'answered'); answers[qid] = { val, pts }; updateScore();}function updateScore() { const answered = Object.keys(answers).length; const pts = currentPts(); const pct = currentPct(); document.getElementById('score-fill').style.width = pct + '%'; document.getElementById('score-pts').textContent = pts + ' \/ ' + TOTAL_PTS + ' pts'; document.getElementById('score-pct').textContent = pct + ' % de maturite'; const btn = document.getElementById('voir-resultat-btn'); const remaining = document.getElementById('questions-restantes'); if (answered >= 1) { btn.style.display = 'inline-block'; const restantes = TOTAL_Q - answered; remaining.textContent = restantes > 0 ? restantes + ' question' + (restantes > 1 ? 's' : '') + ' restante' + (restantes > 1 ? 's' : '') + ' \u2014 le resultat sera plus precis si vous les completez.' : 'Toutes les questions sont completees.'; } else { btn.style.display = 'none'; remaining.textContent = ''; } if (answered === TOTAL_Q) showResult(pts, pct);}function showResult(pts, pct) { const panel = document.getElementById('result-panel'); panel.classList.add('show'); panel.scrollIntoView({ behavior: 'smooth', block: 'start' }); document.getElementById('res-score').textContent = pts; const oui = Object.values(answers).filter(a => a.val === 'oui').length; const partiel = Object.values(answers).filter(a => a.val === 'partiel').length; const non = Object.values(answers).filter(a => a.val === 'non').length; document.getElementById('res-oui').textContent = oui; document.getElementById('res-partiel').textContent = partiel; document.getElementById('res-non').textContent = non; const top = document.getElementById('result-top'); const niveau = document.getElementById('res-niveau'); const desc = document.getElementById('res-desc'); top.className = 'result-top'; const answered = Object.keys(answers).length; const mention = answered < TOTAL_Q ? ' (base sur ' + answered + '\/' + TOTAL_Q + ' questions)' : ''; if (pct <= 30) { top.classList.add('niveau-0'); niveau.textContent = 'Niveau Debutant' + mention; desc.textContent = 'Votre demarche SoD est embryonnaire. Des risques importants sont probablement exposes sans etre detectes. Une mise en place structuree est urgente.'; } else if (pct <= 60) { top.classList.add('niveau-1'); niveau.textContent = 'Niveau En progression' + mention; desc.textContent = \"Les fondations existent mais la demarche reste fragile et incomplete. Des angles morts significatifs subsistent, notamment sur l'automatisation et la tracabilite.\"; } else if (pct <= 85) { top.classList.add('niveau-2'); niveau.textContent = 'Niveau Avance' + mention; desc.textContent = \"Votre gouvernance SoD est solide. Quelques points d'amelioration cibles permettraient d'atteindre un niveau optimise et de renforcer votre posture face aux audits.\"; } else { top.classList.add('niveau-3'); niveau.textContent = 'Niveau Optimise' + mention; desc.textContent = \"Felicitations \u2014 votre maturite SoD est excellente. Votre organisation dispose d'une gouvernance des acces SAP robuste, continue et defendable face a tout auditeur.\"; } const priorities = []; Object.entries(answers).forEach(([qid, a]) => { if (a.val !== 'oui' && feedbacks[qid] && feedbacks[qid][a.val]) { priorities.push(feedbacks[qid][a.val]); } }); const list = document.getElementById('res-priorities'); list.innerHTML = ''; if (priorities.length === 0) { list.innerHTML = '<\/p>\n<li>Aucune priorite critique identifiee \u2014 votre maturite SoD est optimale.<\/li>\n<p>'; } else { priorities.slice(0, 5).forEach(p => { const li = document.createElement('li'); li.textContent = p; list.appendChild(li); }); }}function resetAll() { Object.keys(answers).forEach(k => delete answers[k]); document.querySelectorAll('.ans-btn').forEach(b => b.className = 'ans-btn'); document.querySelectorAll('.q-feedback').forEach(f => f.classList.remove('show')); document.querySelectorAll('.q-card').forEach(c => c.classList.remove('answered','answered-no')); document.getElementById('score-fill').style.width = '0%'; document.getElementById('score-pts').textContent = '0 \/ 38 pts'; document.getElementById('score-pct').textContent = '0 % de maturite'; document.getElementById('result-panel').classList.remove('show'); document.getElementById('voir-resultat-btn').style.display = 'none'; document.getElementById('questions-restantes').textContent = ''; window.scrollTo({ top: 0, behavior: 'smooth' });}<\/script><\/body><\/html>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":9,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"class_list":["post-2511","page","type-page","status-publish","hentry"],"yoast_head":"\n<title>Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s<\/title>\n<meta name=\"description\" content=\"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s\" \/>\n<meta property=\"og:description\" content=\"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/\" \/>\n<meta property=\"og:site_name\" content=\"Swawe\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-02T10:09:43+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/\",\"url\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/\",\"name\":\"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/swawe.fr\\\/#website\"},\"datePublished\":\"2026-05-29T08:12:53+00:00\",\"dateModified\":\"2026-06-02T10:09:43+00:00\",\"description\":\"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/swawe.fr\\\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/swawe.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d’acc\u00e8s | SWAWE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/swawe.fr\\\/#website\",\"url\":\"https:\\\/\\\/swawe.fr\\\/\",\"name\":\"Swawe\",\"description\":\"Your Compliance Companion\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/swawe.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n","yoast_head_json":{"title":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s","description":"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","og_locale":"en_US","og_type":"article","og_title":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s","og_description":"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9","og_url":"https:\/\/swawe.fr\/en\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","og_site_name":"Swawe","article_modified_time":"2026-06-02T10:09:43+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","url":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/","name":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d'acc\u00e8s","isPartOf":{"@id":"https:\/\/swawe.fr\/#website"},"datePublished":"2026-05-29T08:12:53+00:00","dateModified":"2026-06-02T10:09:43+00:00","description":"Matrice SoD, analyse des acc\u00e8s : 26 points de contr\u00f4le pour s\u00e9curiser votre environnement SAP et pr\u00e9parer vos audits en toute s\u00e9r\u00e9nit\u00e9","breadcrumb":{"@id":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/swawe.fr\/checklist-sod-sap-detecter-et-piloter-les-conflits-acces\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/swawe.fr\/"},{"@type":"ListItem","position":2,"name":"Checklist SoD SAP : d\u00e9tecter et piloter les conflits d’acc\u00e8s | SWAWE"}]},{"@type":"WebSite","@id":"https:\/\/swawe.fr\/#website","url":"https:\/\/swawe.fr\/","name":"Swawe","description":"Your Compliance Companion","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swawe.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages\/2511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/comments?post=2511"}],"version-history":[{"count":4,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages\/2511\/revisions"}],"predecessor-version":[{"id":2517,"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/pages\/2511\/revisions\/2517"}],"wp:attachment":[{"href":"https:\/\/swawe.fr\/en\/wp-json\/wp\/v2\/media?parent=2511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}