Works Council Information

What are zapliance solutions used for?

The solutions offered by zapliance (also known as ‘zapliance agents’) help companies analyze SAP data for compliance auditing purposes. The objective is to identify control weaknesses in accounting and business processes or to reveal erroneous postings. The analyses are not performed directly on the productive SAP systems but on data copies provided specifically for audit purposes. 

Data Protection 

A central concern when using our solutions is the protection of personal data:

• No processing at zapliance
  The analyses are not performed at the company zapliance. The data remains within the user company's IT environment. zapliance has no access to customer instances of zapliance solutions without explicit technical and organizational authorization from the user company.

• Anonymized evaluations
  In all result presentations, SAP user names are anonymized. This means: No original user names appear in reports or evaluations. This ensures that no conclusions can be drawn about individual employees in reports or evaluations generated by zapliance solutions.
  
  

Content and Scope of the Analyses

Our solutions typically examine multiple company codes and fiscal years. The basis for this are so-called indicators ('audit questions') that highlight unusual business transactions. The analyses are risk-based and pursue exclusively the following objectives:

• Properness of accounting
• Efficiency of processes
• Process standardization
• Access security

Each indicator addresses a specific risk within the stated objectives. The risks addressed are documented. Performance monitoring of individual employees or groups of employees is NOT part of the indicators. Indicators are predefined by zapliance and cannot be modified or extended by the user company.

Thus, the focus is exclusively on legal, organizational, and economic issues – not on individual employee behavior.

Data Minimization and Data Access

All our solutions follow the principle of data minimization:

• Only the data required for a specific analysis is loaded.
• The data is stored in a locally secured database that is fully under the company's control.
• zapliance has no access to this data at any time – this is ruled out technically and organizationally.
  
  

Handling of Employee Data

zapliance solutions operate according to the principle of privacy by design:

• Employee identifiers are anonymized by default.
• The method used is a non-reversible hashing procedure – the original SAP user names cannot be algorithmically reconstructed.

This ensures that even if analyses relate to user-specific aspects (e.g., segregation of duties checks or activities of system administrators), the results are always anonymized. Within reports or evaluations, it is NOT possible to draw conclusions about individual employees.

No Behavioral or Performance Monitoring

A key concern of the works council is the avoidance of monitoring individual employee behavior or performance. With our solutions, this is ruled out:

• No evaluations of behavior or performance
  Performance monitoring of individual employees or groups of employees is NOT part of the indicators. Indicators are predefined by zapliance.

• The analysis objectives of the indicators are exclusively:
  • Properness of accounting
  • Efficiency of processes
  • Process standardization
  • Access security

• Anonymization protects employees
  Even if user identifiers play a role in an analysis, they are fully obfuscated by anonymization and cannot be traced back to individuals.

• No possibility to define custom indicators
  zapliance solutions do not offer any functions that would allow the user company to develop and apply its own indicators.
  
  

What Data Does zapliance GmbH Receive?

The clear answer: None!

• As a matter of principle, zapliance has no access to company or employee data.
• Only for training or workshops may anonymized data be voluntarily exported and made available.
• Even in such exports, employee identifiers are fully anonymized.
  
  

Conclusion

Our solutions are tools for improving compliance and process security within the company.

• They protect employees through anonymization.
• They serve exclusively to optimize processes and avoid financial risks.
• They do not allow for behavioral or performance monitoring.

What that means for the works council: The use of the solutions is employee-neutral, secure, and compliant with data protection regulations.

Any questions?

Answers are available simply by email at support@zapliance.com or via our KnowledgeBase.