Information security considerations for cloud-based Enterprise Resource Planning system and best practices for its retirement phase

  • Author(s) / Creator(s)
  • Enterprise Resource Planning (ERP) system is an integrated solution that has been revolutionizing the business processes in a collective and distributed way. These systems are designed to fasten communication between various departments within an organization and empower its employees in making better business decisions with the help of data, improve reporting and planning which increases total visibility. It also improves the efficiency, quality and customer service. There is an increase in the cloud ERP software adoption by small businesses keeping up with the competition, also cloud ERP systems are cost-effective solutions for small enterprises. In this age of ERP systems on the cloud, organizations are skeptical in terms of ERP adoption on cloud due to security-related issues and malicious intentions from both inside and outside the organization. To address the security-related issues in ERP, this paper identifies various attacks an ERP system is prone to using literature review, identifies what security controls are to be in place considering NIST 800-53 R5 and ISO/IEC 27001:2013 to create a more secure environment and also mapped the identified security controls to facilitate PIPEDA compliance of Canada along with the best practices to be followed to clear/purge/destroy the various media types used considering NIST SP 800-88 in the retirement phase of ERP systems.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International