Organizations looking to secure their enterprise resource planning (ERP)'s security defenses are often required to sort through vendor claims of features that are unique to their solution (i.e., leading-edge, disruptive, or other catchy buzz words). Rather than focusing on features and marketing buzz words, organizations should first create a prioritized list of their requirements and then evaluate the solution's capabilities to satisfy those requirements cost-effectively.
Here are seven questions to ask vendors focused on essential capabilities that are based on leading practices from organizations, including Gartner, Forrester, ISO, NIST, COBIT, and COSO. These capabilities should guide every organization's evaluation of ERP application security, risk and compliance solutions and help them understand which features are genuinely the most valuable.