

# 5 – Understand security standards and how they apply to your SAP workload
<a name="design-principle-5"></a>

 **How do you define the security standards and controls to align with the criticality of your SAP workload?** Standards are published documents that define the policies and procedures required to secure your systems following best practices for a product, organization, industry, or jurisdiction. They provide a framework against which your SAP workload can be evaluated. Some standards are mandatory to ensure compliance with regulatory requirements, while others are optional but help with establishing roles and responsibilities. 


| ID | Priority | Best Practice | 
| --- | --- | --- | 
| ☐ BP 5.1 | Required | Define security roles and responsibilities | 
| ☐ BP 5.2 | Highly Recommended | Classify the data within your SAP workloads | 
| ☐ BP 5.3 | Highly Recommended | Determine the required security controls based on application and data classification | 
| ☐ BP 5.4 | Highly Recommended | Create a strategy for managing security controls | 