Often when I start work with a new client, one of the first things they want to know is my opinion of their SAP Hybris implementation. Think of it as a medical second opinion — especially valuable when a new e-commerce lead arrives without a feel for how the system was built by the SI or the in-house team.
With great power, great responsibility.
SAP Hybris is a fantastic platform — consistently named among the top systems in the e-commerce space. The out-of-the-box platform is a great starting point and can be used to build a robust solution. In my experience, however, that is not always the case.
For clients whose SAP Hybris instance is a considerable source of revenue, it is understandable that the appetite for an independent audit is growing. A full review can provide an honest assessment of whether best practices were actually followed during SDLC.
Eight areas of focus.
When I engage with a customer to review their SAP Hybris implementation, these are the areas I pay attention to:
- Overall implementation organization
- Overall code organization
- Third-party integrations
- Customer experience (selected areas — I am not a UX specialist)
- Site performance
- Build and deploy process
- Infrastructure review
- Privacy and security audit
A typical engagement takes 200–240 hours from start to finish. Complex implementations may run longer.
How the work is segmented.
- Week one — review of available business and technical documentation; refining the schedule for subsequent weeks based on what surfaces.
- Week two — onsite, interviewing team members.
- Weeks three and four — remote, with access to selected team members for follow-up questions.
- Final days — final presentation, either onsite or remote.
What gets examined, in full.
A more detailed description of items covered during the review:
01 Overall implementation organization
- Number of servers (load balancers, web servers, application servers, admin servers, DB and SOLR servers; optionally CIS and Datahub)
- Catalog architecture
- Catalog synchronizations
- Product structure (variant levels, variant types, etc.)
- Price row storage (catalog-version-aware or not, etc.)
- Number of sites and their relationships
- What ERP, CRM, and OMS are in use
- Which system is the master record-keeper for products, prices, inventory, orders, and customers
02 Overall code organization
- Code repository, code review, code quality, code testing
- Integration with critical “internal” components like ERP / CRM / OMS
- Data imports and exports
- Testing — unit, integration, automation
- Synchronous and asynchronous data flow
03 Third-party integrations
- Sales tax
- Payment
- Address verification
- Loyalty integrations
- Email communication
- DAM (or images and content)
04 Customer experience
- Search & SOLR (document structure, indexing and query strategy, master/slave architecture)
- Discounts & promotions
- Checkout flow and navigation
- Content management
05 Site performance
- Hybris region cache
- SOLR caching (where applicable)
- Sales tax performance
- Static files
- Partial / full page caching
- Session data caching
- Temporary cart purging
- Task engine execution
06 Build and deploy process
- Build lifecycle
- Deployment process
- Continuous integration approach (if any)
- Code validation upon builds
07 Infrastructure review
- Infrastructure components / diagram
- Server topology
- OS and memory settings (operating system, JVM, etc.)
- Apache HTTP and Tomcat server configurations
08 Privacy and security
- Web application security — XSS, CSRF, SAP and web application best practices
- Access control — lockdown of super-admins, default users and passwords, granular access for hMC and Backoffice
- Password hashing and encryption algorithms
- Password policies
- Application logging — sufficiency, and whether sensitive information is being written to files
- Credit card data management
If a structured second opinion would help, get in touch →