Information is one of the most important assets of any organization, so it should be appropriately. Information security combines systems, operations and internal controls to ensure the integrity and confidentiality of data and operation procedures in an organization. Availability of the information is also important to the organization. If the integrity of the information is above board and the information is confidential, but it is not available to authorized users, it is of no use. Enterprise Resource Planning (ERP) system security must be governed by the same principles as conventional information security. An ERP system controls all the business-related information of an organization as well as information relating to customers and suppliers. It is necessary to protect this information from the opposition as well as to ensure that the information within the ERP system conforms to auditing standards such as Sarbanes-Oxleyiii. The security and protection of the information within the ERP system is therefore crucial to the existence of the organization. The purpose of this article is to provide an ERP security framework that will enable an organization to include security as an integral part of an ERP system and not as an afterthought.