We solve GRC for SAP companies of all shapes and sizes

Our entire business is focused on building GRC products that are a pleasure to use. Because companies differ, we’ve developed three ways SAP companies can handle their GRC, whatever their internal capability.

view our offerings

2019 GRC User Experience Award

GRC2020 Research, LLC, has recognized Soterion with the 2019 GRC User Experience Award. Find out why the Soterion solution was chosen above the rest.

learn more

SAP Security: Dealing with cross-division access in Saint-Gobain

Governance, Risk, and Compliance is a continuous journey. Discover how, with the support of Soterion, Saint Gobain SA established a sound basis for their authorizations and a clear roadmap ahead.

Read the case study

GDPR Compliance for SAP Organizations

A substantial amount has been written about GDPR and its likely legal implications for organizations. In this ebook, we’ve focused on a pragmatic, phased approach to GDPR compliance that SAP companies can implement immediately.

Download now

"Soterion has built its product suite from the ground up to make GRC less of a hassle for GRC practitioners, with intuitive features our users love."

Dudley Cartwright, Chief Executive Officer

What we offer


What is it?

Soterion's Compliance Cloud platform is a cloud-based, pay-as-you-go GRC Access Risk Tool.

Ideal for?

  • Highly cost-sensitive companies
  • Companies that require access risk assessments seldom or ad hoc. e.g. internal auditors
  • Companies with basic in-house GRC expertise


  • Instant GRC access risk visibility
  • Easy-to-use
  • Business-friendly reporting
  • Extremely cost effective
  • Only pay when you use

Managed Service

What is it?

Combine “on-tap” GRC expertise with Soterion's Compliance Cloud platform for a complete GRC solution. Delivered in collaboration with Soterion's Consulting Partner Network.

Ideal for?

Smaller companies who have a GRC requirement, but lack internal expertise.


  • Instant GRC capability, including both tools and expertise
  • Give business hassle free, complete control of access risks via dependable GRC service
  • Significantly cheaper overall solution than employing in-house GRC expertise and purchasing GRC tool
  • Proactive GRC management

On-Premise Software

What is it?

Soterion for SAP offers powerful, yet easy-to-use features for mid-sized and larger companies.

Ideal for?

  • Companies that have a GRC requirement, and have internal expertise
  • Companies with IT policies requiring on-premise solutions


  • Powerful, size-sensible GRC features without complex, unnecessary functionality
  • Cost effective on-premise alternative
  • Intuitive and easy to use
  • Minimally invasive to infrastructure and SAP installation

What customers are saying

"We needed to be able to view our SAP access risk exposure on a regular basis, but could not justify an on-premise solution. Soterion’s SaaS option allows us to acquire insights as frequently as we need them with minimal initial setup, on a payment basis that is under our control and just makes so much sense."

Richard van Huyssteen – Director: Systems Division ICTS – University of Cape Town

"Our primary object was to find an SAP access risk tool that matched our GRC capability, but that also allowed room for growth as our GRC maturity improves. Soterion not only ticked all these boxes, but their GRC Maturity Model will ensure our GRC Maturity is fast tracked."

Hennie Steenberg – CIO – Cashbuild

"The results derived from Soterion's solution allowed our SAP security team to easily identify the roles and transactions contributing to the access risk in our system."

Basile Sepsakos – Head of IT – United Energy

"Soterion consulting was an absolute pleasure to work with. They not only have incredible knowledge in the SAP authorization and SAP GRC space, but their professionalism shone through throughout the project."

Peter Atkinson – Global Project Manager – Weir Minerals

I have not seen anything like it, and breathes fresh air into the automated/continuous control segment of the #GRC market. Great process diagrams in an access risk context. Very relevant reporting for #privacy like #GDPR and #CCPA access in SAP environments. Very impressive. 5 stars.

Michael Rasmussen – GRC Economist & Pundit – GRC 20/20

"Where the SAP authorization outsourcing model is simply order taking, GRC as a managed service involves proactive risk management by the service provider. A much more value-add service."

David Johnson – Senior Manager – Cashbuild

"We have achieved Full System Reliance from our external auditors for the first time in three years, thanks to Soterion’s SOD risk rule set."

Cuan Kloppers – CIO – Samancor Chrome

"Soterion’s unique functionality of dynamic authorization management provided us with a new level of visibility into our SAP authorization solution. In addition, the simplicity and practicality of the software has allowed for a rapid reduction in segregation of duty risks, with minimal business interruption."

Cuan Kloppers – CIO – Samancor Chrome

"Soterion’s clean-up exercise allowed us to reduce our Segregation of Duties (SOD) count by 98% without any impact on business."

Basile Sepsakos – Head of IT – United Energy

"We are still in the early stages of the rule set customisation project having only covered Order to Cash and Procure to Pay, but we have already realised numerous benefits and there is no doubt that this is going to be an immensely valuable exercise. Soterion’s SAP Risk consultants are a cut above anything we have seen both locally or internationally."

Craig Rankin – Financial Manager – St Gobain (South Africa)

"Soterion has some powerful functionality. We were able to reduce our risk by 80% within two months with no disruption to the business."

James Mason – Group IT Manager – Italtile Ceramics

"The GRC process is a journey... Identify a partner such as Soterion, who understands your business requirements and can walk the journey with you."

Jacolien Slabbert – IT Manager – TSB Sugar


GRC 20/20 recognizes Soterion with the 2019 GRC User Experience Award

This article contains highlights from the GRC 20/20 report. If you would like to ...

Soterion’s Customer Day

We have invited guest speakers and, of course, our customers to discuss SAP Security, ...

Umeme choose Soterion for SAP as their access risk solution

Umeme, the largest energy distributor in Uganda, distributing 97 percent of all electricity ...

Ready to take your GRC to the next level?