We solve GRC for smaller SAP companies

Our entire business is focused on building GRC products to suit your team and your pocket. Because companies differ, we've developed three ways smaller SAP companies can affordably handle GRC, whatever their internal capability.

view our offerings

GDPR Compliance for SAP Organisations

A substantial amount has been written about GDPR and its likely legal implications for organisations. In this ebook, we

Download now

Soterion features in Gartner’s latest Market Guide

Soterion is pleased to announce that it has been listed as a representative vendor in the newly released Gartner Market Guide for Segregation of Duties (SOD) Controls Monitoring Tools report.


"Soterion has built its product suite from the ground up to make GRC less of a hassle for GRC practitioners, with intuitive features our users love."

Dudley Cartwright, Chief Executive Officer

What we offer


What is it?

Soterion's Compliance Cloud platform is a cloud-based, pay-as-you-go GRC Access Risk Tool.

Ideal for?

  • Highly cost-sensitive companies
  • Companies that require access risk assessments seldom or ad hoc. e.g. internal auditors
  • Companies with basic in-house GRC expertise


  • Instant GRC access risk visibility
  • Easy-to-use
  • Business-friendly reporting
  • Extremely cost effective
  • Only pay when you use

Managed Service

What is it?

Combine “on-tap” GRC expertise with Soterion's Compliance Cloud platform for a complete GRC solution. Delivered in collaboration with Soterion's Consulting Partner Network.

Ideal for?

Smaller companies who have a GRC requirement, but lack internal expertise.


    • Instant GRC capability, including both tools and expertise
    • Give business hassle free, complete control of access risks via dependable GRC service
    • Significantly cheaper overall solution than employing in-house GRC expertise and purchasing GRC tool
    • Proactive GRC management

On-Premise Software

What is it?

Soterion for SAP is a size-sensible GRC software application, offering powerful, easy-to-use features for smaller SAP companies.

Ideal for?

  • Smaller companies that have a GRC requirement, and have internal expertise
  • Companies with IT policies requiring on-premise solutions


  • Powerful, size-sensible GRC features for smaller businesses without complex, unnecessary functionality
  • Highly cost-effective on-premise GRC alternative
  • Intuitive and easy to use
  • Minimally invasive to infrastructure and SAP installation

What customers are saying

"Soterion consulting was an absolute pleasure to work with. They not only have incredible knowledge in the SAP authorization and SAP GRC space, but their professionalism shone through throughout the project."

Peter Atkinson – Global Project Manager – Weir Minerals

"Soterion has some powerful functionality. We were able to reduce our risk by 80% within two months with no disruption to the business."

James Mason – Group IT Manager – Italtile Ceramics

"We are still in the early stages of the rule set customisation project having only covered Order to Cash and Procure to Pay, but we have already realised numerous benefits and there is no doubt that this is going to be an immensely valuable exercise. Soterion"

Craig Rankin – Financial Manager – St Gobain (South Africa)

"We have achieved Full System Reliance from our external auditors for the first time in three years, thanks to Soterion"

Cuan Kloppers – CIO – Samancor Chrome


Cuan Kloppers – CIO – Samancor Chrome

"Our primary object was to find an SAP access risk tool that matched our GRC capability, but that also allowed room for growth as our GRC maturity improves. Soterion not only ticked all these boxes, but their GRC Maturity Model will ensure our GRC Maturity is fast tracked"

Hennie Steenberg – CIO – Cashbuild


Basile Sepsakos – United Energy

"The results derived from Soterion"

Basile Sepsakos – United Energy

"Soterion consulting were an absolute pleasure to work with. They not only have incredible knowledge in the SAP authorization and SAP GRC space, but their professionalism shone through throughout the project."

Peter Atkinson – Global Project Manager – Weir Minerals

"The results derived from Soterion's solution allowed our SAP security team to easily identify the roles and transactions contributing to the access risk in our system."

Basile Sepsakos – United Energy

"Where the SAP authorization outsourcing model is simply order taking, GRC as a managed service involves proactive risk management by the service provider. A much more value-add service."

David Johnson – Senior Manager

"The GRC process is a journey... Identify a partner such as Soterion, who understands your business requirements and can walk the journey with you."

Jacolien Slabbert – TSB Sugar

"We needed to be able to view our SAP access risk exposure on a regular basis, but could not justify an on-premise solution. Soterion"

Richard van Huyssteen – Director: Systems Division ICTS – University of Cape Town

Ready to take your GRC to the next level?