We solve GRC for SAP companies of all shapes and sizes

Our entire business is focused on building GRC products that are a pleasure to use. Because companies differ, we’ve developed three ways SAP companies can handle their GRC, whatever their internal capability.

view our offerings

Webinar: SAPinsider & Soterion – Agile GRC

Soterion has partnered with SAPinsider to bring to you a 60-minute webinar on Agile GRC, to discuss the mindset, techniques, & tools employed by an emerging breed of agile GRC practitioners in organizations running SAP.

Thursday, 1 October 2020
11:00 am - 12:00 pm EST ; 17:00 pm - 18:00 pm CEST

Register now

Agile GRC

We’re living through an era hallmarked by a rapid increase in the rate of change in the marketplace. Your business demands agility and nothing less, so what does GRC for an agile world look like?

Download now

KuppingerCole’s Executive view on Soterion’s GRC solutions for SAP

In a report covering SAP Governance, Risk and Compliance (GRC) by KuppingerCole Analysts, an international independent analyst organization, the company noted that Soterion is able to offer a range of deployment options not available from several other vendors.

Read more

Digital Event: MasteringSAP OnAir

We are preparing for Mastering SAP OnAir, a massive digital event arranged by Mastering SAP Australia. 1000+ people, 3 days, 90 hours of brilliant content, and a plethora of unrivaled networking opportunities

Date: October 12-14, 2020

Book Tickets

“We provide agile GRC for the agile organization. Our solution is quick to install, easy to learn, S/4HANA ready and boasts an award-winning user experience.”

Dudley Cartwright, Chief Executive Officer

What we offer


What is it?

Soterion's Compliance Cloud platform is a cloud-based, pay-as-you-go GRC Access Risk Tool.

Ideal for?

  • Highly cost-sensitive companies
  • Companies that require access risk assessments seldom or ad hoc. e.g. internal auditors
  • Companies with basic in-house GRC expertise


  • Instant GRC access risk visibility
  • Easy-to-use
  • Business-friendly reporting
  • Extremely cost effective
  • Only pay when you use

Managed Service

What is it?

Combine “on-tap” GRC expertise with Soterion's Compliance Cloud platform for a complete GRC solution. Delivered in collaboration with Soterion's Consulting Partner Network.

Ideal for?

Smaller companies who have a GRC requirement, but lack internal expertise.


  • Instant GRC capability, including both tools and expertise
  • Give business hassle free, complete control of access risks via dependable GRC service
  • Significantly cheaper overall solution than employing in-house GRC expertise and purchasing GRC tool
  • Proactive GRC management

On-Premise Software

What is it?

Soterion for SAP offers powerful, yet easy-to-use features for mid-sized and larger companies.

Ideal for?

  • Companies that have a GRC requirement, and have internal expertise
  • Companies with IT policies requiring on-premise solutions


  • Powerful, size-sensible GRC features without complex, unnecessary functionality
  • Cost effective on-premise alternative
  • Intuitive and easy to use
  • Minimally invasive to infrastructure and SAP installation

What customers are saying

"Soterion has some powerful functionality. We were able to reduce our risk by 80% within two months with no disruption to the business."

James Mason – Group IT Manager – Italtile Ceramics

"Soterion’s clean-up exercise allowed us to reduce our Segregation of Duties (SOD) count by 98% without any impact on business."

Basile Sepsakos – Head of IT – United Energy

"Our primary object was to find an SAP access risk tool that matched our GRC capability, but that also allowed room for growth as our GRC maturity improves. Soterion not only ticked all these boxes, but their GRC Maturity Model will ensure our GRC Maturity is fast tracked."

Hennie Steenberg – CIO – Cashbuild

"Soterion consulting was an absolute pleasure to work with. They not only have incredible knowledge in the SAP authorization and SAP GRC space, but their professionalism shone through throughout the project."

Peter Atkinson – Global Project Manager – Weir Minerals

"The GRC process is a journey... Identify a partner such as Soterion, who understands your business requirements and can walk the journey with you."

Jacolien Slabbert – IT Manager – TSB Sugar

"We have achieved Full System Reliance from our external auditors for the first time in three years, thanks to Soterion’s SOD risk rule set."

Cuan Kloppers – CIO – Samancor Chrome

"Soterion’s unique functionality of dynamic authorization management provided us with a new level of visibility into our SAP authorization solution. In addition, the simplicity and practicality of the software has allowed for a rapid reduction in segregation of duty risks, with minimal business interruption."

Cuan Kloppers – CIO – Samancor Chrome

"Where the SAP authorization outsourcing model is simply order taking, GRC as a managed service involves proactive risk management by the service provider. A much more value-add service."

David Johnson – Senior Manager – Cashbuild

"The results derived from Soterion's solution allowed our SAP security team to easily identify the roles and transactions contributing to the access risk in our system."

Basile Sepsakos – Head of IT – United Energy

"We are still in the early stages of the rule set customisation project having only covered Order to Cash and Procure to Pay, but we have already realised numerous benefits and there is no doubt that this is going to be an immensely valuable exercise. Soterion’s SAP Risk consultants are a cut above anything we have seen both locally or internationally."

Craig Rankin – Financial Manager – St Gobain (South Africa)

I have not seen anything like it, and breathes fresh air into the automated/continuous control segment of the #GRC market. Great process diagrams in an access risk context. Very relevant reporting for #privacy like #GDPR and #CCPA access in SAP environments. Very impressive. 5 stars.

Michael Rasmussen – GRC Economist & Pundit – GRC 20/20

"We needed to be able to view our SAP access risk exposure on a regular basis, but could not justify an on-premise solution. Soterion’s SaaS option allows us to acquire insights as frequently as we need them with minimal initial setup, on a payment basis that is under our control and just makes so much sense."

Richard van Huyssteen – Director: Systems Division ICTS – University of Cape Town


The GRC (R)evolution

How recent innovations are making GRC implementations simpler, faster and cheaper ...

SAUG Webinar: Business-centric GRC – User Access Review by Business Process

Soterion has partnered with SAP Australian User Group (SAUG) to bring to you a 60-minute ...

Webinar: SAPinsider & Soterion – Agile GRC for Organizations Running SAP

Your business requires agility and nothing less, so the question remains: what does ...

Ready to take your GRC to the next level?