We provide business-centric GRC solutions for companies running SAP

Our entire business is focussed on building business-centric GRC solutions that enhance business accountability of risk. As every company’s GRC requirements differ, we’ve developed three ways SAP companies can handle their GRC, whatever their internal capability.

view our offerings

Agile GRC

We’re living through an era hallmarked by a rapid increase in the rate of change in the marketplace. Your business demands agility and nothing less, so what does GRC for an agile world look like?

Download now

KuppingerCole’s Executive view on Soterion’s GRC solutions for SAP

In a report covering SAP Governance, Risk and Compliance (GRC) by KuppingerCole Analysts, an international independent analyst organization, the company noted that Soterion is able to offer a range of deployment options not available from several other vendors.

Read more

2019 GRC User Experience Award

GRC2020 Research, LLC, has recognized Soterion with the 2019 GRC User Experience Award. Find out why the Soterion solution was chosen above the rest.

learn more

“We provide agile GRC for the agile organization. Our solution is quick to install, easy to learn, S/4HANA ready and boasts an award-winning user experience.”

Dudley Cartwright, Chief Executive Officer

What we offer


What is it?

Soterion's Compliance Cloud platform is a cloud-based, pay-as-you-go GRC Access Risk Tool.

Ideal for?

  • Highly cost-sensitive companies
  • Companies that require access risk assessments seldom or ad hoc. e.g. internal auditors
  • Companies with basic in-house GRC expertise


  • Instant GRC access risk visibility
  • Easy-to-use
  • Business-friendly reporting
  • Extremely cost effective
  • Only pay when you use

Managed Service

What is it?

Combine “on-tap” GRC expertise with Soterion's Compliance Cloud platform for a complete GRC solution. Delivered in collaboration with Soterion's Consulting Partner Network.

Ideal for?

Smaller companies who have a GRC requirement, but lack internal expertise.


  • Instant GRC capability, including both tools and expertise
  • Give business hassle free, complete control of access risks via dependable GRC service
  • Significantly cheaper overall solution than employing in-house GRC expertise and purchasing GRC tool
  • Proactive GRC management

On-Premise Software

What is it?

Soterion for SAP offers powerful, yet easy-to-use features for mid-sized and larger companies.

Ideal for?

  • Companies that have a GRC requirement, and have internal expertise
  • Companies with IT policies requiring on-premise solutions


  • Powerful, size-sensible GRC features without complex, unnecessary functionality
  • Cost effective on-premise alternative
  • Intuitive and easy to use
  • Minimally invasive to infrastructure and SAP installation

What customers are saying

"The results derived from Soterion's solution allowed our SAP security team to easily identify the roles and transactions contributing to the access risk in our system."

Basile Sepsakos – Head of IT – United Energy

"Soterion’s unique functionality of dynamic authorization management provided us with a new level of visibility into our SAP authorization solution. In addition, the simplicity and practicality of the software has allowed for a rapid reduction in segregation of duty risks, with minimal business interruption."

Cuan Kloppers – CIO – Samancor Chrome

"The GRC process is a journey... Identify a partner such as Soterion, who understands your business requirements and can walk the journey with you."

Jacolien Slabbert – IT Manager – TSB Sugar

"We are still in the early stages of the rule set customisation project having only covered Order to Cash and Procure to Pay, but we have already realised numerous benefits and there is no doubt that this is going to be an immensely valuable exercise. Soterion’s SAP Risk consultants are a cut above anything we have seen both locally or internationally."

Craig Rankin – Financial Manager – St Gobain (South Africa)

"We needed to be able to view our SAP access risk exposure on a regular basis, but could not justify an on-premise solution. Soterion’s SaaS option allows us to acquire insights as frequently as we need them with minimal initial setup, on a payment basis that is under our control and just makes so much sense."

Richard van Huyssteen – Director: Systems Division ICTS – University of Cape Town

"Where the SAP authorization outsourcing model is simply order taking, GRC as a managed service involves proactive risk management by the service provider. A much more value-add service."

David Johnson – Senior Manager – Cashbuild

"Soterion’s clean-up exercise allowed us to reduce our Segregation of Duties (SOD) count by 98% without any impact on business."

Basile Sepsakos – Head of IT – United Energy

"We have achieved Full System Reliance from our external auditors for the first time in three years, thanks to Soterion’s SOD risk rule set."

Cuan Kloppers – CIO – Samancor Chrome

"Our primary object was to find an SAP access risk tool that matched our GRC capability, but that also allowed room for growth as our GRC maturity improves. Soterion not only ticked all these boxes, but their GRC Maturity Model will ensure our GRC Maturity is fast tracked."

Hennie Steenberg – CIO – Cashbuild

"Soterion consulting was an absolute pleasure to work with. They not only have incredible knowledge in the SAP authorization and SAP GRC space, but their professionalism shone through throughout the project."

Peter Atkinson – Global Project Manager – Weir Minerals

"Soterion has some powerful functionality. We were able to reduce our risk by 80% within two months with no disruption to the business."

James Mason – Group IT Manager – Italtile Ceramics

I have not seen anything like it, and breathes fresh air into the automated/continuous control segment of the #GRC market. Great process diagrams in an access risk context. Very relevant reporting for #privacy like #GDPR and #CCPA access in SAP environments. Very impressive. 5 stars.

Michael Rasmussen – GRC Economist & Pundit – GRC 20/20


Event – UKISUG Connect 2021 – 29 to 30 Nov

Visit us at UKISUG Connect 2021 Come and visit our booth at UKISUG Connect 2021. ...

The Hidden Benefits of Customising Your Organisation’s SAP Access Risk Rule Set

At Soterion, a study was recently conducted to find out how many organisations have ...

Virtual Event – SAPSA IMPULS 2021 – 8 to 9 November 2021

Soterion has partnered with SAP Swedish User Association (SAPSA) to bring to you ...

Ready to take your GRC to the next level?