Business-centric GRC solutions for companies running SAP
Business-Centric GRC places the business user at the core of your GRC capability. It involves strengthening business accountability for access risk by adopting a business-oriented approach to all SAP security and GRC operations.
Soterion is passionate about building business-centric GRC solutions that enable your business users to be more effective in their access risk management activities. We do this by converting the technical GRC language into a language your business users can understand. This fosters more informed decision making and improves the organisation’s overall risk awareness.
What are your GRC business objectives?
How can Soterion help you?
Soterion partners with organisations to address their SAP security requirements through a tailored approach. By comprehensively grasping their individual needs, we create customised GRC roadmaps, enabling organisations to maximise the returns on their GRC investments.
Guided, step-by-step GRC maturity process
Use our proprietary GRC Maturity Model to benchmark your current GRC maturity level and Enhance your GRC capability.
Used by over 150 clients around the world
Soterion has helped organisations for over a decade to extract maximum value from their GRC investments.
Agile approach to integrated risk management
Move from no GRC access risk capability to full visibility, within 24 hours. Rapidly respond to dynamic business challenges.
Powerful, size-sensible features
All the GRC features your business actually needs without complex, unnecessary functionality.
Trusted by the big 4 global audit firms
Audit firms place trust in Soterion’s accurate and easy to use reporting, backed by excellent support.
Total cost of
ownership
Lower cost of ownership with rapid implementation and cloud offerings. Flexible subscription options available.
Soterion’s business-centric solutions
- Access Risk
- Basis Review
- Central Identity
- Continuous Controls
- Data Privacy
- Elevated Rights
- Password Self-Service
- Periodic Review
- SAP License
Access Risk Manager
The Access Risk Manager provides customers with the ability to identify their SAP access risk exposure using a user-friendly web application. Additional functionality includes risk remediation recommendations and the “What-if” Allocation Simulator. The Simulator will allow you to pre-empt risk bearing access prior to applying the change request in SAP, thus ensuring a pro-active approach to SAP access risk management.
Basis Review Manager
SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.
Central Identity Manager
The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardisation of job functions across the organisation reduces complexity and the effort required to manage and review SAP user access.
Continuous Controls Manager
Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach.
By extensively scrutinising the SAP transactional data, continuous control monitoring enables organisations to monitor access risks that materialise, ensuring a more effective access risk management capability.
Data Privacy Manager
The Data Privacy Manager analyses all tables in SAP and highlights those that contain fields with personal or sensitive information, categorising the data by Data Domain and Subject.
Elevated Rights Manager
The Elevated Rights Manager grants sensitive fire-fighting access in an automated workflow-driven process, and enables your management team to perform a structured review of any activities that were performed during the Elevated Rights Access period.
Password Self-Service Manager
Soterion provides users with the ability to reset their SAP passwords which reduces the burden on the authorisation support team and associated costs.
The self-service functionality reduces business down-time by empowering users to reset passwords instantly.
Periodic Review Manager
Periodically reviewing your SAP user access, analysing the associated risks and evaluating the necessary controls will align your GRC capacity with your individual business targets. This process will significantly enhance the insight into your GRC environment, as well as being an audit and statutory requirement in many business environments.
SAP License Manager
The SAP Licensing Manager provides you with the insight you need to tailor your SAP license agreement to your organisation’s specific requirements; ensuring optimal contract management and complete compliance whilst reducing unplanned and excess costs.