Choose your language

EN
Event

UKISUG Connect 2022 Event – 27 to 29 November 2022

UKISUG Connect 2022 – 27 to 29 November 2022

The Soterion team will be at the UKISUG connect 2022 in-person event hosted by UKISUG in London, Birmingham.

Emile Steyn, Business Unit Director, Soterion Benelux will be running demo sessions. If you plan to attend the event and are interested in booking a demo, please feel free to email [email protected], alternatively you can chat to anyone at the booth throughout the event for more information.

We look forward to networking and catching up with everyone in Birmingham!

About the Event
More about our presentation:

Session: FirstGroup gets a First-Class Solution for their GRC Needs with Soterion for SAP

This topic will be hosted  by Roy Topham, Security Solutions Lead from EPI-USE Labs.

FirstGroup previously had no solution to address their GRC (Governance, Risk and Compliance) needs and moving to a Segregation of Duty (SOD) matrix was a key desirable. After evaluating several options they decided to leverage Soterion for SAP.  Join the session to learn about their SAP security strategy and what lessons they learned.

About UKISUG 

UKISUG Connect is the largest annual gathering of SAP Professionals across the UK & Ireland.

This event, held at The ICC Birmingham, is spread over three days and is the ‘go-to’ for all SAP users, with knowledge-rich keynotes, engaging breakout sessions and an exhibition hall of over 70 SAP partners and various interactive sessions

Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.

Event

SAPinsider EMEA 2022 Event – 15 to 17 November 2022

SAPinsider EMEA 2022 Event – 15 to 17 November 2022

The Soterion team will be at the SAPinsider EMEA 2022 in-person event hosted by SAPinsider in Vienna, Austria.

Dudley Cartwright, Soterion CEO, and Emile Steyn, Business Unit Director, Soterion Benelux will also be hosting sessions and running demo sessions. If you plan to attend the event and are interested in booking a demo, please feel free to email [email protected], alternatively you can chat to anyone at the booth throughout the event for more information.

SAPinsider EMEA 2022 is home to Six distinctive events that bring together under one roof an SAP community of 100+ Speakers, 150+ Sessions, 1500+ Delegates over 3 Days. We are proud sponsors and look forward to being a part of the event.

We look forward to networking and catching up with everyone in Austria!

About the Event

More about our presentations:

Session: Typical Challenges with SAP Security and GRC

This topic will be hosted  by Dudley Cartwright, CEO of Soterion 

Many organisations have implemented an access control solution but are struggling to derive any value from their GRC investment. In this session we will discuss the typical challenges facing organisations with their SAP security and GRC, and how best to address them. Some of these challenges include activities such as: 

  • Policies and Procedures
  • In-appropriate access
  • Rule set customisation
  • Mitigating Control Definition
  • Access Risk Management Processes
  • Business Role Definition

—–

i20 Session: How to Create Appropriate Business Roles for our Users

This topic will be hosted  by Emile Steyn,  Business Unit Director of Soterion Benelux

Business Roles are a collection of roles from multiple SAP systems. The Business Role methodology can significantly improve the efficiency of the user provisioning process. However, if these roles are not correctly defined, they can end up providing the users with very in-appropriate access, putting the organisation at unnecessary fraud risk.

In this session we will explain the process of accurately defining/building business roles so that they provide appropriate access for the SAP users. This will allow the organisation to achieve their desired objective of improving the efficiency of the Joiner – Mover- Leaver process in a controller manner where users are assigned appropriate access for their job function.  

—–

Network and Collaboration break Session: Business- Centric GRC

This demo will be hosted  by Emile Steyn,  Business Unit Director of Soterion Benelux

Soterion’s business-friendly GRC solutions provide organisations with in-depth access risk reporting to effectively managed their access risk. In this demo we will show how Soterion converts the technical GRC language into a business-friendly language with the use of business process flow illustrations and geographic maps for better decision making.

About SAPinsider

SAPinsider comprises the largest and fastest growing SAP membership group worldwide, with more than 500,000 members across 205 countries. It provides SAP professionals with invaluable information, strategic guidance, and road-tested advice through events, community-driven content, case studies, magazine articles, white paper, blogs, interactive Q&As, benchmark reports, and webinars.

SAPinsider is committed to delivering the latest and most useful content to help SAP users maximise their investment and leading the global discussion on optimising technology.

Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.7

Thought Leadership

Building More Effective Access Control Through Business-Centric GRC

Building More Effective Access Control Through Business-Centric GRC

If your SAP roles and rule sets are sound, your access control solution is set up for success

This article is based on a Tech Insights brief by Craig powers, Research Analyst at SAPinsider. The Brief takes a deeper look into what is needed to set an organisation up for success when it comes to access control.

Read a summary of Craig’s findings below or download the full SAPInsider Tech Insights Brief.


SAPInsider’s Tech Insights Brief highlights:
  • Business-centric access control engages business users in the access risk management process to help align access better with business needs.
  • SAP role clean-up and GRC rule set customisation are vital foundational elements to a successful access control solution.
  • Companies can significantly reduce access risk and access over-allocation through greater business involvement in access control.

Companies utilise access control solutions to identify risk within their user base. These solutions and processes are often technical and driven from audit and IT perspectives with very little input from business users who might find the technical GRC language hard to decipher. That’s where the idea of business-centric GRC comes into play for access control—providing the business with easier to understand, less technical language so that they can better interpret the data.


Understanding risk = greater ownership

If business users understand the access risks presented to them, they are more likely to ultimately take ownership of it. And when the business users take ownership of access risk, they can be held accountable.

 However, creating business-centric access control is difficult to do internally. More often than not it requires a solution that speaks to business users, such as Soterion’s Access Risk Manager, which features user-friendly interfaces and business process flows for easy risk remediation and effective access control management. 


Building a solid access control foundation

While it may take the right business-centric GRC solution to get business users invested in access control, it’s a mistake to view the software as a silver bullet.  
First, correcting the SAP role design within SAP must be done to optimise any technology investment. Once the organisation has implemented a good SAP role design, they must then ensure their GRC rule set is customised to align with their unique access and risk requirements.   

If your SAP roles and rule sets are sound, your access control solution is set up for success. The question then becomes: How do you measure success in access control? One way to do this is by gauging how well business users carry out access risk management activities.

The problem is that often business users need to perform certain GRC functions, but they understand very little about GRC itself. They complete the tasks to tick an audit box rather than to address a specific need within the organisation. This is why having business user engagement is so important.

 

Top 4 access control requirements and strategies

There are a few reasons organisations use an access control solution.

  1. Firstly, they need to ensure that their SAP systems are secure, often driven by internal and external audits. These audits seek to monitor if people are         assigned appropriate access and determine fraud risk associated with improper access.
  2. Companies are also concerned about improving efficiencies of their SAP user provisioning processes and making it easier to manage authorisations. The goal is to get business users to perform compliance tasks and access risk management activities much more efficiently.
  3. Complying with regulations is also a top priority for implementing access control processes and solutions, especially when it comes to data privacy. There is a significant amount of sensitive personal data in SAP. Understanding where that data resides and who has access to it is important—especially when complying with data privacy regulations
  4. Finally, companies see the need to move access risk responsibility away from IT departments to business users. This shift means moving beyond using GRC solutions solely as back-end tools and becoming more business-centric in managing access risk.

To accomplish these objectives, companies should look to streamline provisioning processes and utilise automation to improve efficiencies. One example is to make use of Business Roles.

This is a collection of SAP access from a number of SAP systems. When a Business Role is assigned to an SAP user, all the required access from the various SAP systems (including DEV and QAS) for that user is assigned. This reduces the effort and time taken to assign appropriate access.


Benefits of business-centric access control

There is such a tendency to over-allocate access in SAP. This is either due to SAP users inheriting roles as they move internally, or a user being assigned an SAP role that has 50 transaction codes where the user only needs to use one transaction code (SAP authorisation creep).

 A business-centric GRC solution will ensure compliance tasks such as a User Access review are more effective, and can result in much of the over-allocated access being removed resulting in an SAP authorisation solution that is well-aligned to what the users are doing in the SAP system. This remediation effort will reduce the effort required to carry out any future user access reviews i.e. with a well-aligned solution, the business users will have far fewer user–role relationships to review which can have a significant cost saving to the organisation.

Soterion has seen organisations reduce access risk by as much as 80%, significantly minimising the potential for fraud. One way business-centric access control reduces risk is that business users make informed decisions as to whether their users need specific SAP access or whether it poses too significant a risk to the organisation. This informed decision-making process results in only assigning only appropriate access to the users, which reduces the potential for fraud in the organisation.


What does this mean for you?

Here are three key takeaways to consider when planning your business-centric GRC and access control strategy:

  1. Properly defining your SAP roles and GRC rule sets are essential. 
    If your SAP roles and GRC rule sets aren’t adequately set up and customised to your organisation, it becomes difficult to assign appropriate access. If that’s the case, it doesn’t matter how great your GRC solution is because it won’t correctly assess risk without accurate role and rule set data.
  2. Make access control accessible to business users.
    While many companies rely on IT to carry out access control through GRC software, the business users must carry out proper access risk management processes. Provide business users with user-friendly interfaces and easy-to-understand (read: non-technical) language around necessary risk management. They will be more engaged and more likely to limit access risk effectively.

  3. Go beyond audits when measuring GRC effectiveness. 
    It’s tempting to rely on audits to do the heavy lifting when it comes to measuring the effectiveness of your GRC and access control programs and technologies. However, that’s more of a measurement of the result, not the process. Companies can get ahead of audits by looking at how well business users are performing their access risk management duties along the way.

 

How can Soterion Help You?

Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.

Feel free to email us on [email protected]. Let us help you take your GRC to the next level.

 

Webinar

SAUG Solution Series – Managing Access Risk in S/4HANA – 10 Nov 2022

Soterion has partnered with SAP Australian User Group (SAUG) to bring to you a 45-minute Solution Series Webinar on Managing Access Risk in S/4HANA , presented by Soterion CEO, Dudley Cartwright.

 

About SAUG

The SAP Australian User Group (SAUG) is an independent not-for-profit industry association that provides information, access, and advocacy for SAP customers and professionals (including SAP acquired companies – SuccessFactors, Ariba, BusinessObjects, Concur, hybris and Fieldglass). With a member base of over 6,000 individuals from 300+ companies, SAUG is the only SAP-endorsed user group in Australia.

SAUG’s vision is to be a strategic partner of the Australian SAP community to help each other achieve business goals by gaining the insights and influences required to utilise and improve SAP and close the gap between strategy and execution.

About the webinar

There are some significant changes to how access is assigned to users in S/4HANA. If your access control solution does not cater for these changes, it could lead to either over or under reporting on access risks. This could result in fraud or errors that could have a financial impact on the organisation. 

In this 45-minute webinar, presented by Dudley Cartwright from Soterion, we will explain how they analyse Fiori access and the changes in an S/4HANA system. This includes catering for Fiori apps in the rule set, Fiori app usage to ensure a well aligned solution and assessing whether the SAP users have access to the Fiori catalogs in combination with the backend Fiori apps (service) values.

  • Date: Thursday, November 10, 2022
  • Time: 2:00 PM – 2:45 PM AEDT
  • Register Here (Webinar open to SAUG Members only)

This webinar is open to SAUG members only, be sure to log into the website to register. If you are interested in joining SAUG, head to their Membership Page.

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]


Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.

Event

SAPSA IMPULS 2022 – 7 and 8 November 2022

SAPSA IMPULS 2022 – 7 and 8 November 2022

Soterion team will be at the SAPSA IMPULS in-person event hosted by the SAP Swedish user association in Stockholm, Sweden. We are proud sponsors and look forward to being a part of the event.

Emile Steyn, Business Unit Director Soterion Benelux, will also be hosting a session and running demo sessions at the Soterion stand. If you plan to attend the event and are interested in booking a demo, please feel free to email [email protected], alternatively you can chat to anyone at the booth throughout the event for more information.

We look forward to networking and catching up with everyone in Stockholm or virtually.

 

Event Details:

Here’s what you’ll takeaway from our sessions:

Typical Challenges with SAP Security and GRC
Presented by: Emile Steyn, Unit Business Director at Soterion Benelux

Many organisations have implemented an access control solution but are struggling to derive any value from their GRC investment. In this session we will discuss the typical challenges facing organisations with their SAP security and GRC, and how best to address them. Some of these challenges include activities such as:

  • Policies and Procedures
  • In-appropriate access
  • Rule set customisation
  • Mitigating Control definition
  • Business Role Definition
  • Business Role Ownership
 
About SAPSA

SAPSA – SAP Swedish user association – is an independent and non-profit association that since 1990 promotes the exchange of knowledge and experience between our members through networking.  SAPSA annually organises content-rich conferences, meetings and other network meetings in order to promote the members’ opportunities to exchange experiences and expand their knowledge in the use of SAP.

 

Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.

Webinar

UKISUG Webinar – Why is Effective Business Role Definition Important? – 4 October 2022

Soterion has partnered with UK and Ireland SAP User Group (UKISUG) to bring to you a 60-minute Webinar on Why is Effective Business Role Definition Important?, presented by Soterion CEO, Dudley Cartwright.

 

UKISUG Connect 2022

About UKISUG

Founded in 1988, The UK & Ireland SAP User Group (UKISUG) is an independent ‘not for profit’ organisation. UKISUG comprise of over 600 organisations and 5,000 professionals, are an independent voice for SAP users in the UK and Ireland and provide a channel for SAP to communicate to customers.


About the webinar

Business Roles are a collection of roles from multiple SAP systems. The Business Role methodology can significantly improve the efficiency of the user provisioning process. However, if these roles are not correctly defined, they can end up providing the users with very inappropriate access, putting the organisation at unnecessary fraud risk. 

  • Date: Tuesday, October 4, 2022
  • Time: 2:00PM – 2:45 PM GMT
  • Register Here (Webinar open to UKISUG Members with the option to register as a guest)

In this session, we will explain the process of accurately defining/building business roles so that they provide appropriate access for the SAP users. This will allow the organisation to achieve their desired objective of improving the efficiency of the Joiner – Mover- Leaver process in a controller manner where users are assigned appropriate access for their job function.

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]


Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.

Webinar

SAUG Webinar – Importance of Effective Business Role Definition – 13 Oct 2022

Soterion has partnered with SAP Australian User Group (SAUG) to bring to you a 60-minute Webinar on the Importance of Effective Business Role Definition, presented by Soterion CEO, Dudley Cartwright.

 

About SAUG

The SAP Australian User Group (SAUG) is an independent not-for-profit industry association that provides information, access, and advocacy for SAP customers and professionals (including SAP acquired companies – SuccessFactors, Ariba, BusinessObjects, Concur, hybris and Fieldglass). With a member base of over 6,000 individuals from 300+ companies, SAUG is the only SAP-endorsed user group in Australia.

SAUG’s vision is to be a strategic partner of the Australian SAP community to help each other achieve business goals by gaining the insights and influences required to utilise and improve SAP and close the gap between strategy and execution.

About the webinar

Business Roles are a collection of roles from multiple SAP systems. The Business Role methodology can significantly improve the efficiency of the user provisioning process. However, if these roles are not correctly defined, they can end up providing the users with very inappropriate access, putting the organisation at unnecessary fraud risk. 

  • Date: Thursday, October 13, 2022
  • Time: 2:00 PM – 3:00 PM AEDT
  • Register Here (Webinar open to SAUG Members only)

In this session, we will explain the process of accurately defining/building business roles so that they provide appropriate access for the SAP users. This will allow the organisation to achieve their desired objective of improving the efficiency of the Joiner – Mover- Leaver process in a controller manner where users are assigned appropriate access for their job function.

This webinar is open to SAUG members only, be sure to log into the website to register. If you are interested in joining SAUG, head to their Membership Page.

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]


Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.

Event

SAUG National Summit – 15 to 16 September 2022

SAUG National Summit – 15 to 16 September 2022

The Soterion team will be at the SAUG National Summit in-person event hosted by the SAUG in Sydney, Australia. We are planning a sweet surprise at our booth so come and visit us!

Dudley Cartwright, Soterion CEO, will also be hosting a session and running demo sessions. If you plan to attend the event and are interested in booking a demo, please feel free to email [email protected], alternatively you can chat to anyone at the booth throughout the event for more information.

The SAUG National Summit is the only SAP customer-run event featuring over 70 sessions, including inspiring keynote presentations, customer experiences with numerous SAP solutions, SAP expert sessions and SAP Roadmaps, workshop sessions and valuable networking opportunities. We are proud sponsors and look forward to being a part of the event.

We look forward to networking and catching up with everyone in Sydney!


More about the event:


More about our presentation:

Typical Challenges with SAP Security and GRC

This topic will be hosted  by Dudley Cartwright, CEO of Soterion 

Many organisations have implemented an access control solution but are struggling to derive any value from their GRC investment. In this session we will discuss the typical challenges facing organisations with their SAP security and GRC, and how best to address them. Some of these challenges include activities such as: 

  • Policies and Procedures
  • In-appropriate access
  • Rule set customisation
  • Mitigating Control Definition
  • Access Risk Management Processes
  • Business Role Definition

About SAUG

The SAP Australian User Group (SAUG) is an independent not-for-profit industry association that provides information, access, and advocacy for SAP customers and professionals (including SAP acquired companies – SuccessFactors, Ariba, BusinessObjects, Concur, hybris and Fieldglass). With a member base of over 6,000 individuals from 300+ companies, SAUG is the only SAP-endorsed user group in Australia.

SAUG’s vision is to be a strategic partner of the Australian SAP community to help each other achieve business goals by gaining the insights and influences required to utilise and improve SAP and close the gap between strategy and execution.



How can Soterion Help You?

Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.

Read more about our offerings. Soterion’s GRC modules include Access Risk ManagerBasis Review Manager, Central Identity Manager, Data Privacy ManagerElevated Rights ManagerPeriodic Review ManagerPassword Self-Service, and SAP License Manager.

Feel free to email us on [email protected]. Let us help you take your GRC to the next level.

Webinar

SAUG Solution Series – Managing SOD risk in SuccessFactors – 9 August 2022

Soterion has partnered with SAP Australian User Group (SAUG) to bring to you  a 45-minute Solution Series Webinar on Managing SOD risk in SuccessFactors, presented by Soterion CEO, Dudley Cartwright.

 

About SAUG

The SAP Australian User Group (SAUG) is an independent not-for-profit industry association that provides information, access, and advocacy for SAP customers and professionals (including SAP acquired companies – SuccessFactors, Ariba, BusinessObjects, Concur, hybris and Fieldglass). With a member base of over 6,000 individuals from 300+ companies, SAUG is the only SAP-endorsed user group in Australia.

SAUG’s vision is to be a strategic partner of the Australian SAP community to help each other achieve business goals by gaining the insights and influences required to utilise and improve SAP and close the gap between strategy and execution.

About the webinar

This 45-minute webinar, presented by Dudley Cartwright from Soterion, we will demonstrate how Soterion’s business-centric GRC solution has the capability to analyse user access in SuccessFactors and Employee Cloud Payroll, providing organisations with the necessary level of visibility to effectively manage this risk

  • Date: Tuesday, August 9, 2022
  • Time: 2:00PM – 2:45 PM AEST
  • Register Here (Webinar open to SAUG Members only)

As organisations move from SAP HCM to SuccessFactors, they may find themselves more exposed to fraud due to the challenges of managing SOD risk in SuccessFactors. And due to the sensitive nature of this data, managing SuccessFactors access risk effectively should be a priority for all organisations.

This webinar is open to SAUG members only, be sure to log into the website to register. If you are interested in joining SAUG, head to their Membership Page.

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]


Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.

Thought Leadership

5 Key Business Risks in 2022: Are You Covered?

“Access control is central to the management of key business risks”. This is one of the key takeaways from IDC, a leading provider of global IT research and advice, in their recent IDC Vendor Spotlight, sponsored by Soterion.

The IDC Vendor Spotlight outlines key challenges associated with SAP access management, the benefits of investing in a quality access control solution, and actions required to drive improvements.

Download the full IDC Vendor Spotlight  here or read an excerpt below which details IDC’s views on the key business risks that access control solutions can help manage.

1. Financial Risk

Financial processes must be designed to prevent fraud by those inside the business. Segregation of duties is a key technique to protect against fraud, the principle being that transactions must always require action from two or more staff, making it extremely difficult for an individual to commit fraud and more errors are likely to be picked up.

 2.  Reputational Risk

Organisations must protect their reputation among customers and investors. The failure of risk management processes can have a big impact on the reputation of a business as well as direct financial losses or legal repercussions.

In Europe, a series of corporate scandals and failures have made the public aware of the fact that not all businesses meet the standards required of them, reducing trust in the business in question. This loss of trust can have a material impact on brand value and the share price of listed companies.



3. Regulatory Risk

Applying processes that manage risk goes beyond good business practice. All businesses are legally required to comply with regulations determined by the jurisdictions in which they operate. Organisations in certain industries such as financial services and pharmaceuticals must adhere to a specific set of regulations driven by the types of products they develop and sell.

Auditors will check compliance with these regulations. Critically, it is not enough for an organisation to show that no failures occurred; regulators and auditors must see that robust processes are in place to ensure continued compliance.


4. Privacy Risk

An example of a set of regulations that apply to all organisations in Europe are those set out in the General Data Protection Regulations (GDPR). All businesses that operate in Europe must treat personal data in line with a set of rules that control the way data is collected and consent for its use, storage, and retention is handled. There are serious penalties for organisations that breach these regulations.



5. Access Control

Processes designed to mitigate financial, reputational, and legal risks are the first part of the solution; access control is the second. The effectiveness of business processes is contingent on the correct people actioning each step of the process. Risk management is ultimately in the hands of people who must perform the role defined for them precisely. Individuals with access rights to systems that are too broad may find they are able to circumvent or compromise processes designed to protect the business.

 
Compliance is a Complex and Evolving Challenge

The chief financial officer is the primary owner of risk management, answerable to the board, and holding a personal legal responsibility. In Europe, the regulatory burden has been rising as the European Union in particular seeks to protect consumers and investors and reduce systemic risks in certain industries.

The financial crisis of 2008 in particular triggered a wave of new regulations. CFOs had to respond quickly and received investment to upgrade systems and processes to meet emerging requirements, but in most cases, compliance was achieved by adjusting existing systems to meet the new requirements of regulations such as MIFID, IFRS, and SOX.

Is your access control solution keeping up?

It’s worth revisiting your access control processes to ensure they’re keeping up with changing regulations and best practices. Get in touch with one of Soterion’s SAP security consultants to explore how we can help solve your GRC objectives.


Learn more

Soterion is an international leading provider of governance, risk, and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure.

Soterion is passionate about simplifying the governance, risk, and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. Email [email protected] for more information.

Get in touch with one of our SAP security consultants to explore how we can help solve your GRC objectives.

 

Source: IDC Vendor Spotlight, Sponsored by Soterion, Soterion: Managing Risk and Ensuring Compliance Through Application Access Management, Doc. #EUR148915922, March 2022

 

1236