Adding Value to SAP Customers Around the Globe

We are passionate about developing SAP access risk management solutions that add real value to an organisation. For the past 10 years we have been successful in reducing SAP access risk in combination with enhancing business accountability of risk through ‘easy-to-use’ business centric Governance, Risk and Compliance (GRC) software.

Co-founded by Johan van Noordwyk and Dudley Cartwright, Soterion’s software solution empowers SAP customers to achieve SAP authorisation compliance with great ease, regardless of their internal GRC capability and expertise.

Reflecting back

“While working in the SAP Security space, it came to our attention that many organisations were having challenges with their SAP access risk and compliance,” recalls Soterion co-founder Dudley Cartwright. “There were a number of tools for dealing with this problem, but many were either too expensive or not user-friendly.” As a result, Soterion was born to provide an effective GRC solution for companies running SAP.

How our GRC software adds value

“It brings us great joy to see our software in action and bringing the intended value to the client,” says Dudley.

Energy company Aker Solutions implemented SAP between 2004 to 2006. The company then implemented SAP GRC, but struggled to derive value due to the software’s complexity, leading to under-utilisation.

Petter Natås, Aker Solutions Director, Finance Process Improvement & Systems, Norway, explained: “We had offers from our service provider to get on top of SAP GRC. One of the main concerns was the long implementation period. They estimated one and a half years to get it into place, so the costs were high.”

Aker Solutions switched to Soterion’s GRC software and reduced access risk by 85%, the company explained in a recent case study. Through implementing Soterion for SAP, Aker achieved improved efficiency, better effectiveness, as well as regulatory compliance.

Another client, KOMATSU Australia, who manufactures and sells construction and mining equipment, forest machines and industrial machinery, reported its SAP access risk results in a spreadsheet.

After implementing Soterion for SAP, KOMATSU was able to view its access risk more easily, and in real-time, in a user-friendly web application.

Saint Gobain Construction Products (South Africa) implemented SAP in 2001 and faced typical SAP security challenges of over-allocation of access and / or in-appropriate access resulting in internal audit findings. After evaluating various SAP access risk (GRC) systems, the company implemented Soterion for SAP.

The result: Saint-Gobain’s audits were successful. Management were provided with a better understanding of the company’s business risks as well as having improved access control, visibility, and improved management buy-in.

Over the years our GRC software has also received numerous positive reviews in reports and from analysts. In a recent report covering SAP Governance, Risk and Compliance (GRC) by KuppingerCole Analysts, an international independent analyst organisation, noted that we are able to offer a range of deployment options not available from several other vendors.

The report notes that because Soterion is not an ABAP application locked into the SAP ecosystem, it is able to run as an independent application interfacing to the SAP ecosystem.

The report also notes that one of our specific strengths is our well-thought-out user interface and mapping capabilities.

Interested to find out more about Soterion’s Access Risk Manager and our other modules? Email us on [email protected]. Let us help you take your GRC to the next level.

You may find this interesting