KuppingerCole’s Executive view on Soterion’s GRC solutions for SAP

Click here to download the full KuppingerCole Executive View.

In a report covering SAP Governance, Risk and Compliance (GRC) by KuppingerCole Analysts, an international independent analyst organisation headquartered in Europe, the company noted that Soterion, a provider of GRC for SAP, is able to offer a range of deployment options not available from several other vendors.

KuppingerCole Report Executive View

The report notes that due to Soterion not being an ABAP application that is locked into the SAP ecosystem, it is able to run as an independent application interfacing to the SAP ecosystem.

This approach has the added benefit of the Soterion solution being more flexible in building a modern, intuitive and business-centric user interface (UI). “It also will simplify the extension of Soterion for SAP to other solutions, specifically the SAP SaaS services such as Ariba or SuccessFactors, which currently are roadmap items and work in progress,” the report adds.

“All data is displayed in dashboards, supporting drag-and-drop capabilities for grouping, filtering, and re-arranging data. Thus, users can easily identify high-risk areas and other relevant information. Based on that, authorisations can be optimised. One of the capabilities of the Soterion Access Risk Manager is focused on reducing redundant access.”

“Risk clean-up wizards support the users in mitigating access related risks, but also in optimising the role model. The tool also provides a risk clean-up projection, indicating which amount of authorisations could be removed without impacting business operations.”

The report notes that a specific strength of Soterion is the well-thought-out user interface plus mapping capabilities, translating a technical perspective on SAP authorisations into information that relates to the perspective and understanding of business managers.

This includes the ability to provide graphical representations of business flow in the context of authorisations and access reviews, giving business managers an understanding about the activities in the business flow and their relationships.

KuppingerCole adds that Soterion is a user-friendly, well-thought-out solution for managing critical/emergency access, and licenses in SAP environments. “It is targeted at efficient usage, supporting business users that don’t come with a deep understanding of SAP specifics in performing both their routine jobs such as approving access as in the regular access reviews.”

In addition to Soterion’s Access Risk Manager module the report discusses Soterion’s suite of modules which include Basis Review Manager, Elevated Rights Manager, Periodic Review Manager, Password Self-Service and SAP Licensing Manager.


  • Very user-friendly and innovative user interface
  • Supports all major capabilities to be expected in this type of SAP GRC solutions
  • Supports transferring information into business-relevant representation
  • Graphical representation of business processes in the context of access reviews
  • Supports efficient identification and mitigating of access risks
  • Well-thought-out process for access review

Soterion’s agile GRC Access Risk solution solves GRC for SAP customers. Because companies differ, Soterion has developed three ways SAP customers can affordably handle GRC, whatever their internal capability.

Read more about our offerings
. If you’d like further information or would like to request a demo of our software email [email protected].

You may find this interesting