Access Risk Manager: Identify Risk

Gain insight into your SAP access risks with business-friendly reporting.

SAP Access Risk Analysis — Incorporating Transactional Usage

Soterion for SAP analyses users’ authorizations and incorporates the user’s historical transactional usage data to differentiate between the potential and the actual access risks. This allows business to focus on the real access risk in the SAP environment.

Business-friendly SAP Access Risk Reporting

Soterion for SAP allows the organisation to view data from every angle by using drag-and-drop functionality for grouping and filtering. Graphical overviews show the organisation’s access risk landscape, including high-risk areas, in relation to risk tolerance and appetite levels. Reporting on SAP access risks at department level makes it easy to define information ownership.

Access Risk Manager: Get Clean

Remediate SAP access risks with minimal business interruption using powerful data analytics.

Resolution-driven Gap Analysis Reporting

Soterion for SAP performs a Gap Analysis between potential SAP access risk and the actual SAP access risk in your authorization environment. Identifying and resolving this superfluous access is the first step in taking control of your SAP authorization landscape. Any redundant user access can then be remediated without business interruption and allows business to focus on the real access risk. Redundant user access typically contributes to 80% of the access risks in an SAP environment.

Risk Clean-up Wizards

The Risk Clean-up Wizards provide clear, focused, step-by-step suggestions on how to eradicate access risks, from the removal of superfluous allocations to the splitting of roles based on role usage analytics.

SAP Access Risk Clean-up Projection

The Risk Clean-up Projection view estimates to which degree your SAP Authorization solution can be cleaned up using Soterion for SAP’s methodology. The clean-up actions focus initially on the removal of unused access contributing to risk, ensuring significant risk remediation with minimal impact on business.

Get Clean: User Risk Overview

The majority of access risk in an SAP environment is caused by functionality that is assigned to a user but is not being used. Soterion for SAP’s Gap Analysis functionality enables you to align your authorization solution to what the users are actually doing in the system, thus allowing you to focus on the real access risk in your SAP environment.

Access Risk Manager: Stay Clean

Simulates “What-if” scenarios prior to making the changes in SAP – business approval is done using workflow.

Allocation Simulations and “What-If” Analysis

Soterion for SAP allows for the simulation of SAP authorization changes prior to effecting the changes in SAP. By incorporating the user’s transactional usage history, business is empowered to make better access risk decisions. Change control ensures business approval of authorization changes, together with the risk impact.

“Out-the-Box” Rule Set that is Fully Customisable

Soterion for SAP comes with an “out-the-box” access risk rule set based on best practice for all industries. The rule set is easily customisable to cater for an organisation’s specific needs.

Mitigating Controls

Soterion for SAP’s unique Gap Analysis functionality enables business to focus on mitigating the actual SAP access risks. Business can graphically view the mitigation status of identified risks.

The Control Library is a central repository of mitigating controls, allowing business to easily and effectively mitigate access risk through default controls and workflow functionality.

Stay Clean: Allocation Simulator

Ensure that the SAP Authorization solution remains clean going forward by simulating allocations prior to affecting these changes in SAP. Soterion for SAP’s Allocation Simulator identifies whether these changes will introduce any new SAP access risk violations. These changes can be sent for approval using workflow, thereby ensuring that business accepts the new risk, as well as establishing audit trails for changes and risks.

An example of a simulation is:

An example of a simulation result is: