Solutions Overview

Soterion’s Business-Centric
GRC Solutions

Soterion’s Suite of Solutions

Soterion’s business-centric GRC solutions provide SAP customers with in-depth access risk reporting enabling organisations to effectively manage their access risk exposure. We are passionate about simplifying the GRC processes, converting the technical GRC language into a language the business users can understand. This enhances better business decision-making and accountability.

Identify Risk

Access Risk Manager (Identify Risk)

Analyse SAP systems and identify access risks that could potentially lead to fraud or security breaches. User-friendly dashboards display easy-to-consume information, making SAP access risk identification and remediation effortless. 
Organisational Level Controls

Organisational Level Controls

Many organisations focus their security efforts on ensuring that SAP users are restricted from performing certain functions, transaction codes or Fiori applications. Less emphasis is placed on ensuring SAP users can only perform those functions for the correct Organisational Level such as Company Code, Plant, Purchase Organisation or Sales Organisation. Soterion allows organisations to analyse each function that SAP users can perform in the SAP system, and for which Organisation Level.
SuccessFactors

SuccessFactors

With the move from SAP HCM to SuccessFactors Employee Central and Employee Central Payroll, organisations need the ability to analyse access from these solutions and highlight any access risk violations. Soterion provides an “out-the-box” rule set for SuccessFactors which allows companies to gain visibility on the access risks. Furthermore, ‘What-if’ simulations enable the organisation to proactively manage its access risk by allowing business users to review and approve change requests prior to these changes being applied in SuccessFactors.
Get Clean

Access Risk Manager (Get Clean)

Ensure SAP users have appropriate access using Soterion’s powerful risk remediation and role clean-up functionality and significantly reduce the effort required by business users to carry out user access reviews. 
Stay Clean

Access Risk Manager (Stay Clean)

Control the SAP access (change) request process with Soterion’s ‘What-If’ simulation functionality, allowing the organisation to determine the risk impact of any proposed role change prior to applying it in SAP. 
Stay in Control

Access Risk Manager (Stay in Control)

Document and monitor mitigating controls. Graphically track the mitigation status of identified risks and control compliance activities by prompting controllers to perform the controls. 

Access Risk Manager (Identify Risk)

Analyse SAP systems and identify access risks that could potentially lead to fraud or security breaches. User-friendly dashboards display easy-to-consume information, making SAP access risk identification and remediation effortless. 

Basis Review Manager

SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these Configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.
Central Identity

Central Identity Manager

The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardisation of job functions across the organisation reduces complexity, and reduces the effort required to manage and review SAP user access.

The Central User Administration functionality further reduces the support effort and cost to manage user access across the SAP landscape, including non-productive SAP systems.

Role Modelling

Role Modelling

Improperly defined Business Roles or SAP Composite Roles can lead to significant over-allocation of access, potentially granting users inappropriate access to applications that they should not have. This can pose a serious fraud risk to organisations and make compliance tasks such as User Access Reviews, more difficult and time-consuming. With Soterion’s Role Modelling functionality, organisations can create Business or SAP Composite Roles based on the actual usage of a group of users..

Central Identity Manager

The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardisation of job functions across the organisation reduces complexity, and reduces the effort required to manage and review SAP user access. 

The Central User Administration functionality further reduces the support effort and cost to manage user access across the SAP landscape, including non-productive SAP systems.

Continuous Controls Manager

Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach. By extensively scrutinising the SAP transactional data, continuous control monitoring enables organisations to monitor access risks that materialise, ensuring a more effective access risk management capability..

Data Privacy Manager

Manage personal data in SAP and monitor which users in SAP have access to sensitive personal information. Soterion’s Data Privacy Manager analyses all tables in SAP and highlights those that contain fields with personal or sensitive information, categorising the data by Data Domain (such as bank details, email addresses and ID numbers) and per Data Subject (business partner, vendor, customer, employee and SAP user).

Elevated Rights Manager

The Elevated Rights Manager grants sensitive fire-fighting access in an automated workflow-driven process, and enables your management team to perform a structured review of any activities that were performed during the Elevated Rights Access period.

Password Self-Service

Soterion provides users with the ability to reset their SAP passwords which reduces the burden on the authorisation support team and associated costs. 

The self-service functionality reduces business down-time by empowering users to reset passwords instantly.

Periodic Review Manager

The Periodic Review Manager allows business users to review access in the context of risk and business processes, ensuring informed and effective decision making. 

This business-friendly process is easily managed using progress dashboards to expedite the review process. Besides this process being an audit and statutory requirement in many business environments, this module also significantly enhances insight into your GRC environment.

SAP License Manager

The SAP License Manager identifies under-utilised and incorrectly classified SAP User accounts by monitoring user activity in SAP for effective license optimisation. 

This ensures optimal contract management and compliance whilst reducing unplanned and excess costs.

Background - Key Benefits

Effective SAP Security

Soterion specialises in offering GRC solutions tailored to address four key SAP security challenges: SAP access risk, SAP data privacy, Identity Access Management, and SAP license management. Effective SAP security not only protects against unauthorised access and data breaches but also enhances operational efficiency and regulatory compliance.

SAP
Access Risk

Take control of your organisation’s SAP access risk exposure with Soterion’s business-friendly reporting.

SAP
Data Privacy

Identify and monitor personal sensitive data in SAP.

Identity Access
Management

Introduce Business Roles to improve provisioning efficiencies as well as to enhance business role ownership.

SAP License
Management

Pro-actively manage SAP user licenses to ensure no unexpected software license costs.

Background - Contact

Experience a better way of managing your GRC today

Speak to one of our GRC consultants to explore how we can help solve your GRC objectives

Terms of Use

How will we use the information about you? Here at Soterion we take your privacy seriously and will use your personal details submitted to email you the requested information. If you opt in to stay informed we will contact you from time to time with Soterion related content. You can unsubscribe at any time. Read our full privacy policy here.