Solutions Overview

Soterion’s Business-Centric
GRC Solutions

Soterion’s Suite of Solutions

Soterion’s business-centric GRC solutions provide SAP customers with in-depth access risk reporting enabling organisations to effectively manage their access risk exposure. We are passionate about simplifying the GRC processes, converting the technical GRC language into a language the business users can understand. This enhances better business decision-making and accountability.

Access Risk Manager (Identify Risk)

Analyse SAP systems and identify access risks that could potentially lead to fraud or security breaches. User-friendly dashboards display easy-to-consume information, making SAP access risk identification and remediation effortless. 

Access Risk Manager (Get Clean)

Ensure SAP users have appropriate access using Soterion’s powerful risk remediation and role clean-up functionality and significantly reduce the effort required by business users to carry out user access reviews. 

Access Risk Manager (Stay Clean)

Control the SAP access (change) request process with Soterion’s ‘What-If’ simulation functionality, allowing the organisation to determine the risk impact of any proposed role change prior to applying it in SAP. 

Access Risk Manager (Stay in Control)

Document and monitor mitigating controls. Graphically track the mitigation status of identified risks and control compliance activities by prompting controllers to perform the controls. 

Access Risk Manager (Identify Risk)

Analyse SAP systems and identify access risks that could potentially lead to fraud or security breaches. User-friendly dashboards display easy-to-consume information, making SAP access risk identification and remediation effortless. 

Basis Review Manager

SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these Configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.

Central Identity Manager

The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardisation of job functions across the organisation reduces complexity, and reduces the effort required to manage and review SAP user access.

The Central User Administration functionality further reduces the support effort and cost to manage user access across the SAP landscape, including non-productive SAP systems.

Role Modelling

Improperly defined Business Roles or SAP Composite Roles can lead to significant over-allocation of access, potentially granting users inappropriate access to applications that they should not have. This can pose a serious fraud risk to organisations and make compliance tasks such as User Access Reviews, more difficult and time-consuming. With Soterion’s Role Modelling functionality, organisations can create Business or SAP Composite Roles based on the actual usage of a group of users..

Central Identity Manager

The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardisation of job functions across the organisation reduces complexity, and reduces the effort required to manage and review SAP user access. 

The Central User Administration functionality further reduces the support effort and cost to manage user access across the SAP landscape, including non-productive SAP systems.

Data Privacy Manager

Manage personal data in SAP and monitor which users in SAP have access to sensitive personal information. Soterion’s Data Privacy Manager analyses all tables in SAP and highlights those that contain fields with personal or sensitive information, categorising the data by Data Domain (such as bank details, email addresses and ID numbers) and per Data Subject (business partner, vendor, customer, employee and SAP user).

Elevated Rights Manager

The Elevated Rights Manager grants sensitive fire-fighting access in an automated workflow-driven process, and enables your management team to perform a structured review of any activities that were performed during the Elevated Rights Access period.

Materialised Risk Manager

Access risk reporting has evolved over the years, moving from identifying and highlighting potential risks to actual risks based on the use by an SAP user of the conflicting actions or functions. By extensively scrutinising the SAP transactional data, our Materialised Risk Manager enables organisations to continuously monitor those access risks that have materialised, ensuring a more effective access risk management capability.

Password Self-Service

Soterion provides users with the ability to reset their SAP passwords which reduces the burden on the authorisation support team and associated costs. 

The self-service functionality reduces business down-time by empowering users to reset passwords instantly.

Periodic Review Manager

The Periodic Review Manager allows business users to review access in the context of risk and business processes, ensuring informed and effective decision making. 

This business-friendly process is easily managed using progress dashboards to expedite the review process. Besides this process being an audit and statutory requirement in many business environments, this module also significantly enhances insight into your GRC environment.

SAP License Manager

The SAP License Manager identifies under-utilised and incorrectly classified SAP User accounts by monitoring user activity in SAP for effective license optimisation. 

This ensures optimal contract management and compliance whilst reducing unplanned and excess costs.

SuccessFactors

With the move from SAP HCM to SuccessFactors Employee Central and Employee Central Payroll, organisations need the ability to analyse access from these solutions and highlight any access risk violations.

Soterion provides an “out-the-box” rule set for SuccessFactors which allows companies to gain visibility on the access risks. Furthermore, ‘What-if’ simulations enable the organisation to proactively manage its access risk by allowing business users to review and approve change requests prior to these changes being applied in SuccessFactors.

Related Content

SAP Security and Provisioning of SAP Access

Download PDF

The Effective GRC Pyramid

Download Now

What is Business Centric GRC for SAP?

Watch Now

Background - Key Benefits

Effective SAP Security

Soterion specialises in offering GRC solutions tailored to address four key SAP security challenges: SAP access risk, SAP data privacy, Identity Access Management, and SAP license management. Effective SAP security not only protects against unauthorised access and data breaches but also enhances operational efficiency and regulatory compliance.

SAP
Access Risk

Take control of your organisation’s SAP access risk exposure with Soterion’s business-friendly reporting.

SAP
Data Privacy

Identify and monitor personal sensitive data in SAP.

Identity Access
Management

Introduce Business Roles to improve provisioning efficiencies as well as to enhance business role ownership.

SAP License
Management

Pro-actively manage SAP user licenses to ensure no unexpected software license costs.

Visit our blog

Background - Contact

Experience a better way of managing your GRC today

Speak to one of our GRC consultants to explore how we can help solve your GRC objectives

Terms of Use

How will we use the information about you? Here at Soterion we take your privacy seriously and will use your personal details submitted to email you the requested information. If you opt in to stay informed we will contact you from time to time with Soterion related content. You can unsubscribe at any time. Read our full privacy policy here.