Our Services
Expert SAP Security Consultants
Consulting and Advisory
SAP Security and Role Designs
S/4HANASAP security is both complex and technical. Ensuring the SAP role design provides SAP users with the appropriate access is a key control. Coupled with this, is the chosen SAP role methodology, one that is flexible for a dynamic and ever-changing organisation. The SAP roles form the foundation of all things GRC.
Deficiencies in the role design will negatively affect the organisation’s GRC capability. Ensuring that the correct blend of security and the level of flexibility requires experienced SAP security consultants. Soterion have a team of expert consultants with vast knowledge in SAP security, risk and controls across multiple SAP platforms (ECC, S/4HANA, SuccessFactors etc) to assist our customers in securing their SAP environments and to extract maximum value from their GRC investment.
Rule set customisation projects are becoming increasingly more important to ensure that the organisation monitors risks that are relevant. To facilitate a rule set project requires skilled resources who have a great understanding of SAP authorisations as well as the business processes.
The quality of the customised rule set is very dependent on the skill level of resource facilitating the project. Soterion’s consultants, with many years of technical knowledge, are well equipped to perform a rule set project having completed many of these around the world.
As organisations move toward S/4HANA and evaluate future deployment options, security and licensing strategy have become closely linked priorities. Modern SAP environments introduce added complexity — particularly with access inherited through Fiori and evolving cloud architectures — requiring strong governance and well-designed role methodologies from the start. At the same time, CIOs must consider cloud transitions such as SAP Cloud ERP Private Edition, where licensing models and STAR-based Full User Equivalent (FUE) measurements can inflate licence requirements if roles are not designed with licensing in mind — increasing both risk exposure and long-term costs.
Poorly executed security or licensing decisions during an S/4HANA programme can leave organisations exposed to fraud risk, support-intensive SAP role designs, and unnecessarily high licence fees. By combining strong security architecture with licensing awareness, organisations can reduce risk, optimise access, and control software spend. Soterion’s experienced consultants have supported numerous SAP transformation initiatives, providing practical guidance on secure role design, governance, and licensing optimisation to help deliver projects that are both secure and financially sound from day one.
Access Risk Assessment
Soterion’s SAP Access Risk Assessment gives organisations running SAP a fast, low-effort way to understand their access risk exposure using their own system data. With only a few simple steps — downloading a lightweight data extractor, running the secure extraction, and uploading the encrypted files — organisations can gain clear, business-friendly insight into user access risks, segregation of duties concerns, and potential remediation opportunities. No custom transports or complex installations are required, and the process runs largely in the background, making it easy for teams to participate without disrupting daily operations.
Once the data is analysed, Soterion delivers practical, decision-ready results that help organisations prioritise remediation, prepare for audits, and experience a mini proof-of-concept using familiar system data. Security and privacy remain central throughout the process: only authorisation-related information is extracted, sensitive fields can be masked, and all data is protected through strong encryption, secure hosting practices, and industry-standard certifications. Clients can review results through a secure hosted environment and request data deletion after the assessment, ensuring full control while gaining valuable insight into their SAP access risk landscape.
SAP (FUE) User Licensing Assessment
Soterion’s SAP (FUE) Licensing Assessment enables organisations to gain clarity on their true FUE licensing requirements and determine their optimal cost position based on how SAP users actually interact with the system today. By analysing usage at the SAP authorisation object level, Soterion delivers far more precise optimisation outcomes than traditional approaches.
The assessment empowers SAP security and governance teams to move beyond compliance and play a proactive role in cost optimisation, financial governance, and strategic decision-making. It provides visibility into potential RISE costs, highlights how the current SAP role design drives FUE consumption, and quantifies the opportunity for optimisation.
In addition, the assessment delivers actionable remediation recommendations to reduce unnecessary licensing spend — whether through targeted clean-up activities or strategic role redesign. By highlighting critical data insights, organisations are better equipped to hold service providers accountable, strengthen internal governance, and approach licensing negotiations with confidence.
Ultimately, Soterion’s SAP (FUE) Licensing Assessment helps organisations control costs, minimise risk, and unlock measurable value from their SAP investment, while aligning security and licensing strategies with broader business objectives.
