Identify high-level risks in your SAP information security and compliance


Find Your System Vulnerabilities

Our Initial Vulnerability Assessment (“IVA”), applied to a single SAP system, is a starting point designed to give executives and SAP operational teams insight into their most critical areas of risk. The IVA focuses on four common areas of risks applicable to SAP systems:

Artboard 3-7

SAP systems routinely store information that is the equivalent of the “crown jewels” for most organizations. In the past few years, SAP systems have become a prime target for attackers looking for financial, client and HR data.

Organizations may be overwhelmed by information security, since there are so many potential areas of vulnerabilities. To manage risks, you need to know where your vulnerabilities are, prioritize areas in need of remediation, and allocate security investments based on a cost-benefit analysis.

Our Initial Vulnerability Assessment for SAP gives your executives and application managers a high-level overview of risks in the areas of information security and compliance of their SAP systems. Once key areas of risk are identified, detailed assessments of those areas can be performed to prioritize remediation.

Artboard 12-9

Initial Vulnerability Assessment Overview

    The Initial Vulnerability Assessment service uses various internal and partner tools to generate a combined final report. The report contains the following sections:
  1. Introduction: Provides an overview of the approach along with key system and test statistics.
  2. Scorecard: Provides a clear overview of security strengths and weaknesses in our unique scorecard format.
  3. Cost of Incident Calculations: Calculation of risk exposure and potential losses when compared to typical industry benchmarks.
  4. High-level mitigation strategy: A overview of the key mitigation actions that should be considered to reduce risk.
  5. Mitigation ROI: An analysis of exposure and cost reduction should the mitigating actions be taken.
  6. High-level action plan: An action plan that applies the mitigating actions to a schedule.
  7. Project cost estimates: Indicates what implementation might cost.
ACTS Score Card-3

A Sample ACTS Scorecard

Assessment Type



Access Risk

Evaluates the SAP Authorization environment in terms of role design and user access provisioning.

Access Risk Manager report identifies the gap between Potential (roles allocated to users) and Actual (transaction codes used by users) risks for the period under review.

Custom Code Risk

Finds potential vulnerabilities related to security, compliance and performance in custom ABAP code base.

CodeProfiler for ABAP report with summary, vulnerability priority, examples and code statistics.

Transport Risk (Historical)

Evaluates transport history of a selected system for undesirable incidents.

TransportProfiler for ABAP report with summary, vulnerability priority and examples.

System and Configuration Risk

Finds vulnerabilities in the areas of security, compliance and quality (performance, robustness and maintenance) are identified.

SystemProfiler for ABAP report with summary, vulnerability priority, examples and suggested mitigations.

The ACTS assessments are performed using solutions from our trusted partners:


Soterion Colour LogoVirtual-Forge-Logo