Nikon gets the full picture of their risks, thanks to Soterion

Soterion’s GRC for SAP solutions accelerated Nikon Europe BV’s change management and SAP Access Control updates.

Automated processes and less manual work

Reduction of unused SAP accesses

Full visibility of risks exposure

Daily updates on users, roles and SM20 logs

About Nikon

Nikon is a world-leading provider of imaging products and services. Their innovative optics technology – from consumer to professional cameras, lenses to system accessories – is powered by over 100 years of experience. The brand is globally recognised for setting new standards in design and performance.

Nikon is committed to leading imaging culture and enables some of the world’s best visual artists to reach their creative potential through visual storytelling.


The challenge: lack of visibility of their system’s risks

As the Nikon Corporation is listed on the Tokyo Stock Exchange, Nikon Europe BV – and the entire group – is required to be compliant with the J-SOX framework (also known as the Japanese Sarbanes-Oxley Act).

In an attempt to take a visual approach to their SoD (Segregation of Duties) risks, for the past ten years the IT team had been doing everything manually, exporting large amounts of data to Microsoft Excel to analyse SoD conflicts using SM20 log files.

The company realised that they were not getting the full picture, and were only able to skim the surface of their challenge. They needed to find a mature and sophisticated GRC (Governance, Risk and Compliance) solution to help them address compliance.

We were only addressing the tip of the iceberg with our processes; we knew there were many more risks in our system.

Piet Jan Van Egdom
Head of Enterprise Systems Team, Nikon Europe BV

Tackling the risks with Soterion for GRC

Nikon Europe BV introduced SAP Access Control, and made a number of management changes. Having realised they needed additional tools to analyse and review critical access and SoD conflicts, they then implemented Soterion as their GRC solution for SAP systems.

As soon as they connected their SAP system to the Soterion cloud, they started to see tangible benefits in their risk management. Their risk exposure was even higher than anticipated, so they immediately started to mitigate the risks that Soterion highlighted.

They used the following Soterion modules:

  • Basis Review: to inspect their SAP Basis configuration against a set of rules based on industry best practices to establish full compliance.
  • Periodic Review Manager: which allows enterprise users to periodically review the access risk of their SAP users in their SAP systems easily and efficiently, to improve the visibility of their GRC environment.
  • Self-Service: for password reset services, which will save the team a lot of manual time in resetting and locking users’ passwords.

We had done it manually, but at some point, we couldn't make it to the next step, so we needed to look for a mature sophisticated GRC solution. We were already working with EPI-USE Labs, so Soterion was the perfect tool for our SoD framework.

Piet Jan Van Egdom
Head of Enterprise Systems Team, Nikon Europe BV

Achieving GRC compliance

GRC compliance is a long-term project, but even so, the Nikon team is already seeing benefits from using Soterion.

The IT team saves a lot of manual work time by having a tool with which to automate workflows for new users, reset passwords, clean up superfluous roles or transactions, activate risk templates, and adjust risk settings quickly and easily.

Soterion has given them the ability to understand their company’s risk exposures, and thus the power to act on them.

Daily updates of users, authorisations, and roles

Clean-up of superfluous roles and transactions

Removal of unused SAP accesses

Fine-tuning risk settings

Defined organisational structure

We have tangible benefits already. For the first time, we now see our real risk exposure; it was even higher than anticipated. It will take time, but at least now we have the insights that we were looking for.

Piet Jan Van Egdom
Head of Enterprise Systems Team, Nikon Europe BV