Get business-centric, effective GRC for SAP

With Soterion and EPI-USE Labs, you can assess, update and maintain roles and authorizations
in a cost-effective and intuitive way, and comply with data privacy regulations

GRC 20/20 Report    Success Stories  OVERVIEW BROCHURE

Get instant GRC access risk visibility

Get instant GRC access risk visibility

Experience a better way of managing GRC

Experience a better way of managing GRC

Highlight risks in a business-friendly way

Highlight risks in a business-friendly way

Ready to-use pre-delivery reports

Avoid complex, costly implementations 

How can you solve GRC for SAP quickly and efficiently?

EPI-USE Labs has partnered with Soterion

Soterion's compliance software solves GRC (Governance, Risk management and Compliance) for SAP® clients. EPI-USE Labs and Soterion's partnership brings together powerful complementary solutions, including our SAP Data Privacy Suite, to help our clients address compliance with GDPR (the General Data Protection Regulation) and other privacy legislation.

Our research has shown that there are still many companies using SAP with no GRC protection. Traditional GRC solutions take time to implement and maintain, and can be expensive. Clients are looking for GRC solutions that are easy to deploy and use, with tangible business benefits realised quickly. Soterion is S/4HANA ready with no need for expensive upgrades or lengthy implementations.

Soterion is a leading-edge solution, giving SAP users agility in GRC. Regardless of the SAP enterprise size, this solution is deployed rapidly into a client’s landscape, with users experiencing benefits in a short period of time. Soterion provides business-centric GRC, empowering companies to proactively manage and model risks in the context of business processes.


Artboard 2-13
What are your GRC challenges in SAP?

  • Identify access risks
  • Check Basis configuration
  • Manage your licenses
  • Provide emergency access
  • Review your users' access
  • Decentralize user access provisioning
  • Manage access to personal data

Identify access risks

Access Risk Manager

Soterion’s Access Risk Manager provides the ability to identify SAP access risk exposure and show clean-up opportunities via a user-friendly web application. The solution also includes:

  • Privacy risk dashboard: provides insight into which employees have access to sensitive data
  • 'What-if' Allocation Simulator: proactively identifies the risk impacts of any changes before applying them to your SAP system
  • Clean-up wizards: provide clear, focused, step-by-step suggestions on how to eliminate access risks
  • Business-process flows: support business decision-making by visualizing risks within business processes.

Download brochure

Check Basis configuration

Basis Review Manager

Soterion's Basis Review Manager will inspect your SAP Basis configuration against a set of rules that are based on your industry best practices. Be prepared for audits, and ensure complete compliance with:

  • high system-level controls to secure your SAP system
  • a set-up in line with your specific security requirements
  • a set of specific rules for roles, users and parameters
  • results of your SAP system checks highlighted as pass or fail

Download brochure

Manage your licenses

SAP License Manager

This module identifies under-utilized, unused and incorrectly classified SAP user accounts by monitoring user activity in SAP.  Soterion's SAP License Manager allows you to:

  • tailor your SAP license agreement to your organization’s specific requirements
  • ensure optimal contract management and complete compliance
  • reduce unplanned and excess costs.

Download brochure

Provide emergency access

Elevated Rights Manager

From time to time, clients need temporary or emergency access for a limited period – often called firefighter access. This module allows you to do this efficiently, and provides a complete audit trail. The module:

  • grants sensitive access in a safe and structured environment, via an automated workflow-driven process
  • provides evidence of changes made and the review of any activities that were performed during the Elevated Rights Access check-out period.

Download brochure

Review your users' access

Periodic Review Manager

This solution allows your business users to periodically review your SAP user access risk in your SAP systems easily and efficiently. This process will significantly improve the visibility of your GRC environment, and may be an audit and statutory requirement for your organization.
With Periodic Review Manager you can:

  • review your SAP user access allocations to ensure that all assignments are still relevant
  • recertify user access by identifying and removing redundant and superfluous access
  • perform user role approvals and rejections via an automated email from administrators (it prompts all relevant approvers to participate in the review process by simply logging into their Review Inbox from any web-enabled device)
  • review and update your risk rule-set to ensure continued relevancy in an evolving business environment
  • optimize the efficiency of your mitigating controls by identifying any gaps in control effectiveness.

Download brochure

Decentralize user access provisioning

Central Identity Manager

Central Identity Manager enables you to decentralize the provisioning of SAP user access to the business, so you can:

  • address multiple business objectives with the Business Role concept
  • increase the efficiency of the provisioning process
  • reduce the effort required to carry out a User Access Review
  • convert the Business Role into business-friendly GRC language to make informed decisions
  • reduce the support effort and related costs required to manage user access in non-production SAP systems.

Download brochure

Manage access to personal data

Data Privacy Manager

Data Privacy Manager helps you comply with the ‘privacy by design’ concept in data privacy legislation such as GDPR. This module:

  • monitors which users in SAP have access to sensitive personal information
  • analyzes all SAP tables, and highlights those that contain fields with personal or sensitive data
  • categorizes the data, by Data Domain and Data Subject
  • facilitates the creation of a data privacy rule-set, based on the fields defined as ‘sensitive’ by your organization.

Download brochure

Business-centric GRC

Why is business-centric GRC what every organization needs?

We can't keep relying on audit and risk departments to identify risk. The business needs to take ownership of their risk. However, most businesses are already thinly stretched; surely they don’t have the capacity to take on more work, or added responsibilities?

Roy Topham gives us security advice on how to secure your access risks in the context of large transformation and S/4HANA projects. 

Read blog

Artboard 2-13
Explore client success stories with Soterion's GRC for SAP solutions

Read about clients who have benefited from Soterion's GRC solutions for SAP access management, reducing access risk and aligning GRC with business goals.



"With Soterion, we identified that many people had risk-bearing access that they no longer needed. Now, we have reduced our access risk footprint significantly."

Nick Achteberg, Senior Director Technical Services (SAP), Endeavor

Read full story


Aker Solutions

"Soterion's GRC solutions for SAP were even better than we expected!"

Cecilie Relling, Senior Specialist, Finance Process Improvements & Systems

Read full story

Compass Group

Compass Group

“Soterion’s tools have reduced the workload in our security team, made us more compliant and reduced our risk profile.”

David Hall, Head Of Business Solutions at Compass Group UK & Ireland

Read full story

Artboard 2-13



Would you like to see Soterion in action? Get a personalised demo with one of our GRC experts. 

Book your demo

Access Risk Assessment

Access Risk Assessment

Get immediate visibility of your exposure

We will highlight the Segregation of Duties (SoD) and critical transaction risks hidden in your SAP system, and check the alignment of your users' Access with their requirements.


GRC Report

GRC 2020 Report

Soterion: Innovation in User Experience
for Automated Controls

Request report

"We had the solutions within a week, and we benefited from the first day. We could start working with the system immediately - it was a real plug and play! It was even better than we expected.
Cecilie Relling, Senior Specialist, Finance Process Improvements & Systems, Aker Solutions