Soterion with EPI-USE Labs: Solving GRC and data privacy for SAP

How can you solve GRC for SAP quickly and efficiently?

Soterion's compliance software solves GRC (Governance, Risk management and Compliance) for SAP^® clients. EPI-USE Labs and Soterion's partnership brings together powerful complementary solutions, including our SAP Data Privacy Suite, to help our clients address compliance with GDPR (the General Data Protection Regulation) and other privacy legislation.

Our research has shown that there are still many companies using SAP with no GRC protection. Traditional GRC solutions take time to implement and maintain, and can be expensive. Clients are looking for GRC solutions that are easy to deploy and use, with tangible business benefits realised quickly. Soterion is S/4HANA ready with no need for expensive upgrades or lengthy implementations.

Soterion is a leading-edge solution, giving SAP users agility in GRC. Regardless of the SAP enterprise size, this solution is deployed rapidly into a client’s landscape, with users experiencing benefits in a short period of time. Soterion provides business-centric GRC, empowering companies to proactively manage and model risks in the context of business processes.

What are your GRC challenges in SAP?

Identify access risks
Check Basis configuration
Manage your licenses
Provide emergency access
Review your users' access
Decentralize user access provisioning
Manage access to personal data

Identify access risks

Access Risk Manager

Soterion’s Access Risk Manager provides the ability to identify SAP access risk exposure and show clean-up opportunities via a user-friendly web application. The solution also includes:

Privacy risk dashboard: provides insight into which employees have access to sensitive data
'What-if' Allocation Simulator: proactively identifies the risk impacts of any changes before applying them to your SAP system
Clean-up wizards: provide clear, focused, step-by-step suggestions on how to eliminate access risks
Business-process flows: support business decision-making by visualizing risks within business processes.

Download brochure

Check Basis configuration

Basis Review Manager

Soterion's Basis Review Manager will inspect your SAP Basis configuration against a set of rules that are based on your industry best practices. Be prepared for audits, and ensure complete compliance with:

high system-level controls to secure your SAP system
a set-up in line with your specific security requirements
a set of specific rules for roles, users and parameters
results of your SAP system checks highlighted as pass or fail

Download brochure

Manage your licenses

SAP License Manager

This module identifies under-utilized, unused and incorrectly classified SAP user accounts by monitoring user activity in SAP. Soterion's SAP License Manager allows you to:

tailor your SAP license agreement to your organization’s specific requirements
ensure optimal contract management and complete compliance
reduce unplanned and excess costs.

Download brochure

Provide emergency access

Elevated Rights Manager

From time to time, clients need temporary or emergency access for a limited period – often called firefighter access. This module allows you to do this efficiently, and provides a complete audit trail. The module:

grants sensitive access in a safe and structured environment, via an automated workflow-driven process
provides evidence of changes made and the review of any activities that were performed during the Elevated Rights Access check-out period.

Download brochure

Review your users' access

Periodic Review Manager

This solution allows your business users to periodically review your SAP user access risk in your SAP systems easily and efficiently. This process will significantly improve the visibility of your GRC environment, and may be an audit and statutory requirement for your organization.
With Periodic Review Manager you can:

review your SAP user access allocations to ensure that all assignments are still relevant
recertify user access by identifying and removing redundant and superfluous access
perform user role approvals and rejections via an automated email from administrators (it prompts all relevant approvers to participate in the review process by simply logging into their Review Inbox from any web-enabled device)
review and update your risk rule-set to ensure continued relevancy in an evolving business environment
optimize the efficiency of your mitigating controls by identifying any gaps in control effectiveness.

Download brochure

Decentralize user access provisioning

Central Identity Manager

Central Identity Manager enables you to decentralize the provisioning of SAP user access to the business, so you can:

address multiple business objectives with the Business Role concept
increase the efficiency of the provisioning process
reduce the effort required to carry out a User Access Review
convert the Business Role into business-friendly GRC language to make informed decisions
reduce the support effort and related costs required to manage user access in non-production SAP systems.

Download brochure

Manage access to personal data

Data Privacy Manager

Data Privacy Manager helps you comply with the ‘privacy by design’ concept in data privacy legislation such as GDPR. This module:

monitors which users in SAP have access to sensitive personal information
analyzes all SAP tables, and highlights those that contain fields with personal or sensitive data
categorizes the data, by Data Domain and Data Subject
facilitates the creation of a data privacy rule-set, based on the fields defined as ‘sensitive’ by your organization.

Download brochure

Get business-centric, effective GRC for SAP

With Soterion and EPI-USE Labs, you can assess, update and maintain roles and authorizations
in a cost-effective and intuitive way, and comply with data privacy regulations