SAP HCM & Payroll
SAP Landscape & Test Data Management
Support & Training
SAP Data Privacy & Security
SAP HCM & Payroll
Client-specific development
SAP Landscape Transformation
SAP Data Privacy & Security
Cloud and Application Managed Services
Ultimate Guides
Company
Get in touch
Search
Contact us Explore
EN
FR DE EN ES IT KO
Play video
2025_Soterion-1-1
Get instant GRC access risk visibility
2025_Soterion-2-1
Experience a better way of managing GRC
2025_Soterion-3-1
Highlight risks in a business-friendly way
2025_Soterion-4-1
Avoid complex, costly implementations

How can you solve GRC for SAP quickly and efficiently?

Soterion's compliance software solves GRC (Governance, Risk management and Compliance) for SAP® clients. EPI-USE Labs and Soterion's partnership brings together powerful complementary solutions, including our Data Privacy Suite for SAP solutions, to help our clients address compliance with GDPR (the General Data Protection Regulation) and other data privacy legislation.

Our research has shown that there are still many companies using SAP with no GRC protection. Traditional GRC solutions take time to implement and maintain, and can be expensive. Clients are looking for GRC solutions that are easy to deploy and use, with tangible business benefits realised quickly. Soterion is S/4HANA ready with no need for expensive upgrades or lengthy implementations.

Soterion is a leading-edge solution, giving SAP users agility in GRC. Regardless of the SAP enterprise size, this solution is deployed rapidly into a client’s landscape, with users experiencing benefits in a short period of time. Soterion provides business-centric GRC, empowering companies to proactively manage and model risks in the context of business processes.

EPI-USE Labs has partnered with Soterion

Soterion's SAP GRC Access Risk assessment

 Get a free, no-obligation Access Risk Assessment provided by our expert team. We will highlight the Segregation of Duties (SoD) and critical transaction risks hidden in your SAP system, and check the alignment of your User’s Access with their requirements.

What are your GRC challenges in SAP?

Identify access risks
Check Basis configuration
Manage your licenses
Provide emergency access
Review your users' access
Decentralize user access provisioning
Manage access to personal data
Continuous Controls Manager
Password Self-Service
Identify access risks

Access Risk Manager

Soterion’s Access Risk Manager provides the ability to identify SAP access risk exposure and show clean-up opportunities via a user-friendly web application. The solution also includes:

  • Privacy risk dashboard: provides insight into which employees have access to sensitive data
  • 'What-if' Allocation Simulator: proactively identifies the risk impacts of any changes before applying them to your SAP system
  • Clean-up wizards: provide clear, focused, step-by-step suggestions on how to eliminate access risks
  • Business-process flows: support business decision-making by visualizing risks within business processes.
Check Basis configuration

Basis Review Manager

Soterion's Basis Review Manager will inspect your SAP Basis configuration against a set of rules that are based on your industry best practices. Be prepared for audits, and ensure complete compliance with:

  • high system-level controls to secure your SAP system
  • a set-up in line with your specific security requirements
  • a set of specific rules for roles, users and parameters
  • results of your SAP system checks highlighted as pass or fail
Manage your licenses

SAP License Manager

This module identifies under-utilized, unused and incorrectly classified SAP user accounts by monitoring user activity in SAP.  Soterion's SAP License Manager allows you to:

  • tailor your SAP license agreement to your organization’s specific requirements
  • ensure optimal contract management and complete compliance
  • reduce unplanned and excess costs.
Explore License Manager
Provide emergency access

Elevated Rights Manager

From time to time, clients need temporary or emergency access for a limited period – often called firefighter access. This module allows you to do this efficiently, and provides a complete audit trail. The module:

  • grants sensitive access in a safe and structured environment, via an automated workflow-driven process
  • provides evidence of changes made and the review of any activities that were performed during the Elevated Rights Access check-out period.
Review your users' access

Periodic Review Manager

This solution allows your business users to periodically review your SAP user access risk in your SAP systems easily and efficiently. This process will significantly improve the visibility of your GRC environment, and may be an audit and statutory requirement for your organization.
With Periodic Review Manager you can:

  • review your SAP user access allocations to ensure that all assignments are still relevant
  • recertify user access by identifying and removing redundant and superfluous access
  • perform user role approvals and rejections via an automated email from administrators (it prompts all relevant approvers to participate in the review process by simply logging into their Review Inbox from any web-enabled device)
  • review and update your risk rule-set to ensure continued relevancy in an evolving business environment
  • optimize the efficiency of your mitigating controls by identifying any gaps in control effectiveness.
Decentralize user access provisioning

Central Identity Manager

Central Identity Manager enables you to decentralize the provisioning of SAP user access to the business, so you can:

  • address multiple business objectives with the Business Role concept
  • increase the efficiency of the provisioning process
  • reduce the effort required to carry out a User Access Review
  • convert the Business Role into business-friendly GRC language to make informed decisions
  • reduce the support effort and related costs required to manage user access in non-production SAP systems.
Manage access to personal data

Data Privacy Manager

Data Privacy Manager helps you comply with the ‘privacy by design’ concept in data privacy legislation such as GDPR. This module:

  • monitors which users in SAP have access to sensitive personal information
  • analyzes all SAP tables, and highlights those that contain fields with personal or sensitive data
  • categorizes the data, by Data Domain and Data Subject
  • facilitates the creation of a data privacy rule-set, based on the fields defined as ‘sensitive’ by your organization.
Continuous Controls Manager

Continuous Controls Manager

Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach.

By extensively scrutinising the SAP transactional data, continuous control monitoring enables organisations to monitor access risks that materialise, ensuring a more effective access risk management capability.

Password Self-Service

Password Self-Service

Soterion provides users with the ability to reset their SAP passwords which reduces the burden on the authorisation support team and associated costs.

The self-service functionality reduces business down-time by empowering users to reset passwords instantly.

Artboard 228

 

Are you overpaying for SAP licenses?

With SAP's shift to the Full Use Equivalent (FUE) model and the STAR framework, many organizations face unexpected licensing costs. Soterion’s new SAP License Manager provides clarity by analyzing actual system usage, ensuring you only pay for what you truly need. Optimize your licensing strategy and avoid costly surprises.

We had the solutions within a week, and we benefited from the first day. We could start working with the system immediately - it was a real plug and play! It was even better than we expected.

Cecilie Relling, Senior Specialist, Finance Process Improvements & Systems, Aker Solutions

We wanted to minimise the access we give to users, but we wanted the capability to provide additional transactions when needed for exceptional cases...we can then audit exactly what access and what transactions the users have had. So that was a definite additional benefit of using Soterion.

David Hall, Head Of Business Solutions at Compass Group UK & Ireland

The Soterion solution does exactly what we need it to do. It’s proven to be very effective. We use it daily, not only for firefighter access, but for almost everything SAP authorization and access related.

Marko Lotens, Vice President Information Technology, Masimo Consumer

The GRC solution from EPI-USE Labs and Soterion raised awareness in the company, and moved the responsibility back to the business, rather than being with the IT team.

Atle Myklebust, Teamlead IT SAP Technical Services, Elkjøp Nordic

We had done it manually, but we needed to look for a mature sophisticated GRC solution. We were already working with EPI-USE Labs, so Soterion was the perfect tool for our SoD framework.

Piet Jan Van Egdom,Head of Enterprise Systems Team, Nikon Europe BV

With Soterion’s Access Manager, the approval process is much more transparent, and there is no resistance from the business users anymore.

Thijs Van Haaren, Tech Lead SAP Security, Orkla

Thanks to Soterion, I can ensure that our estate is secure, the data is secure, what people can and can’t do is secure. And the ability to report on that means that I feel secure, and we are doing the best for the organisation.

Zaki Mouden, Global Head of Enterprise Applications, BSI
testimonial-quote

Want to know more?

DSM-demo
Book a Soterion demo

Find out how your company could benefit from Soterion's GRC solutions for SAP.

DSM-assessment
Assess your exposure

We'll highlight the Segregation of Duties (SoD) and critical transaction risks hidden in your SAP system, and check the alignment of your users' access with their requirements.

DSM-FAQ
GRC 2024 Trend Report

Learn about Soterion's insights and predictions:  A new era of GRC for SAP Customers

Get in touch

Get business-centric GRC for SAP