Soterion’s GRC Solutions

Soterion’s solution suite enables organizations to gain visibility and effectively manage their access risk exposure. Download our brochure for more details on all of the following solutions.

• Access Risk Manager

The Access Risk Manager includes core access risk control features to manage SAP access risk. These include identification (Identify Risk), risk remediation (Get Clean), user access change management (Stay Clean simulations), and risk mitigation (Stay in Control).

• Elevated Rights Manager

The Elevated Rights Manager grants sensitive fire-fighting access in an automated workflow-driven process, and enables your management team to perform a structured review of any activities that were performed during the Elevated Rights Access period.

• Periodic Review Manager

The Periodic Review Manager allows business users to review access in the context of risk and business processes, ensuring informed and effective decision making. This business-friendly process is easily managed using progress dashboards to expedite the review process. This process will significantly enhance the insight into your GRC environment, as well as being an audit and statutory requirement for many organizations.

• Central Identity Manager

The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardization of job functions across the organization reduces complexity and the effort required to manage and review SAP user access. The Central User Administration functionality further reduces the support effort and cost to manage user access across the SAP landscape, including non-productive SAP systems.

• Data Privacy Manager

Manage personal data in SAP and monitor which SAP users have access to sensitive personal information. The Data Privacy Manager analyses all tables in SAP and highlights those that contain fields with personal or sensitive information, categorizing the data by Data Domain (such as bank details, email addresses and ID numbers) and per Data Subject (business partner, vendor, customer, employee and SAP user).

• Password Self-Service

Soterion provides users with the ability to reset their SAP passwords. This vastly reduces the burden on the authorization support team, saving cost and time. The self-service functionality reduces business down-time by empowering users to reset passwords instantly.

• Basis Review Manager

SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis configuration to an industry best-practice set of rules. Since these configurations usually form part of an annual external audit, our Basis Review Manager will allow you to be prepared, and will establish complete compliance to avoid adverse audit findings.

• SAP License Manager

The SAP License Manager identifies under-utilized and incorrectly classified SAP User accounts by monitoring user activity in SAP for effective license optimization. This ensures optimal contract management and compliance whilst reducing unplanned and excess costs.

Feel free to email us on info@soterion.com to discuss your organization’s GRC needs.

Soterion SOD Risk Trends Graph

Soterion SOD Risk Detail Business-Friendly Reporting

Soterion SAP Access Change Request Simulation

Soterion Dashboard

Innovation in User Experience for Automated Controls

GRC2020 Research, LLC, recognized Soterion with the 2019 GRC User Experience Award. Download the report to find out why our solutions were chosen above the rest.

About Soterion:

Soterion is a leading provider of SAP governance, risk and compliance (GRC) solutions. Soterion’s user-friendly GRC solutions provide SAP customers with in-depth access risk reporting in business-friendly language. This allows organizations to effectively understand and manage their access risk exposure. Soterion is passionate about simplifying the governance, risk and compliance processes, with a focus on enhancing better decision making and business accountability.  

Soterion’s plug-and-play GRC solution is easy to learn, S/4HANA ready and boasts an award-winning user experience. Organizations running SAP can make use of Soterion’s GRC security suite either as an on-premise or a secure cloud offering.

As access risk is business risk, Soterion believes that effective GRC is measured by how well the business users can carry out their access risk management activities. Our business-friendly GRC solution enhances the organisation’s overall risk awareness by empowering business buy-in and accountability of access risk.

This page is sponsored by Soterion

The post Is Your Organisation Managing SAP Access Risk Effectively? appeared first on InsideSAP Asia.

The vast majority of organisations that have implemented a GRC or access control solution are not seeing the value they should from their GRC investment.

Why is This?

By their nature, GRC solutions are very complex and technical solutions. They have been developed to analyse transaction codes, authorization objects and fields available in an SAP user’s ‘user-buffer’. Many of these solutions were developed from a technical audit perspective with very little consideration for its use by business users.

Generally, the more complex the solution, the less uptake from business users. Business users are at full capacity performing their daily jobs, and therefore asking them to perform onerous or cumbersome compliance tasks with complex solutions often leads to business resistance. Business users will keep pushing these activities back onto IT, with the end result being that the GRC solution will be used predominantly as a back-end solution by the security and GRC teams, with minimal business involvement.

It is important to note that access risk is business risk. An organisation cannot manage their access risk effectively without significant business involvement. Therefore, organisations need to ensure that they implement a business-centric GRC solution if they are serious about managing their SAP access risk.

What Is Business-Centric GRC?

Business-centric GRC is putting the business user at the centre of the process. It is all about enhancing business-accountability of access risk through a business-first approach to all SAP security and GRC activities.

By enhancing business accountability of risk, an organisation will become more risk-aware and more effective in their risk management activities. This can be illustrated by using the audit principle covering the three lines of defence.

The first line of defence is your business or operational user. The second line of defence is your risk and compliance department, and the third line of defence is the audit and assurance department.

The first line of defence should be the strongest. These are people who have been in your organisation for 15 – 20 years and understand your business better than anyone else. Yet, this is often the organisation’s weakest line of defence – not because users do not know the risks or the processes involved, but because the current solutions and processes do not lend themselves for the business users to take ownership and become accountable.

As mentioned, to facilitate business buy-in, it is important that the solution is business-centric. Business-centric GRC converts technical GRC language into business-friendly language, allowing the business users to not only understand the risks in their area of responsibility, but also facilitate quicker decision making. More informed and quicker decisions reduce the business downtime of SAP users waiting for SAP access requests to be approved and assigned.

Soterion is a leader in business-centric GRC solutions. All features and functionality has been developed from the perspective of the business user. Soterion also recommends that the access risk management processes are practical for the business users to execute/perform. 

To illustrate this, consider the User Access Review process. This is where business users review their users’ SAP access to determine whether this access is still relevant for their job function. The process typically takes the reviewers many hours to perform the review. In addition to the effort required by the business to carry out the user access review, it is often the case that the effort does not justify the value of the exercise.

Challenges such as non-descriptive SAP role names make it difficult for the reviewers to know exactly what access/functionality the role users are entitled to. Soterion enables the User Access Review to be performed by business process, thus eliminating any deficiencies in the SAP role naming convention. Business users are able to perform a more effective review that has a desirable business outcome. A review will take far less time and will have a significant cost savings to the organisation.

Enhancing business accountability of access risk with the use of a business-centric GRC solution will improve the organisation’s overall risk awareness and their ability to manage their risk. Every organisation should therefore be looking to improve their first line of defence by embracing elements of business-centric GRC.

For more information, please contact us on info@soterion.com

Soterion SOD Risk Trends Graph

Soterion SOD Risk Detail Business-Friendly Reporting

Soterion SAP Access Change Request Simulation

Soterion Dashboard

This article is sponsored by Soterion

The post Business-Centric GRC – The Future of Effective Access Risk Management appeared first on InsideSAP Asia.

Soterion is passionate about simplifying the governance, risk and compliance processes, with a focus on enhancing better decision making and business accountability.

Since inception in 2011, Soterion has provided customers with a holistic offering; combining business-centric GRC software with expert SAP security consulting services, just the combination organizations need to maximise the value of their GRC investment.

Soterion’s plug-and-play GRC solution is easy to learn, S/4HANA ready and boasts an award-winning user experience. Organizations running SAP can make use of Soterion’s GRC security suite either as an on-premise or a secure cloud offering.

As access risk is business risk, Soterion believes that effective GRC is measured by how well the business users can carry out their access risk management activities. Our business-friendly GRC solution enhances the organisation’s overall risk awareness by empowering business buy-in and accountability of access risk.

Take Your GRC to the Next Level

Feel free to email us on info@soterion.com to discuss your organization’s GRC needs.

Download our corporate profile
Find out more about our solutions

This article is sponsored by Soterion

The post Enhance Your Organization’s Overall Risk Awareness with Business-Centric GRC appeared first on InsideSAP Asia.