Back to Vendor Directory


Soterion is an international leading provider of GRC solutions for SAP customers. We provide SAP customers with in-depth access risk reporting to allow organizations to effectively manage their access risk exposure. Soterion is passionate about simplifying the GRC processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. The software provides immediate integration into the SAP environment allowing organizations to keep up with the market while effectively managing risk. Our easy-to-learn, plug-and-play software is S/4HANA ready, offers a beautiful graphical user interface and boasts an award-winning user experience.

Featured Solutions

  • Access Risk Manager

    The Access Risk Manager provides customers with the ability to identify their SAP access risk exposure using a user-friendly web application. Additional functionality includes risk remediation recommendations and the “What-if” Allocation Simulator. The Simulator will allow you to pre-empt risk bearing access prior to applying the change request in SAP, thus ensuring a pro-active approach to SAP access risk management.

  • Basis Review Manager

    SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.

Featured Content

  • SAPinsider Technology Insights Brief

    Conducted by SAPInsider, this brief provides insights into how an organisation can build a more effective access control capability through business-centric GRC. Business-centric GRC converts the technical GRC language into a language the business users can understand, facilitating better decision making and a more risk aware organisation.

  • IDC Spotlight

    Manging SAP access is a complex undertaking for many organisations due to the technical nature of SAP security. Coupled with this, companies need to deal with constant organisational, business process and regulatory change in the face of increased fraud and cyber-crime. The spotlight highlights that poor access management practices can lead to compromised processes which may present a business risk and audit failure.

Multimedia Center

  • Soterion Corporate Video

    Soterion's plug-and-play agile GRC offering provides immediate integration into SAP allowing you to keep up with the market while effectively managing risk. The team at Soterion understand that the world is changing more rapidly than ever before. We know that organisations are having to become more agile to stay competitive, while dealing with escalating risk, increasing compliance and audit requirements and organisational vulnerability.

  • Agile GRC eBook

    An agile approach is required in the face of accelerating change, it cannot be “business as usual” for GRC practitioners. In this ebook we look at what it means to be agile – as an organisation, as a GRC practitioner and GRC software itself. We also highlight important considerations in GRC tool selection.

Articles / Case Studies / Videos

  • GRC

    Building More Effective Access Control Through Business-Centric GRC

    Reading time: 4 mins

    Companies can significantly reduce access risk and access overallocation through greater business involvement in access control. We spoke with Soterion Managing Director and Co-Founder Dudley Cartwright to discuss how organizations are creating business-centric GRC and access control. In this technology insight, we cover: - How business-centric access control engages business users in the access risk…
  • 2021 GRC Trends Affecting the Intelligent Enterprise

    Reading time: 5 mins

    The move to SAP S/4HANA holds broad implicates beyond technology simplicity, greater speed, and improved process improvement. Governance, Risk, and Compliance teams must fully understand the potential impact this transition has on security, roles, and overall risk to the organization. SAPinsider recently sat down with Dudley Alan Cartwright, CEO of Soterion, to hear how organizations…
  • Aker Solutions Reduced Access Risk by 85% with Soterion

    Reading time: 1 min

    Our partner EPI-USE Labs assisted Aker Solutions with an alternative to SAP GRC which solved a number of challenges the customer was facing. This case study gives insight into how Aker Solutions reduced access risk by 85% with our GRC solution for SAP.
  • SAP Security – Dealing with Cross-Division Access in Saint-Gobain

    Reading time: 1 min

    For Saint-Gobain SA there was a constant challenge around access control to their SAP systems. After engaging with Soterion, Saint-Gobain SA was prepared for audit success through the role redesign. With a better understanding of business risks, along with a higher degree of access control, process owners developed more business accountability. Read the case study…
  • Business-Centric GRC for SAP Customers – How to get the Most out of Your Investment

    Reading time: 1 min

    Investing in Governance, Risk and Compliance (GRC) is one of the most important business investments you can make. Modern businesses need effective yet efficient risk and compliance management solutions to support growth and sustain operations. Unfortunately, the vast majority of SAP customers that have implemented a GRC solution are not seeing the value they should…
  • SAP User Access Review – Why is it Important to get This Right?

    Reading time: 1 min

    With regulations such as SOX / JSOX being in existence for almost 20 years, the requirement to perform a User Access Review is a more recent requirement for many organisations. We shed light on why this is becoming so important and provide you with insights on how you can facilitate this shift in thinking. Read…
  • Three Benefits of Regular SAP Access Risk Assessments

    Reading time: 1 min

    Do you perform regular SAP access risk assessments? For those organisations who do not have an access control / GRC solution, there are considerable benefits in performing regular SAP access risk assessments. Performing more regular access risk assessments can be a more failsafe way to ensure the SAP authorisation solution has not provided inappropriate access…
  • Enhancing Business Accountability of Access Risks

    Reading time: 1 min

    Many companies make the mistake of thinking that the GRC or access control tool alone is the silver bullet to solve all their SAP security challenges. And because of this, many organisations have an access control solution which it is not adding much value. In essence, these companies have GRC, but it is not effective.