Back to Vendor Directory


Soterion is an international leading provider of GRC solutions for SAP customers. We provide SAP customers with in-depth access risk reporting to allow organisations to effectively manage their access risk exposure. Soterion is passionate about simplifying the GRC processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. The software provides immediate integration into the SAP environment allowing organisations to keep up with the market while effectively managing risk. Our easy-to-learn, plug-and-play software is S/4HANA ready, offers a beautiful graphical user interface and boasts an award-winning user experience.

Featured Solutions

  • Access Risk Manager

    The Access Risk Manager provides customers with the ability to identify their SAP access risk exposure using a user-friendly web application. Additional functionality includes risk remediation recommendations and the “What-if” Allocation Simulator. The Simulator will allow you to pre-empt risk bearing access prior to applying the change request in SAP, thus ensuring a pro-active approach to SAP access risk management.

  • Basis Review Manager

    SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.

Featured Content

  • SAP Security & GRC Podcast

    Soterion’s podcast is focused on helping organisations achieve effective access risk management in SAP and covers a wide range of topics related to SAP security, compliance, and industry news. The podcast features interviews with experts from the SAP community who share their experiences and knowledge on topics such as identity and access management, SAP security controls, audit, and compliance.

  • Soterion’s Effective GRC Pyramid

    GRC practitioners need to look further than just the GRC solution, rather looking at all the associated components collectively to understand their inter-relationship. View your organisations GRC holistically using Soterion’s Effective GRC Pyramid for effective access risk management. Download your free infographic to illustrate the inter-relationship between the various components of SAP security and GRC.

Multimedia Center

  • Soterion Corporate Video

    Soterion's plug-and-play agile GRC offering provides immediate integration into SAP allowing you to keep up with the market while effectively managing risk. The team at Soterion understand that the world is changing more rapidly than ever before. We know that organisations are having to become more agile to stay competitive, while dealing with escalating risk, increasing compliance and audit requirements and organisational vulnerability.

  • What is Business-Centric GRC for SAP?

    Dudley Cartwright, CEO of Soterion talks about business-centric GRC and why it’s so important for effective access risk management in SAP. Soterion’s Business-centric solutions convert technical language into business-friendly terms, allowing business users to not only understand the risks in their area of responsibility but also facilitate quicker decision making.

Articles / Case Studies / Videos

  • Case Study: Driving Governance at Bridgestone

    Reading time: 1 min

    Bridgestone Australia faced challenges in managing financial risk in their SAP system with a growing team. After investigating several options, they discovered Soterion’s GRC solution which provided a clear picture of their financial risk in the business, enabling the team to present the stats to the risk committee and executive team providing peace of mind…
  • SAP Security and the Provisioning of SAP Access

    Reading time: 1 mins

    This article highlights the evolution of SAP security, access control (GRC), and IAM solutions, and discusses how organizations can choose the right solution for their needs, including a hybrid model. The article emphasizes the importance of collaboration between SAP security and cyber teams and encourages readers to consider their organization’s needs, business objectives, SAP footprint,…
  • Case Study: Aker Solutions reduced access risk by 85% with Soterion

    Aker Solutions, a leading engineering company in the energy sector, faced a growing SAP access risk problem due to years of employees accruing more roles and authorizations, resulting in over 1.5 million potential access risks to their system. To address this challenge, Aker Solutions turned to Soterion’s GRC solutions for SAP, including the Access Risk…
  • SAP Security: Dealing with cross-division access in Saint-Gobain

    Reading time: 1 min

    Saint-Gobain South Africa faced unique access control issues due to having multiple companies within a shared SAP ecosystem. With a mix of role methodologies and outsourced providers, they consistently failed access control audits. Through implementing a GRC solution and a role redesign, they established a solid foundation for access control and mitigated risks. Continual efforts…
  • Can Pablo Escobar teach us something about Risk Management?

    The article explores how Pablo Escobar’s approach to mitigating risk can be applied to SAP security and access risk management. Despite his infamous reputation as a narco-terrorist, Escobar’s success in running a multi-billion dollar illegal drug industry offers valuable lessons for organizations looking to manage risk without the help of sophisticated technology. By examining Escobar’s…