Back to Vendor Directory


Soterion is an international leading provider of GRC solutions for SAP customers. We provide SAP customers with in-depth access risk reporting to allow organisations to effectively manage their access risk exposure. Soterion is passionate about simplifying the GRC processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. The software provides immediate integration into the SAP environment allowing organisations to keep up with the market while effectively managing risk. Our easy-to-learn, plug-and-play software is S/4HANA ready, offers a beautiful graphical user interface and boasts an award-winning user experience.

Featured Solutions

  • Access Risk Manager

    The Access Risk Manager provides customers with the ability to identify their SAP access risk exposure using a user-friendly web application. Additional functionality includes risk remediation recommendations and the “What-if” Allocation Simulator. The Simulator will allow you to pre-empt risk bearing access prior to applying the change request in SAP, thus ensuring a pro-active approach to SAP access risk management.

  • Basis Review Manager

    SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.

Featured Content

  • SAPinsider Technology Insights Brief

    Conducted by SAPInsider, this brief provides insights into how an organisation can build a more effective access control capability through business-centric GRC. Business-centric GRC converts the technical GRC language into a language the business users can understand, facilitating better decision making and a more risk aware organisation.

  • IDC Spotlight

    Manging SAP access is a complex undertaking for many organisations due to the technical nature of SAP security. Coupled with this, companies need to deal with constant organisational, business process and regulatory change in the face of increased fraud and cyber-crime. The spotlight highlights that poor access management practices can lead to compromised processes which may present a business risk and audit failure.

Multimedia Center

  • Soterion Corporate Video

    Soterion's plug-and-play agile GRC offering provides immediate integration into SAP allowing you to keep up with the market while effectively managing risk. The team at Soterion understand that the world is changing more rapidly than ever before. We know that organisations are having to become more agile to stay competitive, while dealing with escalating risk, increasing compliance and audit requirements and organisational vulnerability.

  • Agile GRC eBook

    An agile approach is required in the face of accelerating change, it cannot be “business as usual” for GRC practitioners. In this ebook we look at what it means to be agile – as an organisation, as a GRC practitioner and GRC software itself. We also highlight important considerations in GRC tool selection.

Articles / Case Studies / Videos

  • GRC

    Building More Effective Access Control Through Business-Centric GRC

    Reading time: 4 mins

    Companies can significantly reduce access risk and access overallocation through greater business involvement in access control. We spoke with Soterion Managing Director and Co-Founder Dudley Cartwright to discuss how organizations are creating business-centric GRC and access control. In this technology insight, we cover: - How business-centric access control engages business users in the access risk…
  • 2021 GRC Trends Affecting the Intelligent Enterprise

    Reading time: 5 mins

    The move to SAP S/4HANA holds broad implicates beyond technology simplicity, greater speed, and improved process improvement. Governance, Risk, and Compliance teams must fully understand the potential impact this transition has on security, roles, and overall risk to the organization. SAPinsider recently sat down with Dudley Alan Cartwright, CEO of Soterion, to hear how organizations…
  • Aker Solutions Reduced Access Risk by 85% with Soterion

    Reading time: 1 min

    Our partner EPI-USE Labs assisted Aker Solutions with an alternative to SAP GRC which solved a number of challenges the customer was facing. This case study gives insight into how Aker Solutions reduced access risk by 85% with our GRC solution for SAP.
  • SAP Security – Dealing with Cross-Division Access in Saint-Gobain

    Reading time: 1 min

    For Saint-Gobain SA there was a constant challenge around access control to their SAP systems. After engaging with Soterion, Saint-Gobain SA was prepared for audit success through the role redesign. With a better understanding of business risks, along with a higher degree of access control, process owners developed more business accountability. Read the case study…