Back to Vendor Directory


Soterion is an international leading provider of GRC solutions for SAP customers. We provide SAP customers with in-depth access risk reporting to allow organisations to effectively manage their access risk exposure. Soterion is passionate about simplifying the GRC processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability. The software provides immediate integration into the SAP environment allowing organisations to keep up with the market while effectively managing risk. Our easy-to-learn, plug-and-play software is S/4HANA ready, offers a beautiful graphical user interface and boasts an award-winning user experience.

Featured Solutions

  • Access Risk Manager

    The Access Risk Manager provides customers with the ability to identify their SAP access risk exposure using a user-friendly web application. Additional functionality includes risk remediation recommendations and the “What-if” Allocation Simulator. The Simulator will allow you to pre-empt risk bearing access prior to applying the change request in SAP, thus ensuring a pro-active approach to SAP access risk management.

  • Basis Review Manager

    SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.

Featured Content

  • SAP Security & GRC Podcast

    Soterion’s podcast is focused on helping organisations achieve effective access risk management in SAP and covers a wide range of topics related to SAP security, compliance, and industry news. The podcast features interviews with experts from the SAP community who share their experiences and knowledge on topics such as identity and access management, SAP security controls, audit, and compliance.

  • Soterion’s Effective GRC Pyramid

    GRC practitioners need to look further than just the GRC solution, rather looking at all the associated components collectively to understand their inter-relationship. View your organisations GRC holistically using Soterion’s Effective GRC Pyramid for effective access risk management. Download your free infographic to illustrate the inter-relationship between the various components of SAP security and GRC.

Multimedia Centre

  • Soterion Corporate Video

    Soterion's plug-and-play agile GRC offering provides immediate integration into SAP allowing you to keep up with the market while effectively managing risk. The team at Soterion understand that the world is changing more rapidly than ever before. We know that organisations are having to become more agile to stay competitive, while dealing with escalating risk, increasing compliance and audit requirements and organisational vulnerability.

  • What is Business-Centric GRC for SAP?

    Dudley Cartwright, CEO of Soterion talks about business-centric GRC and why it’s so important for effective access risk management in SAP. Soterion’s Business-centric solutions convert technical language into business-friendly terms, allowing business users to not only understand the risks in their area of responsibility but also facilitate quicker decision making.

Articles / Case Studies / Videos

  • Soterion’s GRC Trends Report

    Published: 17/November/2023

    Reading time: 1 min

    Explore the 2023 trends in SAP GRC: skill gaps, access risks, and cloud challenges. Secure your SAP future.

  • Case Study: Driving Governance at Bridgestone

    Published: 10/May/2023

    Reading time: 1 min

    Bridgestone Australia faced challenges in managing financial risk in their SAP system with a growing team. After investigating several options, they discovered Soterion’s GRC solution which provided a clear picture of their financial risk in the business, enabling the team to present the stats to the risk committee and executive team providing peace of mind…

  • SAP Security and the Provisioning of SAP Access

    Published: 10/May/2023

    Reading time: 1 mins

    This article highlights the evolution of SAP security, access control (GRC), and IAM solutions, and discusses how organizations can choose the right solution for their needs, including a hybrid model. The article emphasizes the importance of collaboration between SAP security and cyber teams and encourages readers to consider their organization’s needs, business objectives, SAP footprint,…

  • SAP Security: Dealing with cross-division access in Saint-Gobain

    Published: 10/May/2023

    Reading time: 1 min

    Saint-Gobain South Africa faced unique access control issues due to having multiple companies within a shared SAP ecosystem. With a mix of role methodologies and outsourced providers, they consistently failed access control audits. Through implementing a GRC solution and a role redesign, they established a solid foundation for access control and mitigated risks. Continual efforts…

  • Case Study: Aker Solutions reduced access risk by 85% with Soterion

    Published: 10/May/2023

    Reading time: 1 mins

    Aker Solutions faced a growing SAP access risk problem with 1.5 million potential access risks, but Soterion’s GRC solutions reduced risks by 85% in just six months. With Access Risk Manager and Basis Review, Aker Solutions achieved increased regulatory compliance, efficiency, and effectiveness while mitigating risk.

  • Can Pablo Escobar teach us something about Risk Management?

    The article explores how Pablo Escobar’s approach to mitigating risk can be applied to SAP security and access risk management. Despite his infamous reputation as a narco-terrorist, Escobar’s success in running a multi-billion dollar illegal drug industry offers valuable lessons for organizations looking to manage risk without the help of sophisticated technology. By examining Escobar’s…

  • Maximising the Value of your GRC Investment – The Importance of Defining a GRC Roadmap

    Enhance the value of your access control (GRC) solution by involving both IT and business users, ensuring a comprehensive roadmap that drives optimal returns on investment and reduces fraud risk. This session emphasizes the importance of creating a structured roadmap document to guide implementation tasks, ownership, and timelines, fostering awareness and accountability throughout the organization.…