WIXLIB

ACCESS RISK MANAGERAccess Risk Manager: Identify RiskGain insight into your SAP access risks with businessfriendly reporting.SAP Access Risk Analysis — IncorporatingTransactional UsageSoterion for SAP analyses users’ authorizations andincorporates the user’s historical transactional usage data toThis allows business to focus on the real access risk in the SAPenvironment.Business-friendly SAP Access Risk ReportingSoterion for SAP allows the organisation to view data from everyangle by using drag and drop functionality for grouping andlandscape, including high-risk areas, in relation to risk toleranceand appetite levels. Reporting on SAP access risks at departmentBusiness-Process Flows Reportingto the access risk, converting the technical GRC language into abusiness-friendly language to ensure better decision-making.Access Risk Manager: Get CleanRemediate SAP access risks with minimal business interruption using powerful data analytics.Resolution-driven GapAnalysis ReportingSoterion for SAP performs a GapAnalysis between potential SAPaccess risk and the actual SAPaccess risk in your authorizationenvironment. Identifying andcontrol of your SAP authorizationlandscape. Any redundant useraccess can then be remediatedwithout business interruptionand allows business to focus onthe real access risk. Redundantuser access typically contributesto 80% of the access risks in anSAP environment.SAP Access Risk Clean-up ProjectionThe Risk Clean-up Projection view estimates to which degree your SAP Authorization solutioncan be cleaned up using Soterion for SAP’s methodology. The clean-up actions focus initiallyminimal impact on business.Risk Clean-up WizardsThe Risk Clean-upWizards provide clear,focused, step-by-stepsuggestions on how toeradicate access risks,from the removal ofto the splitting of rolesbased on role usageanalytics.

ACCESS RISK MANAGERGet Clean: User Risk OverviewThe majority of access risk in a SAP environment is caused by functionality that is assigned to a user but is not being used. Soterionfor SAP’s Gap Analysis functionality enables you to align your authorization solution to what the users are actually doing in thesystem, thus allowing you to focus on the real access risk in your SAP environment.Access Risk Manager: Stay CleanAllocation Simulations and“What-If” AnalysisSoterion for SAP allows for the simulationof SAP authorization changes priorincorporating the user’s transactionalusage history, business is empoweredto make better access risk decisions.Change control ensures businessapproval of authorization changes,together with the risk impact.“Out-the-Box” Rule Set that isFully CustomisableSoterion for SAP comes with an ‘outthe-box’ access risk rule set based onbest practice for all industries. The ruleset is easily customisable to cater for anMitigating ControlsSoterion for SAP’s unique Gap Analysisfunctionality enables business to focuson mitigating the actual SAP access risks.Business can graphically view theThe Control Library is a central repositoryof mitigating controls, allowing businessrisk through default controls andSimulationSimulation ResultStay Clean: Allocation Simulatoraudit trails for changes and risks.Contact us for more information: sales@labs.epiuse.com epiuselabs.com

BASISREVIEW MANAGERThe Basis Review Manager consists of a number of checks that can be executed against your SAP system. The results will behighlighted as either passes or fails, with the option of mitigating failed reports. Examples of typical tests are:Parameter Settings (RSPARAM)Password lengths, expiry andcomplexityRestricting multiple logonsExamining table loggingRole ChecksRoles that are in the Productionenvironment, but not assigned tousersRoles that were created or changed inthe Production environmentRoles with wildcards for transactionsUser ChecksUsers who have developer keys inthe Production environmentTest users who are working in theProduction environmentUsers who have SAP standard rolesin the Production environmentContact us for more information: sales@labs.epiuse.com epiuselabs.com

ELEVATEDRIGHTS MANAGERGranting Sensitive Access in a Safe and Structured EnvironmentFrom time to time, users need temporary or emergency access for a limited period - often called. This modulemanagement team to perform a structured review of any activities that were performed during the Elevated Rights Access checkout period.Our Processeither a role or to an SAP user.Elevated Rights RolesWide access roles can be assigned to pre-approved SAPUsers when performing a check out. The particular SAP userwill use their SAP User ID to perform the required activitiesin SAP.Elevated Rights SAP UsersAn SAP user account containing requisite wide accesswill be unlocked, and the password will be sent to a preapproved entitled SAP User. The relevant SAP User accountwill be used to perform the necessary activities in SAP.users to ElevatedRights AccessReviewervalidatesSAP activitiesUser checks outElevated RightsAccessUser checks inElevatedRights AccessUser performsemergency activitiesin SAP

ELEVATED RIGHTS MANAGERChecking Out ElevatedRights AccessWhen a user performs a check out, the Elevated Rightsenable them to perform the required emergency activities.Once completed, the user will be able to check the ElevatedRights Access back in. Alternatively, it will automatically bechecked in once the allocated period has expired.Review of Elevated RightsAccess ActivitiesAll changes in SAP will be logged and downloaded tothe Soterion Elevated Rights Manager for review. Allthat were changed can be reviewed by the reviewer. Anysensitive transactions that were executed (SOD or CriticalTransactions) will also be highlighted for their attention.The reviewer will be able to acknowledgethe activities performed by the Elevatedcan be marked for “Review - Follow up” ifthere are any queries.Contact us for more information: sales@labs.epiuse.com epiuselabs.com

PERIODICREVIEW MANAGERAligning Your GRC Capabilities with Your Business ObjectivesPeriodically reviewing your SAP user access, analysing the associated risks and evaluating the necessary controls will align your GRCas being an audit and statutory requirement in many business environments.A Mature GRC Capability Includes Periodically Reviewing a User’sAccess, Risks and ControlsThe Periodic Review Manager provides a platform whereuser access reviews can be performed by business users inexternal rule set and control reviews.Soterion’s Periodic Access Review Manager ensures centralcontrol, but decentralised management throughout the entireuser access review process.Controls ReviewUser Access ReviewReview your SAP user access allocations to ensure thatall assignments are still relevant. Recertify user access byRule Set ReviewRegularly reviewing and updating your risk rule set will ensurecontinued relevancy in an evolving business environment.CONTROLS REVIEWRULE SET REVIEWUSER ACCESS REVIEW

PERIODIC REVIEW MANAGERPersons Involved in a ReviewLINE MANAGERSReview access to ensureit is in line with jobfunctionsRISK OWNERSReview access andROLE OWNERSReview access andQA TEAMReviews rejections fromreviewers, removing orsubstituting Roles in SAPAny combination of line managers, risk owners and role owners may accept or reject user role allocations in the context of aparticular risk scenario. Business users are able to participate from any web-enabled device. The Administrator has access to anbe regularly updated via email.The Review ProcessLINE MANAGERSROLE OWNERSRISK OWNERSReviewers approve andreject User Role allocations.rejects an allocation thatwas previously approved bythe approver.QA team reviewsrejections and actions theremoval of rejected roleallocations in SAP.SAPA review set is a snapshot of the user access landscape in SAP at the time of its creation. Each review set also contains a list ofowners and approvers for users, risks and roles.Reviewers can Perform UserRole Approvals and RejectionsAn automated email from the Administrator prompts all relevantusers to participate in the review process by simply logging intotheir Review Inbox from any web-enabled device and using theWhen logging in, the user will be presented with an Inbox that willdetail the role allocations and associated risks in separate tabs.The user can approve or reject role allocations and if necessary,will be able to add comments.The user is able to view (and revert) allocations that werepreviously approved or rejected by them. The user will havethat is allocations that were previously approved, but have beenrejected by another user.Contact us for more information: sales@labs.epiuse.com epiuselabs.com

PERIODIC REVIEW MANAGERSoterion Converts the Technical GRC Language into aLanguage your Business Users can Understand.Soterion’s Periodic Review Manager allows the business users (reviewers) the option of performing their review by businessis non-descriptive of the function of the role, or where the SAP roles are large and contain many activities, this often leads toreviewers not knowing what access is contained in the SAP roles.indicate access that has been assigned to the reviewer’s SAP users.been assigned those SAP roles.the organization time and money.Contact us for more information: sales@labs.epiuse.com epiuselabs.com

EMPLOYEESELF-SERVICE MODULESAP User Role Provisioning will be Revolutionised by Soterion’sEmployee Self-Service (ESS) ModuleSoterion’s ESS Module will enable you to decentralise the provisioning of SAP user access. This functionality will reduce the timeit takes users to obtain their required access, as well as lowering the costs associated with having large SAP Security teams tosupport the user provisioning process in your business.Role ProvisioningRoles in SAP can either be assigned directly to a user’s SAP User ID or via their SAP HR position. Soterion’s Business Role optionStandardisation and FlexibilityBusiness Roles will enable the standardisation of job functions,user’s job function.Soterion’s Organisational Structure gives the user easy accessto the required results.Provisioning Using the Business Role ConceptRoles to be assigned to the applicable Business Roles, consequently simplifying the selection process for all relevant users.

EMPLOYEE SELF-SERVICE MODELSoterion’s ESS ModuleUsers may access the Soterion ESS portalfrom any web browser in order to provisionaccess to themselves or to other users.ESS will enable users to:Request additional SAP accessRemove existing SAP accessReset SAP passwordsESS users will be able to provision accessto users using the following options:Business RolesSAP Composite RolesSAP Single RolesSAP HR PositionsThe ESS module will perform a Risk Impact Analysison the proposed request.A workflow task will be created for the changerequest and will automatically be provisioned in SAPonce it is approved.Contact us for more information: sales@labs.epiuse.com epiuselabs.com

SOTERION SAPLICENSING MANAGEROptimise Expenditure and Retain Compliance by Taking Control ofYour SAP License Managementmanagement. Soterion’s SAP Licensing Manager can provide you with the insight you need to tailor your SAP license agreementunplanned and excess costs.Our Backgroundproductivity and manage cost, while governing SAP license compliance.Key PointsOur ApproachConsumptionGathering (Bill of Material)Collate SAP license agreements and compare with SAPLicense Bill of Material.categories.Gap AnalysisOptimisation RecommendationsDetermine optimisation opportunities based on the actualusage of license categories. This will include activities suchas locking or expiring dormant user accounts.and determine whether it is within licensing thresholds toavoid facing unplanned excess tionGap Analysis