SAP Audit, Controls and Security Risk Assessment Service

We will quickly identify access and authorization risks, unusual behaviour, undesirable behaviour and vulnerabilities within your SAP Landscape

With over a decade of being a trusted advisor and provider of SAP Security Monitoring and Control software across a range of UK sectors including Banking, Utilities, Retail, Public Sector Authorities, and Manufacturing, we have amassed and configured an exceptional library of automated checks within our software that enables it to perform very fast risk and vulnerability assessments across an organization's SAP landscape. Suffice to say that during the past 10 years we have detected countless critical risks within organizations that had previously gone unnoticed, even within the most heavily audited systems!

We are now offering our software, knowledge, and expertise in this area as a service to provide organizations with an ultra fast SAP security risk assessment.


How it Works

At the heart of this service is a SaaS instance of Xpandion's Gartner Award Winning ProfileTailor™ Dynamics hosted by ourselves. We have already configured this system to check for over 1,000 potentially risky SAP situations. To enable these checks we will run a small collector client on your SAP instance(s) which will create a data package that gets loaded into ProfileTailor. There are no changes whatsoever required to your SAP systems to run our collector client


Detailed Analysis

During the course of our Risk Assessment Service we will be processing and analyzing a vast amount of both static and real-time data to identify for situations and activities that are nigh-on impossible to identify without a powerful system such as ProfileTailor™ Dynamics. In combination with the data analysis power of ProfileTailor, our SAP security and audit experts will be able to identify such situations as;

  • Unauthorized and unmonitored access to personal data
  • Direct Table Access - static and real access
  • Inappropriate High Risk Access to sensitive parts of your systems
  • Real-time and static segregation of duties issues
  • Employees with high levels of unused access and authorizations
  • Potential Account Sharing/Multiple Account Usage - avoidance of SoD detection
  • Sensitive SAP HR/HCM data access
  • Third party system Digital (Indirect) Access
  • Inappropriate third party supplier access
  • Data download and export capabilities
  • Real-time Usage assessment of power accounts

Delivering a Detailed, Clear and Easily Consumed Report

Following our analysis we will produce a detailed yet clear and easily consumed report highlighting the most serious threats, vulnerabilities and risks that we have discovered within your SAP landscape. We will also supplement this report with additional detailed documents which can be used by your security team to start closing down any risks that need re-mediating.




How long does it take and how much does it cost?

Our SAP Risk Assessment Service typically takes around 2 weeks to complete which, considering the detailed analysis that we go into, is extremely quick. The cost of the service starts from around £10,000 but does of course ultimately depend upon the size and complexity of your environment. We will be happy to discuss this in detail and provide you with a personal quote.


Next Steps

If you are interested to find out more then please do Contact Us



Available as a Cloud Managed Service
Available On Premise