Keep a close eye on your risks!

Given the constantly growing requirements and risks in SAP, challenges arise in terms of creating and maintaining custom-made rules for the respective GRC solutions. For analyzes, reports and processing of authorizations and system settings, a constantly updated and well-maintained ruleset ensures a secure administration in the SAP system.

With the help of our services, we evaluate the requirements individually and, depending on the catalog of requirements and legal regulations, we can build up the basic knowledge and the necessary know-how. We support you in identifying which risks are relevant for you and together we can define the right ruleset for your GRC solution. If you already have a ruleset in use, we will help you ensure that your current ruleset is up to date, identify potential for optimization and establish best practice approaches.

Your Contact

Erik Trouillet
GRC Services
[email protected]

Are you interested in our GRC services?

Contact us for a non-binding offer!

Your challenge

Building a ruleset is not a one-time task. A ruleset must be constantly checked, expanded, or adapted. Changed processes mean changed risks and consequently different rules. So, what are the most common problems, why is there no ruleset or why does this no longer meet the requirements? Our experience shows that it is often one of the following reasons:

Our solution

Our approach always pursues an overall view of the risks. These are mapped in a global ruleset and always reduced to the most critical authorizations in order to keep complexity low and to make rules transparent. Our ruleset takes into account the changes made with SAP S/4HANA (including Fiori apps) and customer-specific in-house developments. Together with you, we decide where and which rules are relevant for your organization.

We first analyze the requirements that will be placed on the new ruleset. For this purpose, we record, for example, compliance requirements from a regulatory and ICS perspective and review your possibly existing ruleset. In the next step, we check your in-house development to identify missing or incorrect authorization checks and correct them.

In addition, the maintenance of the SU24 default values plays a central role, which allows the critical authorizations relevant for the ruleset to be assigned to a transactional context. In the last step, we create the final rulesets for you and validate the results so that the ruleset is not only professionally but also technically clean. We support you with the implementation in the productive environment to monitor and control the authorizations for your processes so that the rules are established, maintained, and accepted on the long term.

All information and services at a glance...

In the new SAP compliance flyer for your GRC solution!

Our Approach


Xiting Compliance Services

We support you on your way from creating awareness about compliance to defining and implementing a ruleset for the XAMS CRAF solution, SAP GRC Access Control and SAP IAG, among others. No matter if it is the creation of a coordinated, final ruleset, or support in developing a ruleset with “ECS meets XAMS”. In any case, our aim is to be your competent and reliable partner for risk management.

Compliance Workshop

Custom Ruleset

ECS meets XAMS


Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now