Skip to content
Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Related insights
Identity and Access Managaement
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Related insights
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Related insights
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social Responsibility
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Related insights
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Related insights
Careers
Turnkey is the place where the brightest problem solvers safeguard some of the biggest brands in the world. If you thrive on a challenge and dare to disrupt the status quo, you’ll love life at Turnkey
Related insights
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Related insights
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Related insights
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Related insights
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Related insights
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
Related insights
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
Related insights

Turnkey's SAP Risk Assessments

Security is too often an afterthought in SAP implementation projects, leaving the data and information within the estate vulnerable. At Turnkey, we have two SAP Risk Assessments which will help you stay secure.

Managing SAP security is not a simple task. It requires enforcing controls at multiple levels. However, security is often an afterthought in many SAP implementation projects.

Adequate focus may not have been placed on designing appropriate and compliant security controls, or security testing may have been compromised due to time or budget constraints.

How we can help

Turnkey offers two SAP risk assessment options that help organisations address these challenges by providing a current view on your security model and a tailored high-level roadmap to increase your security risk posture:

The SAP Access Risk Assessment
This is primarily focused on risks related to user access in SAP systems and covers Segregation of Duties (‘SoD’) risks as well as sensitive and critical access risks. This also covers a high-level assessment of SAP role design, access to privileged access in SAP and user/role management procedures. 

The SAP Cybersecurity Risk Assessment
This primarily focuses on cybersecurity risks in your SAP platform, including security configurations, security vulnerabilities, missing patches, interface controls, and custom code security.

The three options for the SAP Access Risk Assessment

Professional
  • One-time SAP access risk assessment covering both SoD risks as well as sensitive/ critical access risks along with actual execution details
  • Out Of The Box (‘OOTB’) ruleset
  • One SAP production system
  • Assessment of your SAP user and role administration processes
  • SAP security roadmap covering areas of highest priority, tailored to your organisation
  • Detailed data allowing you to take remediation actions
  • Approx. 2 – 3 weeks
Premium

Professional +

  • Quarterly SAP access risk assessment
  • One-time ruleset customization
  • Maintain Mitigation Control (‘MC’) risk register
Enterprise
  • Continuous SAP access risk assessment
  • Access to SAP access risk compliance dashboard
  • Preventive controls (i.e., access request workflow with preventive access risk assessment)
  • Emergency access manager with activity logs
  • Periodic SAP User access review manager

The three options for the SAP Cybersecurity Risk Assessment

Professional
  • One-time SAP cybersecurity risk assessment covering almost 2,000 checks and missing security patches
  • One SAP production system line
  • Overview of risks in your SAP interfaces
  • A security roadmap covering areas of highest priority, tailored to your organisation
  • Approx. 2 – 3 weeks
Premium

Professional+

  • Three SAP production system lines
  • Quarterly SAP cybersecurity risk assessment
  • Automated implementation of missing SAP security notes (where possible)
Enterprise
  • Continuous SAP cybersecurity risk assessment
  • Custom SAP code security review
  • Real-time SAP cybersecurity threat assessment
  • Integration with your SIEM solution

Get in touch

Fill out this contact form, and we'll get in touch to discuss our SAP Risk Assessment packages in more detail.