Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.

Turnkey's SAP Risk Assessments

Security is too often an afterthought in SAP implementation projects, leaving the data and information within the estate vulnerable. At Turnkey, we have two SAP Risk Assessments which will help you stay secure.

Managing SAP security is not a simple task. It requires enforcing controls at multiple levels. However, security is often an afterthought in many SAP implementation projects.

Adequate focus may not have been placed on designing appropriate and compliant security controls, or security testing may have been compromised due to time or budget constraints.

How we can help

Turnkey offers two SAP risk assessment options that help organisations address these challenges by providing a current view on your security model and a tailored high-level roadmap to increase your security risk posture:

The SAP Access Risk Assessment
This is primarily focused on risks related to user access in SAP systems and covers Segregation of Duties (‘SoD’) risks as well as sensitive and critical access risks. This also covers a high-level assessment of SAP role design, access to privileged access in SAP and user/role management procedures. 

The SAP Cybersecurity Risk Assessment
This primarily focuses on cybersecurity risks in your SAP platform, including security configurations, security vulnerabilities, missing patches, interface controls, and custom code security.

The three options for the SAP Access Risk Assessment

  • One-time SAP access risk assessment covering both SoD risks as well as sensitive/ critical access risks along with actual execution details
  • Out Of The Box (‘OOTB’) ruleset
  • One SAP production system
  • Assessment of your SAP user and role administration processes
  • SAP security roadmap covering areas of highest priority, tailored to your organisation
  • Detailed data allowing you to take remediation actions
  • Approx. 2 – 3 weeks

Professional +

  • Quarterly SAP access risk assessment
  • One-time ruleset customization
  • Maintain Mitigation Control (‘MC’) risk register
  • Continuous SAP access risk assessment
  • Access to SAP access risk compliance dashboard
  • Preventive controls (i.e., access request workflow with preventive access risk assessment)
  • Emergency access manager with activity logs
  • Periodic SAP User access review manager

The three options for the SAP Cybersecurity Risk Assessment

  • One-time SAP cybersecurity risk assessment covering almost 2,000 checks and missing security patches
  • One SAP production system line
  • Overview of risks in your SAP interfaces
  • A security roadmap covering areas of highest priority, tailored to your organisation
  • Approx. 2 – 3 weeks


  • Three SAP production system lines
  • Quarterly SAP cybersecurity risk assessment
  • Automated implementation of missing SAP security notes (where possible)
  • Continuous SAP cybersecurity risk assessment
  • Custom SAP code security review
  • Real-time SAP cybersecurity threat assessment
  • Integration with your SIEM solution

Get in touch

Fill out this contact form, and we'll get in touch to discuss our SAP Risk Assessment packages in more detail.

Get in touch with Turnkey today

Sign up to get the latest updates