SAP® Security Assesment

SAP® Security Services

Know the security level of you SAP® systems

SAP® Security Assessment is a comprehensive security product that Inprosec offers to its customers to have real-time information about the main risks and insecure configuration settings existing in SAP® systems. Do you want to know how secure your SAP® systems are?

Risk & Role Model Analysis

Access risk analysis in SAP® systems using the standard SAP® risk matrix to identify users with segregation of duties (SoD) risks and critical access.

In addition, an analysis of the role model used is carried out and compared with a role model based on best practice in order to identify improvements and recommendations that can be made to reduce the number of risks and simplify access management in SAP® systems.

  • Lack of visibility of user access rights.
  • Users with broad access rights, leading to risks and inefficiencies.
  • Lack of visibility of segregation of duties (SoD) risks.
  • Identification of unauthorised access and security issues.
  • Inprosec has a revised and updated risk matrix for ARIBA, APO, BASIS, CRM, ECCS, Fieldglass, HANA DB, HR, IBP, ISU, R3 S/4HANA, SRM and SuccessFactors systems.
  • Compare assigned risks with those used (transactional usage). Identify and mitigate those accesses that generate more risk.
  • Own SAP® GRC 12.0 laboratory.
  • Our solution has no licensing or implementation costs.
  • Access to accurate and real-time information about the risks of SAP® systems.
  • Reports with improvement actions and specific recommendations for risk reduction.
  • We have our own constantly updated methodology based on more than 10 years of experience in the sector.

Security Analysis

This security analysis service provides an overview of the security level of your SAP® systems. Review of users and passwords, technical analysis of vulnerabilities, security parameters, system load and status, policies and procedures.

Vulnerable SAP® systems are easy to attack, due to factors such as:

  • Use of weak passwords.
  • Lack of policies and procedures.

We have a methodology based on SAP® Security Baseline (with more than 300 specific controls).

Specific controls on:

  1. Users and passwords.
  2. Technical analysis of vulnerabilities and patches.
  3. Securty Audit Log.
  4. Security parameters.
  5. Encryption.
  6. RFC Connections.
  7. Transports and development.
  8. Others (Gateway, Message Server and Internet Communication Manager).

You will receive an action plan to improve the security of your SAP®.

  • Improve the security of your SAP® systems with a security analysis that identifies areas for improvement and actions to be taken.
  • Avoid being exposed to vulnerabilities and learn about current risks.
  • Avoid insecure configurations.

Custom Code Security Analysis

Custom code analysis in SAP® systems helps to ensure that custom applications do not have security, compliance, quality or performance issues.
Based on the results of the ABAP code analysis, we can recommend concrete actions to correct and improve the security and performance of applications, as well as help to meet internal and external audit requirements.

  • SAP® systems with outdated or obsolete ABAP code developed without following best practices.
  • Lack of secure code development practices.
    Complexity in designing and developing custom secure applications (z).
  • We have developed our own methodology based on more than 10 years in the industry.
  • We use standard tools without licence fees.
  • Functional and technical analysis.
  • Improving the security of custom development in SAP®.
  • Define best practices for developing secure code in SAP® systems.

Why choose Inprosec?


Multidisciplinary team

At Inprosec we have a multilingual team formed of various academic profiles (engineers, business analysts, auditors, …) who perform their duties assuming the roles of consultants, auditors, project managers, etc.


Continuous improvement

In a world that is constantly changing, it is fundamental learn and improve to adapt and offer services aligned with the needs of Customers.


Value proposition

  • We are not incompatible with audits.
  • We are independent. We are Consultants.
  • We do not compete in markets that are unfamiliar to us.

Do you want to learn about SAP® Security?

Can we help with your company’s SAP® Security Assesment?