EVBox – 90 % risk reduction of SAP risks via cleaning and authorisation redesign
EVBox – 90 % risk reduction of SAP risks via cleaning and authorisation redesign
EVBox is a Dutch provider of charging stations for electric vehicles. The company was founded in Almere in 2010 and in a few years has grown into one of the market leaders in the field of versatile charging systems. EVBox, based in Amsterdam, is one of the fast-growing products in the charging station industry. The Dutch charging station manufacturer produces high-quality, user-friendly, and easy-to-manage charging solutions for a wide range of users, from home use to the most complex business applications. In addition to a varied model range, EVBox also offers customers charge management, service, and various accessories. EVBox chargers are suitable for use at home, at work, and in public places.
EVBox is improving the IT controls, including the design and implementation of the IT General Controls and the improvement of the SAP authorization concept to mitigate risk related to the segregation of duties and critical access. EVBox asked us to help in redesign SAP roles and authorizations for the SAP S/4 HANA production environment and reduce their SAP Security and SoD risks

In 2022, BR1GHT performed a baseline assessment to determine the risks of the SAP Authorisation design. Based on this assessment, EVBox has decided to mitigate the risks by redesigning its SAP Authorisations. It is their ambition to have an SAP environment in which the key risks are mitigated and the fundament of the authorization concept is strong and robust.
The SAP Redesign consisted of two phases:
• Fi related roles which will be go-live within 4 month
• The non FI related roles will go live within 2 month
The scope of the redesign was not limited to Finance, sales and purchasing, but is also includes FIORI apps are part of the scope of the project.
Within this redesign, we used the Soterion technology daily. To design and implement risk-free and SoD free single roles, to simulate risks when combining roles in business workshops, and to analyse the quality of the result. Soterion is key in an efficient authorization redesign. EVBox has chosen to use the standard Soterion rule set, it is also possible to configure client-specific SoD and risk rule sets when desired. We have tailored the rule set based on EVBox specific roles and objects.
As BR1GHT used their Soterion Technology during the role redesign, we get familiar with the risks of adding transactions to roles, or add additional roles to profiles. It helped us to understand the reasoning why specific choices where made and to determine the desired risk level
BR1GHT has also analysed the usage of the transactions in EVBox with Soterion. Together with their current business roles and responsibilities, in business workshops BR1GHT supported us to effectively design the future role architecture. The business tests enabled us to test their roles thoroughly. Unless we have spent sufficient time ‘on the acceptance testing, the next time, I would even test more to ensure people get used to their new profiles.
BR1GHT has delivered an authorization design with is has limited EVBox’ key risks and Sods with 90%. The existing SODs which are approved by the business and mitigated controls are designed and implemented by the business to reduce the risk. Also the business interruptions after go-live were very limited.
BR1GHT has achieved their deadlines. They have redesigned our whole environment within 6 months.
EVBox is a company that is pragmatic, willing to make things better and constantly challenging BR1GHT on our approach, quality and results. BR1GHT is grateful to work with a fast growing company like EVBox and supports to setup a sustainable foundation for further grow. EVBox has chosen BR1GHT for its pragmatic approach, in-depth knowledge, and proven SAP authorization redesign experience.
BR1GHT was able to commit to the tight deadlines and convinced EVBox to deliver the right quality. The fact that we were able to start fast and use technology was a differentiator.
At the end, BR1GHT has limited the SAP Security and SOD risks with more then 90%
BR1GHT’s pragmatic approach, in-depth knowledge, and proven SAP authorization redesign experience truly made a difference for us. They helped us achieve a 90% risk reduction in our SAP environment within the agreed deadlines of 6 months, providing a strong and robust foundation for our authorization concept.