Over 80% risk reduction in SAP SoDs for a leading energy company

A major energy company in South America embarked on a strategic IT improvement program to professionalize its IT function and strengthen alignment between Business and IT. Under the guiding principle “Business leads, IT drives,” the organization initiated several projects to enhance IT control, with a strong focus on improving business process governance and reducing SAP access risks.

To support these efforts, the company engaged BR1GHT to address Segregation of Duties (SoD) and critical access risks within its SAP ECC and HR systems. Beyond delivering a redesigned authorization structure, BR1GHT provided managed services to ensure continuous process improvements and sustained risk reduction.

The Challenge: Strengthening SAP Access Control
At the start of the project, the company faced significant SAP SoD and critical access risks that needed urgent attention. The existing SAP authorization model required a redesign to effectively mitigate risks while maintaining business efficiency. The goal was to establish a structured, risk-controlled SAP environment where compliance was seamlessly integrated into daily operations.

Our Approach: A Structured SAP Authorization Redesign
The project began with a baseline risk assessment using Soterion®, providing detailed insights into the company’s SAP access risks. To ensure a tailored approach, BR1GHT customized the SoD ruleset to reflect the organization’s specific business risks. Through a series of workshops with key business units, the ruleset was refined to focus solely on actual, business-critical risks, ensuring relevance and alignment with operational needs.

Following this, a full SAP authorization redesign was executed across the ECC and HR environments. Using Soterion’s advanced risk simulation tools, BR1GHT developed risk-free single roles while ensuring that the new framework maintained both security and operational flexibility.

Throughout the engagement, BR1GHT operated under a fixed-fee model, allowing the company to maintain cost predictability while ensuring high-quality results. Although unforeseen project delays arose due to an extended User Acceptance Testing (UAT) phase and competing business priorities, BR1GHT remained flexible and committed to delivering a successful outcome.

Remote Collaboration & Technology Enablement
The entire project was conducted 100% remotely, with the company experiencing BR1GHT’s approach as pragmatic, efficient, and highly collaborative. The BR1GHT team ensured seamless engagement, always being available when needed, despite the remote setup.

Soterion played a critical role in the redesign, enabling real-time risk analysis, role simulations, and authorization optimization. During the project, the company selected FastPath as its new SoD monitoring tool, and BR1GHT facilitated the seamless transition from Soterion to FastPath, ensuring a smooth and effective handover.

Conclusion: A Secure and Future-Proof SAP Environment
Through a structured and collaborative approach to SAP authorization redesign, the company now benefits from a secure, compliant, and future-proof SAP environment. By leveraging the right technology, refining risk-based access controls, and embedding continuous improvement, BR1GHT has enabled the company to strengthen its SAP security posture while maintaining business agility.

Results: Over 80% Risk Reduction and Sustainable Compliance
The project delivered outstanding results, achieving an over 80% reduction in SoD and critical access risks. The company now operates with a structured and sustainable SAP authorization model, ensuring long-term compliance, security, and operational efficiency. The transition to FastPath has further enhanced continuous risk monitoring capabilities, empowering the company to proactively manage access risks.