SAP security consulting for Swiss organizations, based in Geneva
SAP Security in Switzerland

SAP Security Consulting in Switzerland

We are a Geneva-based SAP security firm working with organizations across Switzerland. If you run SAP and answer to a Swiss regulator, a group auditor, or both, this is the practice you want in the room. For the full topical detail of what we do, see our SAP Security page; this page is about the Swiss context specifically.

SAP security for the Swiss regulatory context

Swiss organizations carry a particular mix of obligations, and SAP access sits underneath most of them:

  • Swiss Code of Obligations, internal control system (ICS). Companies subject to an ordinary audit must maintain an ICS, and the auditor confirms its existence. SAP authorizations and segregation of duties are a core part of that control system.
  • FINMA-supervised institutions. Banks, insurers and other supervised entities operate under FINMA expectations on operational risk, resilience and outsourcing. Access governance and SAP security posture are directly in scope.
  • ISAE 3402 / SOC reporting. Service organizations report on their controls to clients and auditors. Where SAP underpins the service, its access and change controls are part of the report.
  • Revised Federal Act on Data Protection (nFADP / revDSG). In force since September 2023, it raises the bar on who can access personal data and how that access is controlled and logged.
  • SOX for Swiss subsidiaries. Swiss entities inside US-listed groups inherit SOX IT general controls, including SAP access and segregation of duties.

We design and remediate SAP access so it stands up to whichever of these applies to you, and so the evidence is ready when the auditor asks.

Sectors we work with

Banking, insurance & finance

FINMA-aligned access governance, SoD remediation and audit support for financial institutions in Geneva, Zurich and across Switzerland.

Commodity trading

The Geneva trading sector runs complex, fast-moving SAP landscapes where SoD and critical-access control matter as much as the market position.

Pharma & life sciences

Access control and audit readiness for regulated manufacturers across the Léman region and beyond.

Public sector & industry

Pragmatic SAP security and internal-control work for public entities and industrial groups that need compliance without over-engineering.

On-site across Suisse Romande, remote across Switzerland

We are based in Geneva and work on-site across Suisse Romande: Lausanne, Neuchâtel, Fribourg, Sion, Yverdon, and remotely across German-speaking Switzerland and neighboring France. We work in French and English, alongside your teams and your auditors.

For larger programs, group-wide GRC rollouts, full S/4HANA transformations, international audits, we partner with leading global audit, risk and technology consulting firms, so you get Swiss-based senior accountability backed by delivery capacity when the scope requires it.

Work with us

Our SAP security scope Contact a consultant in Geneva