SAP Security Consulting in Switzerland
We are a Geneva-based SAP security firm working with organizations across Switzerland. If you run SAP and answer to a Swiss regulator, a group auditor, or both, this is the practice you want in the room. For the full topical detail of what we do, see our SAP Security page; this page is about the Swiss context specifically.
SAP security for the Swiss regulatory context
Swiss organizations carry a particular mix of obligations, and SAP access sits underneath most of them:
- Swiss Code of Obligations, internal control system (ICS). Companies subject to an ordinary audit must maintain an ICS, and the auditor confirms its existence. SAP authorizations and segregation of duties are a core part of that control system.
- FINMA-supervised institutions. Banks, insurers and other supervised entities operate under FINMA expectations on operational risk, resilience and outsourcing. Access governance and SAP security posture are directly in scope.
- ISAE 3402 / SOC reporting. Service organizations report on their controls to clients and auditors. Where SAP underpins the service, its access and change controls are part of the report.
- Revised Federal Act on Data Protection (nFADP / revDSG). In force since September 2023, it raises the bar on who can access personal data and how that access is controlled and logged.
- SOX for Swiss subsidiaries. Swiss entities inside US-listed groups inherit SOX IT general controls, including SAP access and segregation of duties.
We design and remediate SAP access so it stands up to whichever of these applies to you, and so the evidence is ready when the auditor asks.
Sectors we work with
Banking, insurance & finance
FINMA-aligned access governance, SoD remediation and audit support for financial institutions in Geneva, Zurich and across Switzerland.
Commodity trading
The Geneva trading sector runs complex, fast-moving SAP landscapes where SoD and critical-access control matter as much as the market position.
Pharma & life sciences
Access control and audit readiness for regulated manufacturers across the Léman region and beyond.
Public sector & industry
Pragmatic SAP security and internal-control work for public entities and industrial groups that need compliance without over-engineering.
On-site across Suisse Romande, remote across Switzerland
We are based in Geneva and work on-site across Suisse Romande: Lausanne, Neuchâtel, Fribourg, Sion, Yverdon, and remotely across German-speaking Switzerland and neighboring France. We work in French and English, alongside your teams and your auditors.
For larger programs, group-wide GRC rollouts, full S/4HANA transformations, international audits, we partner with leading global audit, risk and technology consulting firms, so you get Swiss-based senior accountability backed by delivery capacity when the scope requires it.
Work with us
- Senior SAP security consultants, not a rotating bench of juniors.
- Fixed-price packages where the scope allows, so you know the cost up front.
- The whole SAP security stack: GRC and access governance, authorizations, platform cybersecurity and S/4HANA security.