Rated by gartner

Policy Management

Segregation of Duties and Privileged Access Policies

Detects access policy violations to control financial, operational, fraud, and cyber risks. Define policies in terms of risk descriptions, impact, likelihood, and fine-grained rules that constitute discrete and fuzzy logic in terms of IT system security entitlements and privileges for governance models such as Segregation of Duties, Sensitive Access, Data Protection, and Trade Secrets.

Eliminate false-positive filters to improve risk analysis and response. A high-performance policy engine rapidly analyzes millions of security attribute combinations and permutations across all enterprise IT systems and ERPs and business application security snapshots to report violations. Violation Manager eliminates exceptions where risk is accepted with compensating controls, using advanced filters. Remediation Manager issues corrective actions using closed-loop workflows that expedite risk response, reduce risk exposure and automatically update violations reports to ensure audit evidence is accurate and timely.

Rules Management

False Positives

Security Snapshots

Violations Manager


Compensating Controls

SafePaaS enables your Compliance, Risk and IT teams to:

  • Automate Segregation of Duties risk assessments and changes
  • Monitor role assignments and responsibilities
  • Detect, correct and prevent access violations

  • SafePaaS Segregation of Duties Policy Manager employs a rules management engine, to scan user access using the security structure of your ERP system. Policy Manager identifies users and their role assignments that violate one or more Segregation of Duties policies. Violation results are stored in a database which is accessed using analytics in Policy Manager. Download test results and corresponding remediation plans in Excel, Word, Acrobat and other common formats to assure management and auditors that your business systems fully comply with Segregation of Duties policies.

    Segregation of Duties

    Recommended Reading

    How to select an SoD tool

    How to select an SoD tool

    When it comes to SoD audit tools, you can either build your own in-house or choose between a few vendors currently on the market. But buyer beware, not all tools are created equal. Learn what to look for when exploring options.

    Segregation of Duties fraud risk

    How to prevent fraud risk

    SoD is the most effective approach to placing internal controls over your organization’s assets and preventing the kind of fraud seen at Yale. 

    Sod Audit Tools

    The importance of cross-application SoD capabilities

    It is not unusual, especially in large enterprise customers, to find sets of data in different ERPs. For example, supplier master data may be stored in one ERP such as Oracle e-Business Suite, or ERP Cloud and transaction data in another such as Workday.