ISPICIO is a software developer and consultancy, specialising in governance, risk, and compliance (GRC) solutions with a focus on SAP® security.
To efficiently manage increasing compliance requirements, growing complexity of modern SAP® environments and cost pressure in organisations, we develop simplified, flexible, and cost-effective software solutions supported by tailored training and consulting services.
Our long-standing audit expertise and close collaboration with the Big4 audit firms allow us to deliver and constantly improve cutting edge SAP® security solutions for our software and consulting clients, ranging from small and medium-sized enterprises to large corporations across all industries.
Founded in Germany, we have launched ISPICO Pty Ltd in Australia, head-officed in Brisbane, to service our Asia-Pacific clients.
100+ companies have chosen to work with us including 3 of the Big4 audit firms
All of our consultants have a minimum of 10 years of relevant work experience
We are based in Frankfurt to serve the European market and in Brisbane to look after Asia-Pacific
Our goal is to develop tools that cover the most important aspects of SAP® Security in an efficient and cost-effective way. At the forefront of our software products stands ISPICIO_S which has been developed to simplify and accelerate SAP® Security analyses. While other tools require the installation of table extraction ABAPs and deep knowledge of how to analyse and interpret SAP® data, ISPICIO_S provides a simple RFC download function and pre-defined filters that allow the user to benefit from our extensive SAP® knowledge. Pre-formatted PDF reports showing general control settings, access rights, segregation of duties conflicts as well as critical journal entries are all just a few clicks away. Further, the ISPICO_S Server Version, allows for automation of these procedures.
On average ISPICIO customers save over 50% on their usual SAP® Sercurity audit costs.
ISPICIO_S processes thousands of data sets in minutes rather than hours. The server version even allows for automation.
A SAP® audit tool is only as good as its built-in logic. We’ve incorporated years of audit experience into the ISPICIO_S filters.
The data download from SAP® is secure and simple through read-only RFC technology. No ABAP installation is needed.
Our tools run on Windows, Mac and Linux. If you engage us, we can use your hardware. No byte of SAP® data needs to leave your hardware.
The SAP® data required for the analysis is yours and you remain in control. No uploading or carrying around sensitive files.
ISPICIO_S allows the user to run customised reports with self-designed filters / control activities.
Knowledge of weaknesses in your SAP® system is a requirement on the path to compliance. We turn information into knowledge for you.
Results are presented in Pre-formatted PDF reports. They are easy to assess and share.
Make it yours. Your logo and company name can appear on all reports.
New functionalities and additional audit procedures are continuously under development. Updates are free for all active licenses.
Should you decide to purchase an ISPICIO_S license and require ongoing support, we can bundle it accordingly.
We offer a reduced version of our "Full SAP® Security Review" which we call “SAP® Security Health Check”. It will give you insights into a selection of the most critical security aspects of your SAP® system. Because we use highly efficient tools, the work of our experts can usually be done remotely and be completed within two business days. In the unlikely event of you not being happy with the results, we will not invoice you - no questions asked. Register your interest obligation-free today and we will tell you all about our satisfaction guarantee.
Qualified personnel are scarce and daily business often prevents organisations from getting SAP® Security under control. Hence, we offer a comprehensive package that will take the burden off you. One of our experts manages all necessary tasks and analyses your SAP® system with our tool ISPICIO_S. The work is usually done on-site and can be performed on one of your computers. No critical ABAP installation is required. No byte of data has to leave your organisation. The results can usually be presented within a few business days depending on the amount of customisation your organisation requires.
ISPCIO_S comes with a large number of audit rules which we call filters. We’ve incorporated years of audit experience into these filters and we constantly develop them further. However, we have built ISPICIO_S to be flexible and we offer to customize the filters to your specific needs. We can either modify existing filters (e.g. to reflex customised authorisation objects) or add new filters (e.g. to perform user re-certifications for a specific organisational unit). We can also implement ISPICIO_S as a server version that allows for automation of real-time SAP data extraction and execution of your customised filters. The time needed to implement your customised ISPICIO_S solution depends on your specific requirements. We are happy to talk you through the details.
The ISPICIO_S Master training and certification program is designed for internal and external IT auditors and SAP®-security personnel. The training is customisable according to the trainees' needs. The standard course covers data extraction from SAP®, customisation of audit procedures (filters), data analysis, simulating data modifications, reporting functions and presenting results. Trainees will practically use ISPICIO_S on real SAP® data and are then certified at the end of the 4-hour course.
We can help you choose and implement a suitable IT risk assessment methodology including aspects such as system characterisation, threat identification, vulnerability identification, control analysis, likelihood determination, impact analysis, risk determination, control recommendation and risk documentation. We are also there for the risk assessment's execution over the years to come.
Our expertise extends beyond SAP®. We perform IT General Control (ITGC) reviews and help our clients to optimise their control environment following best-practice frameworks such as COBIT.
As SAP® experts we understand business processes. Hence, we offer business process and internal control system (ICS) reviews and optimisations for example to comply with S-OX 404 requirements.
We provide staff for internal audit departments and professional firms when support is needed at short notice, or for a specific project or task.
We offer sustainability services including sustainability reporting, carbon footprinting, carbon reduction strategy development and carbon offsetting through our partner atmosfair®. Our experts are certified sustainability consultants (N-Kompass® certfied) and auditors (EarthCheck® certified).
ISPICIO Pty Ltd
1 / 15 Hardiman Street
Woody Point, QLD 4019
60329 Frankfurt a.M.
Liability for content
ISPICIO Pty Ltd makes every effort to keep the information on this web site current, but accepts no liability whatsoever for the content provided. The law limits our responsibility as a service provider to our own content on these web pages. We are not obligated to monitor third party information provided or stored on our web site. However, we shall promptly remove any content upon becoming aware that it violates the law. Our liability in such an instance shall commence at the time we become aware of the respective violation.
Please be aware that there are inherent security risks in transmitting data, such as e-mails, via the Internet, because it is impossible to safeguard completely against unauthorised access by third parties. Nevertheless, we shall safeguard your data, subject to this limitation. In particular, personal information will be transmitted via the Internet only if it does not infringe upon third-party rights, unless the respective party has given its prior consent in view of such security risks. Accordingly, as the web site provider, we shall not be held liable for any damages incurred as a consequence of such security risks or for any related acts of omission on our part. We oppose the use of any available contact information by a third party for sending unsolicited advertisements. As the web site provider, we reserve the express right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.
Liability for links
Our web site contains links to third-party web sites. We have no influence whatsoever on the information on these web sites and accept no guaranty for its correctness. The content of such third-party sites is the responsibility of the respective owners/providers. At the time third-party web sites were linked to ours, we found no grounds whatsoever of any likely contravention of the law. We shall promptly delete a link upon becoming aware that it violates the law.
The content and works provided on these web pages are governed by the copyright laws. Duplication, processing, distribution, or any form of commercialisation of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator.