What makes

systems access

controlled?

Our vision

Your challenge

Our solution


Our vision


We believe that managing access control need not be a cumbersome and challenging activity and that every organisation is entitled to reduce risks pertaining to segregation of duties and critical data access in a transparent and efficient way.

Your challenge


Managing system access can be complex due to lack of transparency on the defined roles within the system; lack of support options for detecting conflicting authorisations and lack of insight into the general security configuration and confidentiality of data.

Our solution


SOFY Access Control monitors the effectiveness, follow-up and improvement of control activities. With a rigorous focus on control automation, risk simulation and root-cause analyses, more control assurance can be obtained while reducing the effort associated with these activities.

Monitor SoD conflicts

Monitor SoD conflicts

Monitor roles and access of users through reports on inactive users, super
users, users with critical data access and users with segregation of duty (SoD)
conflicts using the control set, selected for you based on
KPMG experience.
Monitor roles and access of users through reports on inactive users, super
users, users with critical data access and users with segregation of
duty (SoD) conflicts using the control set, selected for you based on
KPMG experience.

Simulate can-do conflicts

Simulate can-do conflicts

Simulate conflicts that users and their assigned role(s) can cause and
the impact of user and role change to prevent assigning conflicting roles and
to define what roles for which users need to be cleaned.
Simulate conflicts that users and their assigned role(s) can cause and
the impact of user and role change to prevent assigning conflicting roles
and to define what roles for which users need to be cleaned.

Simulate did-do conflicts

Simulate did-do conflicts

Simulate conflicts that users and their role(s) have caused through
did-do analysis and sanction users if undesired actions are taken.
Simulate conflicts that users and their role(s) have caused through
did-do analysis and sanction users if undesired actions are taken.

Analyse root cause

Analyse root cause

Analyse technical details of authorisation conflicts through conflict
deep-dive and identify the authorisation elements that cause the SoD conflict.
Analyse technical details of authorisation conflicts through conflict
deep-dive and identify the authorisation elements that cause the SoD conflict.

Access control monitoring in retail


Creating invoices and changing account numbers: two activities that, if performed by the same person, can easily conflict. This is only one example of conflicting roles a person can have within a system. Imagine controlling thousands of users and roles, as done by one of our retail clients. Owing to a large number of users, the client experienced a lack of transparency on the defined roles within its systems. This is where the client used SOFY Access Control Monitoring to enable instant identification and assessment of potential authorisation conflicts by leveraging a real-time automated monitoring solution. Through this, our client managed to reduce conflicting roles and improve its governance, risk and compliance. Using SOFY, the retailer is now in control over its access and compliant to regulations.