Compliance Enforcer (CE)

The big picture

To ensure and verify the conformity with the Sarbanes-Oxley-Guidelines (SOX) and other regulatory law specifications, an enterprise has to install, document and proove internal controlling mechanisms. SUIM’s Compliance Enforcer is the tool to ensure and proof the conformity with regulatory law specifications. It does not only consider the potential risks caused by changes but analyzes the information about occurred risks from Application Tracer data as well .

In combination with SUIM’s Access Manager or Identity Manager, SUIM’s Compliance Enforcer works as an “integrated permanent system investigator”. It verifies in real time every mapping of an authorization element based on the stored rules and standards and identifies developing risks.

What is CE used for?

SUIM’s Compliance Enforcer allows the verification of the entire SAP portfolio from a central system. The results are displayed and stored centrally.

CE goes further than to check authorization objects, roles and BW-profile-values. By checking system parameters and the integration of an open interface for Non SAP-Systems, SUIM’s Compliance Enforcer is a  comprehensive solution for all IT Controls.



The use of trusted RFC for communication between the central and client systems is recommended, but is not a requirement. It is also possible to use a technical user. However, it is strongly advised not to use a dialog user as a technical user.

The use of trusted RFC ensures that the user who performs CE remote functions on a source system is also logged on to the remote system with his or her user.

Technical requirements

SUIM’s Compliance Enforcer consists of a central Package to be imported on your Central System, and of a small client package to be imported on each satelite system.

In order for CE to be fully utilized, the release of the central system on which it is operated should be in the minimum NetWeaver 7.3.

The release level of the client systems does not affect the functionality of CE, but should still be in the minimum SAP 7.3.

Non-SAP systems could be integrated using the open API for rules. These custom developments are not part of the delivered product.