Product Overview & Competitive Analysis
The smarter way to detect
SAP S/4HANA access risk
Zero-install, upload-based SOD analysis for SAP S/4HANA. 317 pre-built rules across every S/4HANA module — instantly deployable, no consultants required.
317
Pre-Built Rules
398
SAP TCodes Mapped
129
Auth Objects Covered
24
S/4HANA Modules
12
Industry Risk Profiles
105
Critical Risk Rules
Why SODPulse
Built different. Deployed in minutes.
No SAP system access needed. No professional services. No annual license negotiation.
Zero-Install Analysis
Upload your SAP authorization export via browser. No agents, no connectors, no SAP system access required. Analysis runs in seconds — not days.
317 Pre-Built Rules
Every rule hand-engineered against real SAP S/4HANA auth objects and field values. Not generic policy templates — precise tCode + auth object + field + value combinations. Industry-specific rules are packaged as separate IS Solution packs applied per org. Oil & Gas (25 rules) and IS Retail (30 rules) are live. Utilities, Pharma, and more are in development.
Broad Industry Coverage
Two live IS Solution packs: Oil & Gas (25 rules — IS-OIL, JVA, Excise, HSE, Pipeline) and IS Retail (30 rules — POS, MM/Retail, Inventory, Pricing, Loyalty). Additional packs (Utilities, Pharma) in development. One platform that grows with your client portfolio.
Multi-Tenant SaaS
Serve multiple client organisations from a single platform. Tenant isolation, tiered subscriptions, custom branding per organisation — ready for reseller models.
Auth-Object Precision
Checks not just tCodes but 129 distinct SAP authorization objects, specific fields (ACTVT, BWART, BEWTP, RLTYP, INFTY…), and risky value combinations — eliminating false positives.
Instant Executive Reports
One-click reports for Board, CISO, and Audit Committee. Risk heat maps, user violation summaries, process-level breakdowns — all formatted for non-technical stakeholders.
Market Comparison
SODPulse vs. the alternatives
How we compare against leading GRC, advisory, and identity governance solutions.
| Feature / Criterion |
SODPulse
Quantum Technologies
|
ERP Vendor
Native GRC Module
|
Big 4 Firm
Advisory Tool
|
GRC Vendor A
Cloud Platform
|
GRC Vendor B
GRC Automation
|
IGA Vendor
IGA Platform
|
|---|---|---|---|---|---|---|
| Deployment & Setup | ||||||
| Time to First ResultsFrom procurement to live analysis | Minutes | 6–18 months | Weeks (engagement) | 2–6 months | Weeks–months | 6–12 months |
| SAP System Connectivity RequiredLive RFC / API connection to SAP | Not Required | Mandatory | Required for live | Mandatory | Required | Mandatory |
| Professional Services RequiredImplementation / consulting fees | None | $200K–$800K+ | Engagement-based | $50K–$200K | Moderate | $150K–$500K+ |
| On-Premise FootprintServer / agent installation | Zero | Heavy on-prem | Client-side | Cloud hybrid | Cloud | Cloud |
| SOD Ruleset Quality | ||||||
| Pre-Built SOD RulesOut-of-box, no customisation needed | 317 Rules | ~180 (generic) | Varies by engagement | Large library (generic) | ~150+ | Policy-based |
| Auth Object + Field PrecisionRules check specific SAP auth fields & values | ✓129 objects | ✓ | Partial | ✓ | Partial | Role-based |
| Custom Z/Y-TCode MappingMap org-specific Z/Y transaction codes to standard SAP equivalents | ✓ | Config-heavy | ✗ | Limited | ✗ | ✗ |
| S/4HANA-Specific RulesNot ECC rules reused for S/4HANA | S/4HANA Native | Mixed ECC+S4 | Client-defined | Mixed | Mixed | IGA-focused |
| Industry-Specific RulesO&G (25 rules) & IS Retail (30 rules) live · Utilities, Pharma in development | O&G · Auto · Mfg | Generic + IS add-ons | Engagement scope | Add-on packs | Limited | Limited |
| EHS / PS / Kanban / EDI CoverageNon-core modules often missed | ✓ | Partial | ✗ | Partial | ✗ | ✗ |
| Platform Capabilities | ||||||
| Multi-Tenant ArchitectureServe multiple clients from one platform | ✓ | ✗ | ✗ | ✓ | Limited | ✓ |
| Subscription Tier ManagementDemo / Full / Expired tiers per tenant | ✓ | ✗ | ✗ | Enterprise-only | ✗ | Enterprise-only |
| Executive / Board ReportsNon-technical stakeholder output | ✓ | Configurable | ✓ | ✓ | Basic | ✓ |
| User-Level Violation Drill-DownPer-user, per-rule, per-transaction detail | ✓ | ✓ | Report-based | ✓ | ✓ | ✓ |
| Data Isolation & Tenant PrivacyEach client's data is fully isolated — no cross-tenant visibility, no third-party data sharing | ✓ Full isolation | Depends on config | Advisory model | Shared cloud | Shared cloud | Shared cloud |
| Role-Based Access Control (RBAC)Admin, org admin, user tiers | ✓ | ✓ | ✗ | ✓ | ✓ | ✓ |
| Commercial Model | ||||||
| Total Cost of Ownership (3-year)License + implementation + services | Low | $500K–$2M+ | Engagement-based | $150K–$500K | $80K–$250K | $300K–$1M+ |
| SaaS / Subscription ModelPredictable recurring pricing | ✓ | Perpetual + maint. | Project fees | ✓ | ✓ | ✓ |
| SME / Mid-Market AccessibleUnder $50K total cost realistic | ✓ | ✗ | ✗ | ✗ | Emerging | ✗ |
* Competitor data based on publicly available information, analyst reports, and vendor documentation as of Q1 2026. Pricing and features subject to change.
S/4HANA Coverage
24 modules. Deep process coverage.
317 rules spanning 24 SAP S/4HANA modules — from core FI to EHS, from PP-PI to Kanban. Additional modules on the roadmap.
Financial Accounting (FI)
GL · AP · AR · Bank · Period Close
32
Controlling (CO)
CCA · IO · CO-PC · CO-PA
25
Project Systems (PS)
WBS · Budgets · Settlement · Networks
5
Treasury (TR)
Cash · Deals · Money Markets
15
Asset Accounting (FI-AA)
Acquisition · Depreciation · Retirement
15
Procure-to-Pay (P2P)
PR · PO · GR · Invoice · Payment
19
Materials Management (MM)
Inventory · Valuation · Batch · EDI
15
Logistics Execution (LE / WM)
Outbound Delivery · WM · Shipping
12
Production Planning (PP)
Discrete · Repetitive · Process · Kanban
24
Process Industries (PP-PI)
Process Orders · COGI · Backflush
5
Quality Management (QM)
Inspection · Usage Decision · Notification
11
Plant Maintenance (PM)
Work Orders · Equipment · Costs
10
Sales & Distribution (SD)
Orders · Billing · Rebates · Warranty
17
Order-to-Cash (O2C)
Revenue · Contracts · Collections
12
Human Capital Mgmt (HCM)
Payroll · HR Master · Leave · Benefits
20
Basis / Security (BC)
User Admin · Transport · Debug · HANA
21
EHS (Environment Health & Safety)
Incidents · Dangerous Goods
2
IS-Auto (Automotive)
JIT · Kanban · Recall · Warranty · EDI
Roadmap
IS-OG (Oil & Gas) INDUSTRY PACK
IS-OIL · JVA · Excise · HSE · Pipeline
25
IS Retail INDUSTRY PACK
POS · MM/Retail · Inventory · Pricing · Loyalty
30
Variant Configuration (VC)
Characteristics · Classes · BOM · Config Profile
Roadmap
RE-FX (Real Estate)
Lease contracts · Property management
3
Transportation Mgmt (TM)
Freight orders · Carrier selection
Roadmap
Global Trade Services (GTS)
Export compliance · Sanctions screening
Roadmap
Service Management (SM)
Service orders · Contracts · Billing
Roadmap
🔴 Roadmap modules: scheduled for v2.0 release. All currently covered modules are production-ready and validated.
Industry Applicability
Built for your client portfolio
SODPulse includes two live IS Solution packs: Oil & Gas (25 rules, covering IS-OIL, JVA, Excise, HSE, Pipeline) and IS Retail (30 rules, covering POS, MM/Retail, inventory, pricing). Utilities, Pharma, and more are in development.
Discrete Manufacturing
Full Coverage
FIPPMMQM
PMSDCOPSVC
Key risks: production order fraud, BOM cost manipulation, QC bypass, phantom GR
Oil & Gas / Refining
Full Coverage
FIPP-PIMMPS
PMCOEHSIS-OGQM
Key risks: process order yield fraud, excise duty evasion, CAPEX project inflation, batch reclassification
Automotive
Full Coverage
PPSDMMLE
QMSDEDIPP
Key risks: JIT call fraud, warranty claim inflation, recall settlement abuse, scheduling agreement manipulation
Pharmaceuticals
IS Pack: Roadmap
FIPP-PIQMMM
SDEHSCO
Key risks: batch release bypass, inspection plan manipulation, usage decision fraud, GDP non-compliance
Utilities & Energy
IS Pack: Roadmap
FIPMMMPS
COEHSTR
Key risks: CAPEX project fraud, maintenance order manipulation, EHS incident suppression, asset retirement
Construction / EPC
Core Rules Apply
FIPSMMPM
COHCM
Key risks: WBS cost inflation, project budget manipulation, phantom contractor payments, subcontractor PO fraud
Retail / Consumer Goods
IS Pack: Roadmap
FIMMSDLE
WMCO
Key risks: vendor invoice fraud, pricing manipulation, delivery-billing bypass, markdown abuse
Financial Services
Core Rules Apply
FITRCOHCM
BC
Key risks: payment fraud, treasury deal manipulation, intercompany posting abuse, payroll ghost employees
Public Sector / Government
Core Rules Apply
FIMMHCMBC
PSCO
Key risks: procurement fraud, ghost employee payroll, budget manipulation, vendor bank account changes
Chemicals
Core Rules Apply
FIPP-PIQMMM
EHSCOIS-OG
Key risks: dangerous goods classification fraud, batch characteristic manipulation, REACH compliance bypass
Healthcare
Core Rules Apply
FIMMHCMQM
COBC
Key risks: procurement fraud, medical supply diversion, payroll fraud, patient data access (BC)
Professional Services
Core Rules Apply
FIPSCOHCM
SDBC
Key risks: project cost padding, revenue recognition fraud, timesheet manipulation, billing rate override
Rule Breakdown
317 rules across 15+ processes
Mapped to SAP process areas for structured audit reporting.
Financial Accounting (FI)
32
Production Planning (PP)
20
Human Capital Mgmt (HCM)
20
Procure-to-Pay (P2P)
19
Controlling (CO)
16
Materials Mgmt (MM)
15
Order-to-Cash (O2C)
12
Basis / Security (BC)
12
Sales & Distribution (SD)
12
Plant Maintenance (PM)
10
Logistics Execution (LE)
8
Quality Management (QM)
8
Project Systems (PS)
5
Asset Accounting (FI-AA)
5
Treasury (TR)
5
Risk Distribution
105 Critical. 125 High. 32 Medium.
Every rule classified by financial and compliance impact.
Critical
105
41%
High
125
46%
Medium
32
13%
Compliance Framework Alignment
SODPulse rule classifications are designed to align as closely as possible with SOX Section 302 & 404, COSO Internal Controls Framework, SECP Listed Companies regulations, NBFI guidelines, and ISO 27001 access control requirements — based on publicly available best practices. The application is not independently certified against these standards & is entirely based on Best practices / Ai analytical research.
Technical Precision: What Others Miss
SODPulse checks 12 distinct authorization fields beyond just ACTVT — including BWART (movement type), BEWTP (valuation), RLTYP (BP role type), INFTY (HR infotype), AUART (order type), and more. Most tools only check activity codes, missing 38+ rule conditions that require field-level specificity.
Technical Architecture
Built on Firebase. Deployed globally.
Enterprise-grade infrastructure with zero on-premise footprint.
Firebase / GCP Infrastructure
Hosted on Firebase Hosting + Firestore + Cloud Functions. SOC 2 compliant infrastructure. 99.95% SLA. Globally distributed CDN with sub-100ms load times.
Data Security Model
Authorization data is processed in the browser and never persisted server-side. Tenant isolation enforced at Firestore security rule level. Admin SDK-controlled user provisioning.
Input Format Flexibility
Accepts Excel (.xlsx, .xls) and CSV exports from SAP SE16N or any AGR_1251-based extract. Handles UTF-8 BOM, missing columns, and non-standard field orders gracefully. Custom Z/Y-TCode mapping is supported at the org level — administrators map organisation-specific transaction codes (e.g.
ZMM01 → MM01) so custom T-Codes are correctly evaluated against the full rule set. Exact-match substitution; wildcard matching not supported.Multi-Tenant Management
Separate organisations per client. Admin portal for user management, subscription tiers, custom branding, org settings. Org registration supports flagging of SAP IS Solutions (Oil & Gas, Automotive, etc.) to apply relevant rule packs. Demo, Full, and Expired access tiers with configurable durations.
Report Outputs
Executive summary, user violation detail, process-level breakdown, risk heat map. Excel export for audit trail. All reports printable to PDF. Embeddable charts for board packs.
Roadmap — v2.0
Planned: IS Packs for Utilities, Pharma, FMCG, Financial Services · Org-level rule enable/disable · SAP IS Solution flagging on Org Registration · Custom T-Code mapping (Z/Y-codes mapped to standard equivalents, org-level) · TM, GTS, SM modules · Role-level analysis · Mitigation register · Run delta comparison · Fiori OData rules · SAP ECC compatibility · Compliance tagging.