Onapsis - Continually Protecting the Intelligent Enterprise
April 06, 2021

Onapsis - Continually Protecting the Intelligent Enterprise

Jineshwar Panchal | TrustRadius Reviewer
Score 9 out of 10
Vetted Review

Overall Satisfaction with Onapsis

Onapsis helps reduce regulatory compliance issues via an automated continuous compliance process for the IT controls related to regulations such as Sarbanes-Oxley (SOX), GDPR, PCI-DSS and others.

Eliminating this manual process improves the accuracy of results and frees up valuable resources to focus on other projects. We specifically are implementing the Onapsis Security Suite to continuously monitor, and alert us on any issues on the SAP systems.

Implementing the Onapsis Security Suite also eliminates rework on the year-end and month-end audits and helps in making the process faster, efficient and accurate, and in case there are violations in the compliances, Onapsis notifies the team via email regarding it.
  • Implement continuous compliance
  • Gain efficiencies
  • Reduced risk of non-compliance
  • Define specific audit policies
  • More accurate audits
  • Multiple UIs
  • No proper customization of UI log-off
  • Tedious setup of Control component
  • No proper error messages received
  • Helps in automating the regulatory compliances
  • Increases productivity by freeing resources in the firm
  • Provides better protection for sensitive information
  • Tedious to implement
  • Time difference between the ERP systems and Onapsis Appliances may cause an issue
  • Difficult to troubleshoot as error messages are not clear
There are other tools which we have compared with Onapsis,
  1. SAP ETD
  2. SAP CVA
  3. SecurityBridge
These tools along with the highlighted ones in the above list do not cover all components of Onapsis and as far as we have seen, there is no tool providing the same competencies. It provides good insights, and is constantly updating. On top of that Onapsis Research Labs constantly contributes towards SAP Patch Tuesday regarding multiple "Hot News" vulnerabilities.

Do you think Onapsis delivers good value for the price?


Are you happy with Onapsis's feature set?


Did Onapsis live up to sales and marketing promises?


Did implementation of Onapsis go as expected?


Would you buy Onapsis again?


Onapsis is divided into 4 major components,
  1. Assess
  2. Comply
  3. Defend
  4. Control
In assess, it does a whitebox and blackbox testing of the ERP systems that have been added to the Onapsis console. It highlights relevant application issues and automates the process, also provides the solutions to implement the fix.

In comply, it provides a governance on the various regulatory compliances which the firm has to follow, as well as provides a firm grip to the audit and ERP admin team.

In control, it enables a workflow of 15 pre-defined parameter values within the SAP system and helps monitor, and track the changes made to those parameters. The capabilities are to either block, or request for an approval for changes made to those parameters in addition to just monitoring them.

In defend, it goes through the SAP logs; and compares it with a pre-defined ruleset to alert the end-users via email or SIEM tool or both.