GRC Tuesdays: Announcing SAP’s plans for a next ge...

T_Frenehard · ‎05-09-2023

Vishal Verma – Head of Solution Management, Risk, Compliance and Tax, and Jochen Thierer – Head of Development for Governance, Risk & Compliance at SAP announced today plans to roll out a next generation Governance, Risk, and Compliance platform, successor to its current SAP GRC solution in use by thousands of customers worldwide.

As highlighted in the Latest Trends in Governance, Risk, and Compliance Technology blog released a few weeks ago, in addition to global trends that impacted all processes and systems of the organization, there are also some underlying currents that are having a specific impact on GRC.

Such as the need for a more integrated approach to GRC, still being able to select best of breed when and where it makes sense, but also cross-system integration and the quest for autonomous and analytical GRC for instance.

To address this outlook, and to help companies future-proof their Governance, Risk, and Compliance processes and automation, SAP is announcing a new version of its GRC platform: SAP GRC edition for SAP HANA.

Building on over 20 years in market and thousands of satisfied customers across the globe and in all industries, and on its position as a leader in various reports such as Chartis RiskTech Quadrants or KuppingerCole Leadership Compass, and while SAP provides dedicated SaaS applications such as SAP Cloud Identity Access Governance and SAP Financial Compliance Management for instance, for customers preferring a private cloud or on-premise deployment it was time for SAP to reinvent GRC software to accompany customers for their challenges of the next decades.

Leveraging state of the art technologies and redesigned workflows and structure, this is precisely what SAP GRC edition for SAP HANA will offer.

From today until its release planned in Q1 2026, SAP will work with customers, partners and analysts to build SAP GRC edition for SAP HANA as a successor solution to its current SAP GRC version 12.0 platform that includes SAP Access Control, SAP Process Control and SAP Risk Management.

What can you expect?

* Improved user satisfaction thanks to consumer-grade user experience with SAP award winning SAP Fiori interface and fully redesigned business workflows for access governance, risk and control management

* Augmented decision making thanks to real-time insights and advanced visualization capabilities available at your fingertips turning casual users into GRC experts, and GRC experts into business advisors

* Future ready thanks to a fully redesigned technical and functional architecture making it easier to quickly adapt the platform to fulfil new regulatory requirements or business process adaptations

* Proactive risk management with integrated data-driven automation in every business process step providing a single contextualised perspective of the risks

* Effortless upgrade path from SAP GRC version 12.0 to SAP GRC edition for HANA so that you can start benefiting from all improvements, rapidly.

* The same dedication to GRC from SAP. As explained by Vishal Verma: “Our objective is to propose a long-term vision for GRC technology that customers can look forward to, and is fully inscribed within SAP’s strategy. We strongly believe that SAP GRC edition for SAP HANA will provide customers with the advanced technological platform they need to manage the business challenges they face in what will most likely continue to be an unprecedented time”. This dedication to the GRC topic was further reinforced by Jochen Thierer who resituated the new platform in the context of the long SAP GRC history “For over 2 decades now, SAP has supported customers on their GRC journey. With this new GRC built exclusively on SAP S/4HANA Foundation and SAP S/4HANA, we’re continuing this long-term partnership with them”.

* Within an open ecosystem of partners!

The new version has also been announced in SAP Note 3326989 - Announcement of the Upcoming Release of SAP Access Control, SAP Process Control and SAP Risk Management and is planned for the 1st quarter of 2026. Regular updates will be provided in the GRC Tuesdays blogs.

[Update 17/05/2023] Breaking news – upcoming release of additional SAP solutions for GRC has also just been announced!

In addition to the new version of the SAP GRC platform that includes SAP Access Control, SAP Process Control and SAP Risk Management mentioned in this blog, SAP has also just announced a new SAP S/4HANA version of SAP Audit Management, SAP Business Integrity Screening (previously known as SAP Fraud Management) and SAP Tax Compliance. This update is also planned for Q1 2026.

This means a complete new suite of solutions for Three Lines (of Defense) planned for early 2026!

In addition to being built exclusively on SAP S/4HANA Foundation and SAP S/4HANA, this new release will deliver a technical landscape harmonization and an effortless upgrade path for existing customers.

More details on SAP Note 3334350 - Announcement of the Upcoming Release of SAP assurance and compliance software for SAP S/4HANA

[Update February 2024] Mainstream Maintenance for version 12.0

As per SAP Note 3326989, mainstream maintenance timeline for SAP Access Control 12.0, SAP Process Control 12.0 and SAP Risk Management 12.0 will be until end of 2027, with extended maintenance until 2030, and customer-specific maintenance only from there onwards.

Note

The content in this blog post is all subject to change and may be changed by SAP at any time for any reason without notice. The information in this blog post is not a commitment, promise or legal obligation to deliver any material, code or functionality. This blog post is for informational purposes and may not be incorporated into a contract.

stefanmirkowski · ‎05-10-2023

Where can I find the GRC Tuesdays blogs? Are these the blogs tagged "GRC Tuesdays blogs"?

kivancaktas · ‎05-10-2023

It is a tag for blog series, you can click the tag or follow this URL : https://blogs.sap.com/tag/grctuesdays/

Tiberius · ‎05-10-2023

Is it going to be on-prem or cloud ?

Martin1 · ‎05-10-2023

Hi Thomas,

So what does it mean for customers that are planning on moving their GRC 12.0 to the current available S/4HANA Foundation Edition for GRC?

Thanks.

Martin

T_Frenehard · ‎05-10-2023

Hello tibbybch,

Thank you for your question.

The plan is to have this offering available both for private cloud or on-premise deployment.

Kind regards,

Thomas

T_Frenehard · ‎05-11-2023

Hello Martin,

Thank you for your comment.

I've taken note of your question and have reached out to the colleagues. The feedback is that customers on SAP GRC 12.0 for S/4HANA will be able to upgrade to the new version as well.

Kind regards,

Thomas

a_warren · ‎05-24-2023

Would the new version of GRC for HANA incorporate the connectivity to Cloud systems or would it still require the IAG Integration edition to connect them?

T_Frenehard · ‎05-24-2023

Hello a_warren,

First of all, thank you for your comment.

At this stage, the intent is to deliver the same functional scope.

As a result, SAP Identity Access Governance, integration edition would still be required to extend SAP Access Control to Cloud solutions.

I trust this answers your question.

Thank you and kind regards,

Thomas

Martin1 · ‎05-24-2023

Thanks Thomas for confirming!

secure_sap · ‎06-01-2023

Hi..would this support third party non SAP IGA solutions to integrate. How does the solution leverages data from a third party non SAP IGA platform that may be running organization wise JML controls for all enterprise apps.

Many Thanks,

Arijit

secure_sap · ‎06-01-2023

Hi..does its supports integration with Non SAP third party solutions. how does the solution integrates with a non SAP Identity Governance solution that drives entire JML control for all enterprise apps across the organization

T_Frenehard · ‎06-01-2023

Hello secure_sap,

Thank you for your comments on this blog.

As mentioned in response to another question above, at this stage, the intent is to deliver the same functional scope - including for SAP Access Control.

The same extension options will therefore apply, including being able to leverage SAP Access Violation Management by Pathlock to extend the capabilities of the SAP Access Control across business applications and IT systems (SAP and third-party applications).

Kind regards

Thomas

mani_sekaran_muthu · ‎06-04-2023

Thomas,

Please fix this - change the second SAP S/4HANA below to SAP HANA:

"In addition to being built exclusively on SAP S/4HANA Foundation and SAP S/4HANA..."

Thanks.

T_Frenehard · ‎06-05-2023

Hello,

Thank you for your comment.

I've reached out to Product Management colleagues, and they have confirmed that the new versions of SAP GRC solutions will be add-ons to the S/4HANA product. Hence the statement that they are built exclusively on SAP S/4HANA Foundation and SAP S/4HANA is accurate.

Kind regards,

Thomas

Siddhesh_Pai · ‎06-06-2023

Informative Article!

So, can we say that SAP GRC edition for SAP HANA will be leveraging the Machine learning and AI capabilities which IAG uses. Also, will this edition cater to On Premise and Private Cloud only, or it can be extended to SAP S/4 HANA Public cloud as well ?

Thanks,

Siddhesh Pai

T_Frenehard · ‎06-07-2023

Dear siddheshpai07,

First of all, thank you for your kind comment. I am glad to read that you found this post informative.

Concerning leveraging AI for SAP GRC solutions, there are Future Directions investigations for the individual solutions to include more advanced capabilities such as Machine Learning for instance. But, for the new version announced in this blog, the intent is to deliver the same functional scope at this stage.

In case you'd like to hear more about recent enhancements and roadmap plans for the individual SAP GRC solutions, I would recommend registering to the following webinars:

* Recent innovations in SAP Access Control: https://event.on24.com/wcc/r/4225747/CA6694DC5A4FCDA31B0C4861B9821635

* Recent deliverable and Roadmap for SAP Process Control and Risk Management: https://event.on24.com/wcc/r/4251311/E218CEC3ADD5AE4875D70E2888AAD105

Concerning your second question on the deployment model, this new version is planned on being available both OnPremise and in Private Cloud.

For Public Cloud, we will continue addressing this model with dedicated solutions, such as SAP Cloud Identity Access Governance or SAP Financial Compliance Management.

I trust this answers your questions.

Kind regards,

Thomas

Siddhesh_Pai · ‎06-07-2023

Thanks a bunch for the detailed answer thomas.frenehard !

Glad to know about these open events as well which SAP is organizing. Could you provide more information where we can get further notifications about these events, so that I can already keep a watch for the future events!

Thanks a lot in advance!

Regards,

Siddhesh Pai

T_Frenehard · ‎06-07-2023

Hi siddheshpai07,

Thank you for your reply and great question indeed!

You can subscribe to receive updates from the SAP Finance & Quote-to-Cash Community at the following location: https://www.sap.com/cmp/nl/finance-quote-to-cash-enablement-nl/index.html

This community brings customers and partners the latest news on product releases and upcoming enablement webcasts for Finance but also Governance Risk & Compliance (GRC), Billing Invoicing & Revenue Management (BRIM), and Configure Price Quote (CPQ) solutions.

I trust this helps!

Kind regards,

Thomas

Siddhesh_Pai · ‎06-08-2023

Thanks thomas.frenehard , this definitely helps! Looking forward to see more innovations in this space!

Cheers,

Siddhesh Pai

former_member472531 · ‎06-22-2023

Thank you Thomas!

Customers planning to move now or prior to Q1 2026 from the regular on prem. / non-S/4 HANA version of SAP GRC SUite v12 to the S/4 HANA version will have to treat it as a migration. is that correct to assume? Will this change in 2026?

Best regards

Maxim

T_Frenehard · ‎06-22-2023

Hi maxim.chuprunov,

Thank you for your question.

As you correctly mentioned, going from “classic” SAP GRC version 12.0 to the S/4HANA version requires a conversion as described in the conversion guide. Data migration might also need to be considered depending on the case, for instance, database in use.

The intent for the future version is to provide an upgrade path for both customers of “classic” versions and S/4HANA versions. Of course, this is still a work in progress and details are not defined yet at this stage.

I hope this answers your question.

Kind regards,

Thomas

former_member472531 · ‎06-23-2023

Thank you Thomas! I understand that anything related to the future version is WIP. For the currently available GRC versions and based on the link you have provided, 2 use cases seem to be relevant:

if customer decides to keep SAP GRC Suite as a separate landscape. conversion to SAP S/4HANA foundation is possible. The GRC software versions are different however (I see GRFND_A V8100 vs. GRFND_A V1200), is this conversion supposed to work now? If yes - are there known customer reference cases?

in case if customer decides to save on maintenance cost and add GRC to the new S/4 HANA landscape, GRC master data (Access Control, Process Control, Risk Management) has to be migrated.

Thank you & regards

Maxim

T_Frenehard · ‎06-24-2023

Hi Maxim,

Since this is not directly related to the blog concerning the new version and that I am not the subject expert on the matter, I'll take this question offline and will reach out to you directly.

Thank you for your understanding.

Kind regards,

Thomas

T_Frenehard · ‎02-23-2024

Update February 2024:

As per SAP Note 3326989, mainstream maintenance timeline for SAP Access Control 12.0, SAP Process Control 12.0 and SAP Risk Management 12.0 will be until end of 2027, with extended maintenance until 2030, and customer-specific maintenance only from there onwards.

CathStewart · ‎03-19-2024

Hi Thomas - what should I look for on the PAM to show the upgrade path from SAP GRC version 12.0 to SAP GRC edition for SAP HANA? As of now, it just shows the EOM as 31.12.2027 and no successor product versions. The details are WIP, but the information on the PAM would clarify the promotion. Thank you.

T_Frenehard · ‎03-24-2024

Hello @CathStewart,

SAP GRC edition for SAP HANA is in development at this stage and planned for the 1st quarter of 2026. As a result, upgrade information will only be published - and Product Availability Matrix updated - when the work is finalized and the version is released.

Kind regards,

Thomas

rbezaire · ‎03-28-2024

Can you confirm that SAP GRC edition for SAP HANA will have an End of Maintenance date of at least 2040? I have a major S/4HANA project sponsor asking the question due to EOM date of 2027/12/31 for GRC 12.0 (I know it is planned to be moved to 2028/12/31). The question is being asked because everything else being implemented by the project has EOM of at least 2040/12/31.

Thanks,

Rob

T_Frenehard · ‎04-02-2024

Hi @rbezaire,

First of all, thank you for your comment and question.

Concerning maintenance of version 12.0, as mentioned in an update from February 2024 in a comment: as per SAP Note 3326989, mainstream maintenance timeline for SAP Access Control 12.0, SAP Process Control 12.0 and SAP Risk Management 12.0 will be until end of 2027, with extended maintenance until 2030, and customer-specific maintenance only from there onwards.

Concerning SAP GRC edition for SAP HANA, since it has not yet been launched, maintenance planning has not yet been set and will only be released when the solution is available in the Product Availability Matrix once it is live.

I will of course post another comment when the solution is available in the Product Availability Matrix.

Kind regards,

Thomas

rbezaire · ‎04-02-2024

Hi Thomas,

Thanks for the response and I understand that you cannot provide an EOM date for software that has not yet been released. The problem is that an EOM date has been set for 12.0 with no existing successor with a corresponding EOM date. Given that our S/4HANA project is implementing GRC 12.0, the sponsor is not going to be happy that there are no assurances that the SAP GRC edition for SAP HANA will have any durability when all other components are understood to have 2040 EOM dates.

It's not a good message but I will let the project sponsor know that he is implementing a product with a 3-year sunset date and that SAP cannot provide any assurance on the life span of the successor under development.

Thanks,

Rob

marie-luise_wagener3 · ‎04-03-2024

Hi Rob,

We are actually not sunsetting anything, which you can hopefully tell based on our new product release.

And while we cannot yet give a definite answer on end of maintenance for the new product, kindly be assured that we will share the details as soon as they are available.

We will always give our customers sufficient time to plan ahead (that is why we share updates at the earliest possible with not having all details available such as EOM, or naming, etc.) and have no intention to leave any customer behind.

Be assured, that the new product release is intended to stay, just as the history and evolution of our GRC products demonstrates.

Thanks for your kind understanding,

marie-luise