erpcyber

ERP Cyber Assessment

A clear picture of your ERP security posture. In weeks, not months.

Independent, structured, no disruption to operations. Risk-rated findings, a 90-day remediation roadmap, and a report your board can act on.

Get a scoping call →

Five domains

What gets assessed

01

System configuration & hardening

We check your ERP configuration against security baselines — parameter settings, profile values, default credentials, debug settings, and system-level exposures. This is where the most common and most exploitable gaps live.

02

Identity & access management

Who has access to what? We review your role design, privilege allocation, service account configuration, and access certification practices. We flag over-privileged roles, dormant accounts, and segregation of duties conflicts.

03

Interface & integration security

Every connection into and out of your ERP is a potential attack path. We assess API configurations, RFC connections, middleware settings, and third-party integration security.

04

Authentication & session security

How users authenticate matters as much as what they can access. We review SSO configuration, MFA enforcement, session timeout settings, and password policy implementation.

05

Monitoring & audit coverage

Can you see what's happening in your ERP? We assess your logging configuration, audit trail completeness, SIEM integration, and alerting coverage.

Platform coverage

Platform-specific assessments

Each ERP platform has a different security model. Our assessment adapts to the platform your organisation runs.

🔒

SAP specialist?

Our dedicated SAP cybersecurity practice covers S/4HANA, RISE, BTP, IAS/IAG and GRC in depth. Visit sapcyberx.com →

Oracle Fusion Cloud

Oracle Fusion presents a distinct security model — role-based access with inherited duty roles, data security policies, and a shared responsibility model. We assess role design, data security policies, audit configuration, and integration security against CIS benchmarks and NIST CSF.

Microsoft Dynamics 365

Dynamics 365 security spans Entra ID, Business Unit hierarchy, security roles, field-level security, and Power Platform governance. We assess the full stack — Entra ID configuration, D365 role design, Power Apps/Automate security, and Dataverse access controls.

TechnologyOne

TechnologyOne is embedded across Australian government, councils, universities, and healthcare. Often under-assessed. We review TechOne security configuration, user access design, integration security, and alignment with ASD Essential Eight.

NetSuite

NetSuite's SaaS model creates a shared responsibility boundary many customers don't fully understand. We assess role design, permission sets, saved search security, script and workflow access, and integration token governance.

Infor CloudSuite

Infor is widely used in AU mining, manufacturing, and food and beverage. We assess Infor security configuration, role design, ION integration security, and cloud infrastructure settings.

MYOB Acumatica

As the #1 rated ERP for Australian mid-market organisations, Acumatica security is an emerging priority. We assess user roles, access restrictions, audit logging, and integration security.

Pronto Xi

Pronto Xi is deeply embedded in Australian manufacturing and distribution. We assess Pronto security configuration, user access, and integration security for on-premise and cloud-hosted deployments.

Deliverables

What you receive

  • Risk register — every finding rated Critical / High / Medium / Low
  • Executive summary — one page, written for board and audit committee
  • Technical findings report — evidence-based, platform-specific
  • 90-day remediation roadmap — prioritised and sequenced
  • Debrief session — walkthrough with your security and IT teams
Book a scoping call →