Do You Have Questions?

Since every environment is unique, MTC Skopos does not include a built-in ruleset.
Customers are encouraged to develop their own or engage our consulting services to create a ruleset tailored to their specific needs.

While we do provide a template ruleset as a starting point, it is essential that each customer reviews and adjusts it to align with their environment and business processes.

For more information, visit the Ruleset Maintenance section.

Standard support includes up to 4 hours of consulting services to address questions about tool functionality, ruleset development, reporting capabilities, and technical recommendations for enhancing access control in your environment.

MTC Skopos focuses on risk analysis, not visualization. For reporting, tools like Qlik, Tableau, and Power BI already do a great job. We provide a Power BI .pbix template so you can visualize your results without starting from scratch.

Yes, the engine is technically capable of performing risk analysis on any system.
However, enabling multi-system analysis requires transforming the data into a standardized format.
We offer consulting services to support you throughout this process.

MTC Skopos includes an "Info" tab alongside the risk analysis results, which displays the number of entries from each source table as well as the checksum of the ruleset file. This allows auditors to verify the integrity of the ruleset and ensure the accuracy of the data processed.

Traditional GRC tools require months of implementation and expensive infrastructure. MTC Skopos does four things they don't:

Pre-deployment simulation: Test role changes and user provisioning before applying them to production. See risk impact instantly instead of discovering conflicts afterward.

Algorithmic remediation: Automated fix recommendations ranked by business impact, so you're not guessing which changes will break operations.

Cross-system risk detection: Access combinations spanning SAP, treasury systems, and other ERPs. Single-system tools miss these entirely.

Desktop AI integration: Connect Claude Desktop, Copilot, and other AI assistants through Model Context Protocol. Your data stays local, no cloud uploads.

It also analyzes complete systems in minutes, not hours, and runs on a laptop.

As SAP Security Consultant, we work with SAP GRC Access Control on a daily basis and enjoy its functionalities.
While we recognize the strengths of SAP GRC Access Control; the ARA module falls short in terms of in-depth simulation and reporting capabilities.

We invite you to request a trial and see how MTC Skopos can provide deeper insights and enhanced analysis.

An SAP Security Consultant and a software architect. One knows what the tool needs to do, the other knows how to make it fast and reliable.

MTC Skopos came from working with enterprise security tools that were slow and painful to use. We knew ERP security inside out, so we built something that actually fits how consultants work: portable, fast, no infrastructure required.

Yes. MTC Skopos works for solo consultants and Fortune 500 audit teams alike.

No infrastructure needed

Enterprise GRC tools need servers, IT departments, and procurement processes. MTC Skopos is a desktop application. Download it, run it, analyze your client's system.

Works for independent professionals

Freelance SAP security consultants and small audit firms get the same analysis capabilities as the big consulting houses. Whether you're a solo consultant auditing a client's SAP system or a small firm serving multiple clients, you're running the same tool the large teams use.

Client-friendly deployment

Because MTC Skopos runs locally, there's no "can we install your cloud tool in our environment?" conversation. Your client's data stays on their premises or on your laptop during the audit, with no external uploads.

Try the tool free for a two-week trial period. Use it on your own data or request test data.

Pricing is determined by the features selected, with no limitations on the number of users or systems monitored.

• The Customized Solution come with the basic features 2'000 CHF/year for 1 users:
  • Risk analysis
  • User & Role Explorer
  • Additional features cost between 2'000 and 4'000 CHF/year
• The Complete Solution is available for 12'000 CHF/year for 3 users.

All updates will be made available during the validity of the license. Additional user licenses can be purchased for 500 CHF each.

The Single Project solution is designed for a single consulting engagement such as an IT audit, access risk assessment, or point-in-time remediation project for one end-customer. It gives you full access to all features for the duration of that project (6 months), and can be extended monthly if needed.

We want independent consultants to have access to proper GRC tooling without being priced out. The Freelancer plan exists so solo practitioners can compete on quality, not budget.

The Freelancer plan is available to solo practitioners or teams of up to 3 people. If your organization fits that profile, you qualify for the Freelancer pricing.

Privacy by design

Your authorization data (who can do what in your systems) is too sensitive to upload to someone else's servers. With MTC Skopos, it stays on your computer. No cloud uploads, no external servers, no telemetry.

Local-first means AI-ready

AI tools like Claude Desktop, Claude Code, and Copilot run locally on your desktop. Because MTC Skopos is also local, these AI assistants can access your analysis results through Model Context Protocol without your data leaving your machine.

Ask questions in natural language: "Which users have conflicting purchase and payment access?" or "Show me remediation options for treasury conflicts." You get answers from your actual data, with no cloud exposure.

Cloud platforms get in the way

With cloud GRC platforms, your data is locked behind their web interface. You can't connect your own AI tools because the data isn't on your machine.

Want to use Claude to analyze your SoD conflicts? You'd have to manually copy-paste data or export files, if the vendor even allows it. Cloud platforms decide how you use AI with your own data, and often charge extra for features you could already access yourself.

Open formats, no lock-in

We export everything in JSON, CSV, and Excel. Security consultants and analysts can use their own scripts, tools, and methodologies to work with the data. If you want to use Python for custom analysis or feed data into your own dashboards, nothing stops you.

Currently, only connections to SAP via RFC are supported. If you need to connect to another system, our development team can create a custom integration for you.

For RFC connections to SAP, we provide a custom function module that ensures maximum security.
Only the required tables can be extracted, and authority checks are built-in to restrict data extraction to authorized users.

We built MTC Skopos in Rust and profile every feature to eliminate bottlenecks. The result:

Single-user analysis: Under 1 second Full system analysis (10,000+ users): Minutes, not hours

This matters most during simulation. You can test dozens of provisioning scenarios in the time it takes traditional tools to run one analysis. When you're planning role changes or investigating conflicts, that speed difference changes how you work.