Welcome to V/ergent

Onboarding guide

What V/ergent does, how to set up your team, and how to land a defensible first audit — usually inside week one.

1 What V/ergent is

An audit-grade intelligence platform for ERP & cloud security

V/ergent ingests configuration, identity, role, and transaction data from your ERP and cloud platforms (SAP, Oracle, Dynamics 365, NetSuite, Sage, AWS, Azure) and surfaces the security and SoD risks that actually matter — with provenance back to the file or record they came from. You get evidence-grade findings, not vibe-based scores.

Each finding includes severity, a defensible risk statement, the source it came from, and a remediation owner field. Reports export to Word and PDF.

2 Get your team in

Invite teammates so you all see the same audit history

You're the org admin for your organisation. Invite the rest of your team from /team — each invite sends a magic-link email; the recipient accepts the AUP, sets a password, and lands in your shared dashboard.

  • Audit runs are visible to every member of your organisation under Dashboard → All {your org} runs.
  • Only the original owner (or the org admin) can re-run, edit, or delete a project — teammates have read-only access.
  • Members can be promoted to admin from /team.
Open Team
3 Run your first audit

Project → Extract → Run → Report — usually under 30 minutes

  1. Create a project from your dashboard. Pick the platforms you want covered (SAP S/4HANA, SAP Business One, Oracle Fusion, D365, NetSuite, Sage Intacct, Sage X3, Sage 300 People, AWS, Azure).
  2. Get the extraction files. Every platform has a one-click Extract-Vergent<Platform>.ps1 PowerShell script that produces all the CSVs the audit engine needs — read-only, no changes are made to your systems. Where a slot can't be pulled via API or SQL (SAP Notes, payment-run history, IIS access logs, etc.), the script writes a placeholder CSV with a Note row pointing to the manual extract path; your IT team replaces those before upload. See the extraction guides.
  3. Upload the folder (bulk drop) or per-slot files and pick the Framework scope for the report — the multi-select on the audit wizard lets you scope citations to e.g. SOX + COSO + COBIT only for a SOX engagement, or to PCI DSS + DORA + NIS2 for a banking client. Leave all unchecked to show all 13 framework citations.
  4. Run the audit. Each run consumes one credit. Critical / High findings always render regardless of framework scope — only the citation table is filtered.
  5. Review findings. Filter by severity, domain, or platform. Mark false positives, assign remediation, attach evidence.
  6. Export the report as DOCX or PDF when you're ready to share with auditors or executives.
Tip. Run the same project again next quarter — V/ergent automatically computes drift against the previous baseline so you can show what got worse, what got better, and what's net-new.
Go to Dashboard Open extraction guides
4 Frameworks & mapping

Every finding cites up to 13 frameworks — out of the box, no configuration

V/ergent ships full mapping for the standards regulators and auditors actually inspect. The framework citation table appears on every finding card, on the run-detail page and in the exported report. 11 of 13 frameworks are at ≥75% mapped coverage; SOX ITGC and COSO 2013 are at 100%.

  • Governance & internal control — COSO 2013 (100%), COBIT 2019 (85%).
  • Cybersecurity / ITGC — NIST CSF 2.0 (78%), ISO/IEC 27001:2022 (90%), CIS v8 (78%), SOX ITGC (100%), SOC 2 Trust Services Criteria (88%).
  • Sector regulators — PCI DSS v4.0 (64%), HIPAA Security Rule (80%), EU DORA (87%), EU NIS2 (75%).
  • Data-protection regimes — GDPR (83%), Kenya Data Protection Act 2019 (70%).

You can filter findings by framework when scoping a specific audit (e.g. show me only the SOX-relevant findings, or the PCI DSS v4 ones). The published Check Packs page surfaces per-pack framework coverage so you know exactly what each bundle gives you.

Per-engagement framework scope. Each audit run captures its own framework-selection on the wizard (the Framework Scope panel above the Run Audit button). Scope is stored on the run record itself, so re-printing or re-exporting an old run preserves the original scope. A multi-platform group audit can run with all 13 selected; a SOX-only engagement can scope to SOX + COSO + COBIT only. Leave all unchecked for the legacy "show every citation" behaviour.

Release 5 programme packs (run alongside every per-platform audit)

  • AML / Wolfsberg Programme Controls (25 controls) — sanctions-list refresh, watchlist screening, PEP review, CTR/SAR filing timeliness, structuring detection, transaction-monitoring tuning, KYE staff screening, correspondent banking review. Wired into all 7 ERP connectors. Guide.
  • Cross-System SoD (50 multi-ERP rules) — the Onapsis-parity story. Detects fraud paths spanning SAP × Oracle × D365 × NetSuite × Sage × AWS × Azure that no single-system review will see (e.g. AP entry on SAP + payment release on Oracle, IAM admin on AWS + audit-log delete on Azure). Guide.
  • SAP Fraud Patterns (30 SAP-GRC-parity patterns) — STAD audit-log delete, debugger replace in PROD, transport release in PROD, BDC fast-input self-release, Z* shadow SAP_ALL, dormant SAP_ALL, posting-period unlock + GL post, vendor-bank + payment without dual approval. Guide.

All three packs run automatically as part of every audit — no separate setup step required. Cross-system SoD activates when an audit run includes 2+ platforms; the Banking-Extended pack adds Wolfsberg / FFIEC role-pair conflicts; Insurance and Healthcare verticals add NAIC / Solvency II and HIPAA / HITRUST role-pair conflicts respectively.

5 Credits, billing, and limits

One credit per audit run; buy what you need on the Billing page

  • Every audit run (single or cross-system) consumes one credit.
  • You can run as many audits as you have credits — no rate limits.
  • Need more? Top up via Stripe checkout on the Billing page, or pay by bank transfer and your Vergent admin will credit your account once funds are sighted.
  • Enterprise customers with signed agreements receive credits per the contract; ask your account manager if you'd like to top up mid-cycle or need a custom quote.
6 Acceptable use & client responsibilities

You own the data; we own the platform; we both know our roles

By accepting the Acceptable Use Policy at sign-up, you confirmed:

  • The Service is licensed for use against systems you are authorised to audit.
  • You retain full ownership of your data; we retain ownership of the platform's IP.
  • V/ergent surfaces evidence — your team interprets and acts on the findings.
  • Findings exports may include sensitive control detail; share them under your information-classification rules.

Your acceptance is recorded against your account. You can re-read the AUP at any time.

Read the AUP
7 Support & escalation

Real humans, in your time zone, inside one business day

  • Day-to-day questions: support@vergent.co.ke
  • Account / commercials: your assigned account manager (visible to your org admin under Admin → Organisations if your team has admin access).
  • Security disclosures: security@vergent.co.ke (PGP available on request).
  • Round-the-clock support extends to Manila and Bengaluru hubs for production-impacting issues.
Anything missing? Tell us at support@vergent.co.ke — this guide is updated based on what new clients tell us they wish they'd known sooner.