We came up with an unusual approach: Our Emergency Access Management software (EAM) is based on a web server application and connects to SAP via RFC. To start an emergency access, entitled users browse to ISPICIO_E (Intranet) and log-in with their individual credentials. Here they enter a reason and a ticket reference ID. After doing so, they obtain an one-time Superuser ID. In the background, ISPICIO_E creates a dedicated Emergency User and links it to the Security Audit Log (SAL). Then, ISPICIO_E checks continuously if the Superuser is still active. If not, ISPICIO_E deletes this particular Superuser again and downloads the SAL log file to the internal database. In the aftermath, a mandatory review of the Security Audit Log file is assigned to a reviewer for approval, which is documented, too.