Abstract Enterprise Resource Planning (ERP) systems serve as critical infrastructure for modern organizations, yet their security assessment lacks standardized evaluation frameworks. This study develops and applies a structured Security Maturity Assessment Framework (SMAF) grounded in NIST Cybersecurity Framework (CSF) 2. 0 and ISO/IEC 27001: 2022 standards to evaluate eleven cloud-based and hybrid ERP platforms, including both full-suite ERP systems and widely adopted inventory and manufacturing management systems that serve as ERP alternatives for SMEs. Using a weighted multi-criteria decision analysis (MCDA) approach validated by expert surveys (n=47) and vendor documentation analysis, we assess security across five domains: authentication mechanisms, encryption protocols, access control models, vulnerability management, and compliance certifications. Our framework introduces quantifiable security maturity scores ranging from 1 (basic) to 5 (advanced), enabling objective comparison across platforms. Results indicate that enterprise-grade solutions (Oracle NetSuite OneWorld, SAP Business One Professional, Microsoft Dynamics 365) achieve consistently higher security maturity scores (=4. 63, =0. 17) compared to SME-targeted solutions (=2. 76, =0. 39), though small per-segment sample sizes (n=3 –4) limit formal statistical inference. We extend our analysis to emerging security paradigms including Zero-Trust Architecture (ZTA) integration, federated learning for privacy-preserving analytics, blockchain-based audit trails, and digital twin implementations for Industry 5. 0 alignment. The proposed SMAF provides organizations with an evidence-based methodology for ERP security evaluation, addressing a critical gap in both academic literature and practitioner guidance.
Qazi et al. (Fri,) studied this question.