The scope of this SOC report includes the SAP Cloud Platform services hosted in SAP SE's data centers St. Leon–Rot, Germany as well as in the co-location data centers in Sydney (Australia) and Ashburn (Virginia, USA)
SAP Cloud Platform is the SAP Business Application platform-as-a-Service (PaaS) offering, powered by SAP HANA®. As an essential part of SAP’s cloud strategy, it enables SAP and its partners and customers to develop, deploy, run, operate, and use applications in a cloud environment.
The cloud platform is built for enabling interoperability through openness and at the same time ensuring security and integrity required by applications operating in a distributed network environment.
SAP Cloud Platform is a multitenant public cloud offering which allows application providers, including SAP itself, to build lightweight, collaborative, network-oriented applications to complement and extend existing SAP solutions.
Additionally, SAP provides and operates Software-as-a-Service (SaaS) solutions on SAP Cloud Platform. Those also leverage the SAP Cloud Platform management system and operational controls. Therefore, everywhere in the document, where referred to SAP Cloud Platform, is meant all services, tools, applications, SaaS solutions, part of or running on SAP Cloud Platform, described in the chapter Technical Overview.
SAP Cloud Platform is a product implemented by SAP, and as such, it uses the Innovation Cycle framework for product and solution creation, certified with ISO-9001.SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system.
SOC 2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Cloud Platform has prepared SOC2 Type 1 audit report by an independent 3rd party accountant. This version of the report covers the audit period as of 30. April 2016, the location St. Leon–Rot, Germany as well as in the co-location data centers in Sydney (Australia) and Ashburn (Virginia, USA) and the trust principles Security and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP Cloud Platform customers who had productive and had financially-relevant systems during the audit period covered by the report.