SAP Ariba on SAP Infrastructure and Google Cloud Platform SOC 1 (ISAE 3402) Audit Report 2023 H2
SAP Ariba, an SAP Company, is a leading provider of on-demand spend management solutions. SAP Ariba ’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba ’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance. Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment.
The scope of this report covers the following primary data centers:
| DC Locations | DC Providers |
Council Bluffs, Iowa | Google Cloud Platform |
Sydney, Australia | Google Cloud Platform |
Frankfurt, Germany | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Shanghai, China | SAP Cloud Infrastructure |
Riyadh, Kingdom of Saudi Arabia | SAP Cloud Infrastructure |
Dubai, United Arab Emirates | SAP Cloud Infrastructure |
Shanghai, China | Co-Location Provider |
San Jose, California | Co-Location Provider |
Dubai, United Arab Emirates | Co-Location Provider |
SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, and evaluate the effect of the controls at the service organization on the user entities’ financial statements. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors). SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.
SAP Ariba has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. October 2022 to 30. September 2023.
The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Ariba customers who had productive and had financially-relevant systems during the audit period covered by the report.
SAP Ariba, an SAP Company, is a leading provider of on-demand spend management solutions. SAP Ariba ’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba ’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance. Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment.
The scope of this report covers the following primary data centers:
| DC Locations | DC Providers |
Council Bluffs, Iowa | Google Cloud Platform |
Sydney, Australia | Google Cloud Platform |
Frankfurt, Germany | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Shanghai, China | SAP Cloud Infrastructure |
Riyadh, Kingdom of Saudi Arabia | SAP Cloud Infrastructure |
Dubai, United Arab Emirates | SAP Cloud Infrastructure |
Shanghai, China | Co-Location Provider |
San Jose, California | Co-Location Provider |
Dubai, United Arab Emirates | Co-Location Provider |
SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, and evaluate the effect of the controls at the service organization on the user entities’ financial statements. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors). SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.
SAP Ariba has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. October 2022 to 30. September 2023.
The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Ariba customers who had productive and had financially-relevant systems during the audit period covered by the report.