SAP Enterprise Cloud Services SOC 1 Audit Report 2026 Q1 / 2026 H1

To accommodate the diverse financial reporting periods of our global customer base, this product follows a quarterly rolling audit cycle rather than a standard half-year cycle. Each SOC 1 audit report covers a six-month period, but reports are issued every quarter on a rolling basis, ensuring continuous coverage throughout the year. As a result, you will notice that some reports are labeled by half-year (e.g., H1 2026, covering October 1, 2025 – March 31, 2026) while others are labeled by quarter (e.g., Q2 2026, covering January 1, 2026 – June 30, 2026). This naming convention reflects the quarter in which the report is issued, not the length of the coverage period—each report consistently covers six months. This approach ensures that regardless of when your fiscal year begins or ends, a current audit report aligning with your reporting needs is always available.

SAP Enterprise Cloud Services (ECS) includes the following Active Offerings area:

SAP Cloud ERP Private (successor of RISE with SAP S/4HANA Cloud, private edition, premium

SAP Cloud ERP Private, tailored option ( successor of RISE with SAP S/4HANA Cloud Private Edition, core, tailored option)

SAP Cloud ERP Private, base option (successor of RISE with SAP S/4 HANA Cloud Private Edition, base.

SAP Cloud ERP Private, limited option

  • RISE with SAP S/4HANA Cloud, Private Edition Premium

  • RISE with SAP S/4HANA Cloud, Private Cloud, Tailored Option including Customer Data Center Option

  • SAP ERP, Private Cloud Edition, Tailored Option

  • SAP HANA Enterprise Cloud Credit & Overage, Advanced Edition including Customer Data Center Option Bring your own license (BYOL)

  • SAP S/4HANA Cloud, Extended Edition

  • Single Tenant Edition

  • Cloud Private Option

  • Cloud Private Edition

  • SAP Credit & Overage HANA Enterprise Cloud Advanced Edition (Subscription)

  • SAP HANA Enterprise Cloud Advanced Edition (Subscription)

  • SAP HANA Enterprise Cloud Classic (Subscription and BYOL)

The following Data Centers are used by SAP Enterprise Cloud Services:

  • Australia: Sydney

  • Canada: Toronto

  • Germany: Frankfurt 

  • Germany: St. Leon-Rot 

  • Germany: Walldorf

  • Japan: Osaka

  • Japan: Tokyo 

  • Netherlands: Amsterdam 

  • USA: Ashburn, VA

  • USA: Colorado Springs, CO

  • USA: Santa Clara, CA 

  • USA: Sterling, VA 

  • Asia-Pacific (Malaysia)

  • Australia: Canberra

  • Australia: Melbourne 

  • Australia: New South Wales 

  • Australia: Sydney 

  • Australia: Victoria 

  • Bahrain 

  • Belgium: St. Ghislain 

  • Brazil: Rio de Janeiro 

  • Brazil: São Paulo 

  • Canada: Calgary 

  • Canada: Central 

  • Canada: Montreal 

  • Canada: Quebec City 

  • Canada: Toronto 

  • Chile: Santiago 

  • China: Beijing 

  • China: Hebei 

  • China: Hong Kong 

  • China: Jiangsu 

  • China: Ningxia 

  • China: Shanghai 

  • Dammam (Saudi Arabia) 

  • Finland: Hamina 

  • France: Marseille 

  • France: Paris 

  • Germany: Berlin 

  • Germany: Frankfurt 

  • Germany: North

  • India: Chennai

  • India: Delhi

  • India: Hyderabad 

  • India: Mumbai 

  • India: Pune 

  • Indonesia: Jakarta 

  • Ireland 

  • Ireland: Dublin 

  • Israel 

  • Israel: Tel Aviv 

  • Italy: Milan 

  • Italy: Turin 

  • Japan: Osaka 

  • Japan: Tokyo 

  • Mexico: Querétaro 

  • Netherlands: Amsterdam 

  • Netherlands: Eemshaven 

  • New Zeeland North/Auckland 

  • Norway: Oslo 

  • Norway: Stavanger 

  • Poland: Warsaw 

  • Qatar: Doha 

  • Singapore 

  • Singapore: Jurong West 

  • South Africa: Cape Town 

  • South Africa: Johannesburg 

  • South Korea: Busan 

  • South Korea: Seoul 

  • Spain 

  • Spain: Madrid 

  • Sweden: Gävle 

  • Sweden: Stockholm

  • Switzerland: Zürich

  • Taiwan: Changhua County

  • Thailand: Bangkok 

  • UK: Cardiff 

  • UK: London 

  • United Arab Emirates 

  • United Arab Emirates: Abu Dhabi 

  • United Arab Emirates: Dubai 

  • USA: Arizona 

  • USA: Ashburn, VA 

  • USA: California 

  • USA: Columbus, OH 

  • USA: Council Bluffs, IA 

  • USA: Dallas, TX 

  • USA: Illinois 

  • USA: Iowa 

  • USA: Las Vegas, NV 

  • USA: Los Angeles, CA 

  • USA: Moncks Corner, SC 

  • USA: N. Virginia 

  • USA: Ohio 

  • USA: Oregon 

  • USA: Quincy, WA 

  • USA: Salt Lake City, UT 

  • USA: Texas 

  • USA: The Dalles, OR 

  • USA: Virginia

SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, under Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors).  Please note that this examination's scope does not include the controls and related control objectives of any subservice organizations. SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.

 

SAP Enterprise Cloud Services has prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period October 1, 2025 to March 31, 2026.

 

The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Enterprise Cloud Services customers who had productive and had financially-relevant systems during the audit period covered by the report.