SAP LeanIX SOC 2 Audit Report 2024
The SAP LeanIX Enterprise Architecture Management (EAM) enables enterprise architects to establish and sustain a transparent as-is IT landscape, plan roadmaps in the context of the business objectives, and execute transformation programs. Enterprise Architecture teams using SAP LeanIX EAM have the power to strategically support their business, make decisions faster, and efficiently mitigate technology risks. Consisting of three product modules, EAM is based on the core module of Application Portfolio Management (APM) providing real-time overviews of a company’s IT landscape and business capabilities. One optional module, Technology Risk Management, allows early detection of risks arising from obsolete IT components which impact applications. The other optional module, Business Transformation Management (BTM) helps business and IT teams to collaboratively model to-be architectures of transformation initiatives and their impacts on the IT landscape.
| DC Locations | DC Providers |
| Australia East (New South Wales | Microsoft Azure |
| Canada Central (Toronto) | Microsoft Azure |
| East US (Virginia) | Microsoft Azure |
| West Europe (Netherlands) | Microsoft Azure |
| Germany West Central (Frankfurt) | Microsoft Azure |
| Switzerland North (Zurich) | Microsoft Azure |
| UAE North (Dubai) | Microsoft Azure |
| UK South (London) | Mircrosoft Azure |
| Brazil South (São Paulo) | Mircosoft Azure |
| Southeast Asia (Singapore) | Mircosoft Azure |
SOC 2 reports are prepared in accordance with AT-C Section 205 and the International Standard on Assurance Engagements No. 3000. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP LeanIX has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers as of the audit period 1. December 2023 to 30. November 2024, and the trust principles Security, Availability, Confidentiality, and Privacy.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with a non-disclosure agreement in place.
The SAP LeanIX Enterprise Architecture Management (EAM) enables enterprise architects to establish and sustain a transparent as-is IT landscape, plan roadmaps in the context of the business objectives, and execute transformation programs. Enterprise Architecture teams using SAP LeanIX EAM have the power to strategically support their business, make decisions faster, and efficiently mitigate technology risks. Consisting of three product modules, EAM is based on the core module of Application Portfolio Management (APM) providing real-time overviews of a company’s IT landscape and business capabilities. One optional module, Technology Risk Management, allows early detection of risks arising from obsolete IT components which impact applications. The other optional module, Business Transformation Management (BTM) helps business and IT teams to collaboratively model to-be architectures of transformation initiatives and their impacts on the IT landscape.
| DC Locations | DC Providers |
| Australia East (New South Wales | Microsoft Azure |
| Canada Central (Toronto) | Microsoft Azure |
| East US (Virginia) | Microsoft Azure |
| West Europe (Netherlands) | Microsoft Azure |
| Germany West Central (Frankfurt) | Microsoft Azure |
| Switzerland North (Zurich) | Microsoft Azure |
| UAE North (Dubai) | Microsoft Azure |
| UK South (London) | Mircrosoft Azure |
| Brazil South (São Paulo) | Mircosoft Azure |
| Southeast Asia (Singapore) | Mircosoft Azure |
SOC 2 reports are prepared in accordance with AT-C Section 205 and the International Standard on Assurance Engagements No. 3000. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP LeanIX has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers as of the audit period 1. December 2023 to 30. November 2024, and the trust principles Security, Availability, Confidentiality, and Privacy.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with a non-disclosure agreement in place.