SAP Trust Center
SAP Multi Cloud SOC 2 (ISAE 3000) Audit Report 2021 H2
The SAP Multi Cloud organization provides a ‘platform of enablement’ for Lines of Business (LoB) in the public cloud, providing costing services such as billing and cost optimization, architecture consultation and application design and security safeguards, tool engineering to automate and expand services offerings and hyperscaler operational support.
SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Multi-Cloud has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant.
This version of the report covers the audit period 1. May 2021 to 31. October 2021.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.