The scope of this C5 report includes:

• RISE with SAP S/4HANA Cloud, Private Edition

• RISE with SAP S/4HANA Cloud, Private Cloud, Tailored Option incl. Customer Data Center Option

• SAP HANA Enterprise Cloud Credit & Overage, Advanced Edition  incl. Customer Data Center Option (BYOL) as well as passive, renewals only options:

SAP Enterprise Cloud Services offers services to customers through the following offerings (passive, renewals only):

• SAP S/4 HANA Cloud, Extended Edition

This offering has the following predecessors:

• STE (Single Tenant Edition)

• CPO (Cloud Private Option)

• CPE (Cloud Private Edition)

• SAP Credit & Overage HANA Enterprise Cloud Advanced Edition (Subscription)

• SAP HANA Enterprise Cloud Advanced Edition (Subscription)

• SAP HANA Enterprise Cloud Classic (Subscription and BYOL)

Services are offered on SAP Infrastructure, Customer Data Center Infrastructure, Amazon Web Services, Microsoft Azure or Google Cloud Platform.  A detailed list of locations of the datacenter is available within the report. The offered services are fully scalable and secure private managed cloud solutions available only from SAP. It empowers organizations to unlock the full value of SAP Enterprise Cloud Services in the cloud - accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. The offered services are using the SAP Enterprise Cloud Services architecture and processes but includes also specific SAP products, use rights and services. The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment.

 

The Cloud Computing Compliance Controls Catalogue (abbreviated “C5”) is intended primarily for cloud service providers as well as their customers and auditors. It is defined which requirements (also referred to as controls in this context) the cloud providers have to comply with or which minimum requirements the cloud providers should be obliged to meet. The catalogue is divided into 17 thematic sections (e.g. organization of information security, physical security). The surrounding parameters provide additional information on the data location, provision of services, place of jurisdiction, certifications and duties of investigation and disclosure towards government agencies and contain a system description.

 

SAP Enterprise Cloud Services has prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period October 1, 2022 to March 31, 2023, in the data center locations St. Leon–Rot (Germany), Colorado (US) and Walldorf (Germany).

 

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.