SAP Trust Center
SAP Multi Cloud SOC 1 (ISAE 3402) Audit Report 2022 H2
The SAP Multi Cloud organization provides a ‘platform of enablement’ for Lines of Business (LoB) in the public cloud, providing costing services such as billing and cost optimization, architecture consultation and application design and security safeguards, tool engineering to automate and expand services offerings and hyperscaler operational support.
SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. Exiting customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.16, a new guidance that the auditors use to conduct a SOC 1 engagement. SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated period.
SAP Multi Cloud has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2022 to 30. September 2022, the locations San Ramon (California), Birmingham (Alabama), Belgrade (Serbia), Hyderabad (India), as well as in co-locations Sacrament, CA and Ashburn, VA (USA), Frankfurt (Germany), Selangor (Malaysia), Kuala Lumpur (Malaysia), Singapore, and Dublin (Ireland).
The use of these reports is restricted. A copy of this report is available for all SAP Multi Cloud customers who had productive and had financially-relevant systems during the audit period covered by the report.