The scope of this SOC report includes the SAP Converged Cloud solutions as offered for the live productive customer systems that are hosted in SAP SE's data centers Colorado Springs (USA), St. Leon–Rot (Germany), Newtown Square (USA), Shanghai (China) and Walldorf (Germany) as well as in the co-location Amsterdam (Netherlands), Ashburn (USA), Chandler (USA), Dubai (UAE), Frankfurt (Germany), Moscow (Russia), Osaka (Japan), Riyadh (KSA), Sao Paulo (Brazil), Toronto (Canada), Sterling (USA), Phoenix (USA), Sydney (Australia) and Tokyo (Japan).
Converged Cloud is SAP’s standardized Infrastructure as a Service (IaaS) offering to support all of SAP’s cloud business on a global scale. It provides a vendor agnostic and harmonized Hardware Infrastructure architecture as well as an infrastructure orchestration and automation layer in all major SAP data centers. With Converged Cloud it is possible to deploy applications into data centers without the need to deploy a solution specific infrastructure stack before it can be deployed.
IaaS used for general purpose solutions using no distro for OpenStack and VMware as hypervisor technology. Distro is short term for Linux distribution, which is an operating system made from a software collection, which is based upon Linux kernel and often packaged as management system.
SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Converged Cloud has prepared SOC2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2019 to 30. April 2020 and the trust principles Security, Availability and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.