SAP Business Technology Platform SOC 2 Audit Report 2024 H1
SAP Business Technology Platform (SAP BTP) is a technology platform that brings together application development, data and analytics, integration, automation, and AI capabilities in one unified environment. The platform offers users the ability to turn data into business value, compose end-to-end business processes, and build and extend SAP applications.
The services and solutions of SAP BTP are available on multiple cloud infrastructure providers. The multi-cloud foundation supports different environments, such as Cloud Foundry, ABAP, Kyma, and Neo, as well as multiple different regions and a broad choice of programming languages.
SAP BTP SOC 2 Type 2 report covers within audit period the following services:
SAP BTP Runtime:
SAP BTP, Neo runtime
SAP BTP, Cloud Foundry runtime
SAP BTP, Kyma runtime
SAP BTP, ABAP environment
SAP BTP, Kubernetes environment (internal only)
SAP AI Core
SAP AI Launchpad
SAP Alert Notification service for SAP BTP
SAP Analytics Cloud
SAP Application Logging Service for SAP BTP
SAP ASE service
SAP Audit Log service
SAP Authorization and Trust Management service
SAP Automation Pilot
SAP Batch Release Hub for Life Sciences
SAP Build Apps
SAP Build Process Automation
SAP Build Work Zone, advanced edition
SAP Build Work Zone, standard edition
SAP Business Accelerator Hub
SAP Business Application Studio
SAP Business Network Asset Collaboration
SAP Business Network for Logistics, including:
SAP Business Network Freight Collaboration
SAP Business Network Global Track and Trace
SAP Business Network Intelligent Insights
SAP Business Network Material Traceability
SAP Cloud Appliance Library
SAP Cloud for Energy
SAP Cloud Identity Access Governance
SAP Cloud Identity Services - Identity Authentication
SAP Cloud Identity Services - Identity Provisioning
SAP Cloud Integration for data services
SAP Cloud Management service for SAP BTP
SAP Cloud Portal service
SAP Cloud Transport Management
SAP Connectivity service
SAP Content Agent service
SAP Content Agent service
SAP Continuous Integration and Delivery
SAP Conversational AI
SAP Credential Store
SAP Custom Domain service
SAP Data Custodian
SAP Data Intelligence Cloud
SAP Data Privacy Integration
SAP Data Quality Management
SAP Data Retention Manager
SAP Datasphere, including SAP BW Bridge
SAP Destination service
SAP Digital Manufacturing
SAP Document Center
SAP Document Management service
SAP Document service
SAP Entitlement Management
SAP Event Mesh
SAP Feature Flags service
SAP Fiori Cloud
SAP Forms service by Adobe
SAP Git service
SAP HANA Cloud, including:
SAP HANA Cloud, data lake
SAP HANA Cloud, SAP HANA database
SAP HANA service for SAP BTP
SAP HANA spatial services
SAP HTML5 Application Repository service for SAP BTP
SAP Information Collaboration Hub
SAP Integration Suite, including:
SAP API Management
Cloud Integration
Graph
Integration Advisor
Open Connectors
SAP Job Scheduling service
SAP Keystore service
SAP Landscape Management Cloud
SAP Leonardo Machine Learning Foundation
SAP Malware Scanning service
SAP Market Communication for Utilities
SAP Market Rates Management
SAP Master Data Governance, cloud edition
SAP Master Data Integration
SAP Mobile Services, including Agentry
SAP Monitoring service for SAP BTP
SAP Multi-Bank Connectivity
SAP OData Provisioning
SAP Personal Data Manager
SAP Platform Identity Provider service for SAP BTP
SAP Private Link service
SAP Profitability and Performance Management Cloud
SAP Secure Login Service for SAP GUI
SAP Service Manager
SAP Software-as-a-Service Provisioning service
SAP Solutions Lifecycle Management service for SAP BTP
SAP Sports One
SAP Subscription Billing
SAP Task Center
SAP Usage Data Management service for SAP BTP
SAP Virtual Machine service
SAP Web IDE
Application Autoscaler
Business Entity Recognition
Cloud Integration Automation
Commercial Infrastructure Service (internal only)
Data Attribute Recommendation
Document Classification
Document Information Extraction
Invoice Object Recommendation
Java Application Lifecycle Management for SAP BTP
Java Debugging for SAP BTP
Java Profiling for SAP BTP
MongoDB on SAP BTP
OAuth 2.0 on SAP BTP
Object Store on SAP BTP
PostgreSQL on SAP BTP / PostgreSQL on SAP BTP, hyperscaler option
RabbitMQ on SAP BTP
Redis on SAP BTP / Redis on SAP BTP, hyperscaler option
Service Ticket Intelligence
UI Theme Designer
UI5 flexibility for key users
Unified Gateway (internal only)
| DC Locations | DC Providers |
UAE (Dubai) | SAP |
Australia (Sydney) | SAP |
China (Shanghai) | SAP |
Japan (Tokyo) | SAP |
Japan (Osaka) | SAP |
KSA (Riyadh) | SAP |
KSA (Dammam) | SAP |
Europe (Rot) | SAP |
Europe (Frankfurt) | SAP |
Europe (Amsterdam) | SAP |
Brazil (Sao Paulo) | SAP |
Canada (Toronto) | SAP |
US East (Ashburn) | SAP |
US East (Sterling) | SAP |
US West (Colorado Springs) | SAP |
US West (Chandler) | SAP |
US East (VA) | Amazon Web Services (AWS) |
Canada (Montreal) | Amazon Web Services (AWS) |
Singapore | Amazon Web Services (AWS) |
South Korea (Seoul) | Amazon Web Services (AWS) |
Europe (Frankfurt) | Amazon Web Services (AWS) |
India (Mumbai) | Amazon Web Services (AWS) |
Brazil (São Paulo) | Amazon Web Services (AWS) |
Australia (Sydney) | Amazon Web Services (AWS) |
Japan (Tokyo) | Amazon Web Services (AWS) |
US West (Oregon) | Amazon Web Services (AWS) |
US East (VA) | Microsoft Azure (Azure) |
US West (WA) | Microsoft Azure (Azure) |
Canada (Toronto) | Microsoft Azure (Azure) |
Europe (Netherlands) | Microsoft Azure (Azure) |
Singapore | Microsoft Azure (Azure) |
Australia (Sydney) | Microsoft Azure (Azure) |
Japan (Tokyo) | Microsoft Azure (Azure) |
UAE North (Dubai) | Microsoft Azure (Azure) |
Switzerland (Zurich) | Microsoft Azure (Azure) |
US Central (IA) | Google Cloud Platform (GCP) |
Europe (Frankfurt) | Google Cloud Platform (GCP) |
India (Mumbai) | Google Cloud Platform (GCP) |
SOC 2 reports are prepared in accordance with AT-C Section 205, Examination Engagements under Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Business Technology Platform has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2023, to 31. March 2024, and the trust principles Security, Confidentiality and Availability.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.
SAP Business Technology Platform (SAP BTP) is a technology platform that brings together application development, data and analytics, integration, automation, and AI capabilities in one unified environment. The platform offers users the ability to turn data into business value, compose end-to-end business processes, and build and extend SAP applications.
The services and solutions of SAP BTP are available on multiple cloud infrastructure providers. The multi-cloud foundation supports different environments, such as Cloud Foundry, ABAP, Kyma, and Neo, as well as multiple different regions and a broad choice of programming languages.
SAP BTP SOC 2 Type 2 report covers within audit period the following services:
SAP BTP Runtime:
SAP BTP, Neo runtime
SAP BTP, Cloud Foundry runtime
SAP BTP, Kyma runtime
SAP BTP, ABAP environment
SAP BTP, Kubernetes environment (internal only)
SAP AI Core
SAP AI Launchpad
SAP Alert Notification service for SAP BTP
SAP Analytics Cloud
SAP Application Logging Service for SAP BTP
SAP ASE service
SAP Audit Log service
SAP Authorization and Trust Management service
SAP Automation Pilot
SAP Batch Release Hub for Life Sciences
SAP Build Apps
SAP Build Process Automation
SAP Build Work Zone, advanced edition
SAP Build Work Zone, standard edition
SAP Business Accelerator Hub
SAP Business Application Studio
SAP Business Network Asset Collaboration
SAP Business Network for Logistics, including:
SAP Business Network Freight Collaboration
SAP Business Network Global Track and Trace
SAP Business Network Intelligent Insights
SAP Business Network Material Traceability
SAP Cloud Appliance Library
SAP Cloud for Energy
SAP Cloud Identity Access Governance
SAP Cloud Identity Services - Identity Authentication
SAP Cloud Identity Services - Identity Provisioning
SAP Cloud Integration for data services
SAP Cloud Management service for SAP BTP
SAP Cloud Portal service
SAP Cloud Transport Management
SAP Connectivity service
SAP Content Agent service
SAP Content Agent service
SAP Continuous Integration and Delivery
SAP Conversational AI
SAP Credential Store
SAP Custom Domain service
SAP Data Custodian
SAP Data Intelligence Cloud
SAP Data Privacy Integration
SAP Data Quality Management
SAP Data Retention Manager
SAP Datasphere, including SAP BW Bridge
SAP Destination service
SAP Digital Manufacturing
SAP Document Center
SAP Document Management service
SAP Document service
SAP Entitlement Management
SAP Event Mesh
SAP Feature Flags service
SAP Fiori Cloud
SAP Forms service by Adobe
SAP Git service
SAP HANA Cloud, including:
SAP HANA Cloud, data lake
SAP HANA Cloud, SAP HANA database
SAP HANA service for SAP BTP
SAP HANA spatial services
SAP HTML5 Application Repository service for SAP BTP
SAP Information Collaboration Hub
SAP Integration Suite, including:
SAP API Management
Cloud Integration
Graph
Integration Advisor
Open Connectors
SAP Job Scheduling service
SAP Keystore service
SAP Landscape Management Cloud
SAP Leonardo Machine Learning Foundation
SAP Malware Scanning service
SAP Market Communication for Utilities
SAP Market Rates Management
SAP Master Data Governance, cloud edition
SAP Master Data Integration
SAP Mobile Services, including Agentry
SAP Monitoring service for SAP BTP
SAP Multi-Bank Connectivity
SAP OData Provisioning
SAP Personal Data Manager
SAP Platform Identity Provider service for SAP BTP
SAP Private Link service
SAP Profitability and Performance Management Cloud
SAP Secure Login Service for SAP GUI
SAP Service Manager
SAP Software-as-a-Service Provisioning service
SAP Solutions Lifecycle Management service for SAP BTP
SAP Sports One
SAP Subscription Billing
SAP Task Center
SAP Usage Data Management service for SAP BTP
SAP Virtual Machine service
SAP Web IDE
Application Autoscaler
Business Entity Recognition
Cloud Integration Automation
Commercial Infrastructure Service (internal only)
Data Attribute Recommendation
Document Classification
Document Information Extraction
Invoice Object Recommendation
Java Application Lifecycle Management for SAP BTP
Java Debugging for SAP BTP
Java Profiling for SAP BTP
MongoDB on SAP BTP
OAuth 2.0 on SAP BTP
Object Store on SAP BTP
PostgreSQL on SAP BTP / PostgreSQL on SAP BTP, hyperscaler option
RabbitMQ on SAP BTP
Redis on SAP BTP / Redis on SAP BTP, hyperscaler option
Service Ticket Intelligence
UI Theme Designer
UI5 flexibility for key users
Unified Gateway (internal only)
| DC Locations | DC Providers |
UAE (Dubai) | SAP |
Australia (Sydney) | SAP |
China (Shanghai) | SAP |
Japan (Tokyo) | SAP |
Japan (Osaka) | SAP |
KSA (Riyadh) | SAP |
KSA (Dammam) | SAP |
Europe (Rot) | SAP |
Europe (Frankfurt) | SAP |
Europe (Amsterdam) | SAP |
Brazil (Sao Paulo) | SAP |
Canada (Toronto) | SAP |
US East (Ashburn) | SAP |
US East (Sterling) | SAP |
US West (Colorado Springs) | SAP |
US West (Chandler) | SAP |
US East (VA) | Amazon Web Services (AWS) |
Canada (Montreal) | Amazon Web Services (AWS) |
Singapore | Amazon Web Services (AWS) |
South Korea (Seoul) | Amazon Web Services (AWS) |
Europe (Frankfurt) | Amazon Web Services (AWS) |
India (Mumbai) | Amazon Web Services (AWS) |
Brazil (São Paulo) | Amazon Web Services (AWS) |
Australia (Sydney) | Amazon Web Services (AWS) |
Japan (Tokyo) | Amazon Web Services (AWS) |
US West (Oregon) | Amazon Web Services (AWS) |
US East (VA) | Microsoft Azure (Azure) |
US West (WA) | Microsoft Azure (Azure) |
Canada (Toronto) | Microsoft Azure (Azure) |
Europe (Netherlands) | Microsoft Azure (Azure) |
Singapore | Microsoft Azure (Azure) |
Australia (Sydney) | Microsoft Azure (Azure) |
Japan (Tokyo) | Microsoft Azure (Azure) |
UAE North (Dubai) | Microsoft Azure (Azure) |
Switzerland (Zurich) | Microsoft Azure (Azure) |
US Central (IA) | Google Cloud Platform (GCP) |
Europe (Frankfurt) | Google Cloud Platform (GCP) |
India (Mumbai) | Google Cloud Platform (GCP) |
SOC 2 reports are prepared in accordance with AT-C Section 205, Examination Engagements under Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Business Technology Platform has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2023, to 31. March 2024, and the trust principles Security, Confidentiality and Availability.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.