Skip to Content
Nous contacter
Discutons en ligne Discussion en direct hors ligne
Discutez en ligne avec un interlocuteur SAP qui vous aidera à résoudre vos problèmes.
Nous contacter
Nous envoyer vos commentaires ou vos questions par e-mail.

SAP Cloud Platform Cloud Foundry SOC 1 (ISAE3402) Audit Report 2018 H2

The scope of this SOC report includes the SAP Cloud Platform Cloud Foundry services hosted in SAP SE's data centers St. Leon–Rot (Germany) as well as in the co-location data centers in Frankfurt (Germany), Sydney (Australia), US East (Virginia, USA), Tokyo (Japan) and Sao Paulo (Brazil).


SAP Cloud Platform is a Business Application Platform-as-a-Service (PaaS) offering. It enables SAP, its partners and customers to develop, deploy, run, operate, and use applications in a cloud environment.


SAP Cloud Platform is a multitenant public cloud offering which allows application providers, including SAP itself, to build lightweight, collaborative, network-oriented applications to complement and extend existing SAP solutions. 


Additionally, SAP provides and operates Software-as-a-Service (SaaS) solutions on SAP Cloud Platform. Those also leverage the SAP Cloud Platform management system and operational controls. Therefore, everywhere in this system description where referred to SAP Cloud Platform, all services, tools, applications, SaaS solutions, part of or running on SAP Cloud Platform, are included as described in the chapter Service Overview.


SAP Cloud Platform is a product implemented by SAP, and as such, it uses the Innovation Cycle framework for product and solution creation, certified with ISO 9001:2015.


SAP Cloud Platform Cloud Foundry is built upon an Open Source Cloud Application Platform called “Cloud Foundry”. Cloud Foundry itself is not bound to a particular infrastructure and can therefore be deployed on various cloud infrastructures.


SOC1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC1 engagement. SOC1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.


SAP Cloud Platform has prepared SOC1 Type 1 audit report by an independent 3rd party accountant. This version of the report is as of 31. October 2018, the location St. Leon–Rot (Germany) as well as in the co-location data centers in Frankfurt (Germany), Sydney (Australia), US East (Virginia, USA), Tokyo (Japan) and Sao Paulo (Brazil).


The use of these reports is restricted. A copy of this report is available for all SAP Cloud Platform Cloud Foundry customers who had productive and had financially-relevant systems during the audit period covered by the report.

Back to top