The scope of this SOC report includes the SAP S/4HANA Cloud as offered in the data centers in St. Leon–Rot / Germany; the data center in Sterling / US, and the data center in Sydney 2 / Australia.
SAP S/4HANA Cloud is intended to offer a quarterly innovation cycle so customers can take advantage of ongoing innovation with minimal disruption. In addition, SAP HANA Cloud Platform aims to serve as an extension platform and agility layer for the cloud edition. This way, customers and partners will be able to build specific capabilities extending the scope of SAP S/4HANA Cloud by either integrating non-SAP products or building their own innovations. With SAP S/4HANA Cloud, enterprises can now participate in the digital economy with a suite that intends to bring together the simplicity of the cloud and the value of instant insight across industries, business functions and networks, and granular data sets.
SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP S/4HANA has regularly prepared SOC2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2015 to 31. October 2015, the locations in St. Leon–Rot / Germany; the data center in Sterling / US, and the data center in Sydney 2 / Australia and the trust principle Security.
The use of these reports is restricted. A copy of this report is available for all SAP S/4HANA customers who had productive and had financially-relevant systems during the audit period covered by the report.