Skip to Content

SAP Trust Center

SAP Enterprise Cloud Services Type 2 C5 Audit Report 2022

The scope of this C5 report includes the SAP Enterprise Cloud Services as offered in the data centers for the productive customer systems that have the status “business live” (i.e. in daily productive business use) in the following locations: St. Leon–Rot (Germany), Colorado (US) and Walldorf (Germany).

SAP Enterprise Cloud Services is a fully scalable and secure private managed cloud solution available only from SAP. It empowers organizations to unlock the full value of SAP HANA in the cloud — accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. 

The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment.
 The Cloud Computing Compliance Controls Catalogue (C5) is intended primarily for cloud service providers as well as their customers and auditors. It is defined which requirements (also referred to as controls in this context) the cloud providers have to comply with or which minimum requirements the cloud providers should be obliged to meet. The catalogue is divided into 17 thematic sections (e.g. organization of information security, physical security). The surrounding parameters provide additional information on the data location, provision of services, place of jurisdiction, certifications and duties of investigation and disclosure towards government agencies and contain a system description.

SAP Enterprise Cloud Services has prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2021 to 30. September 2022, the locations St. Leon–Rot (Germany), Colorado (US) and Walldorf (Germany).

The use of this report is restricted. A copy of this report is available for all SAP Enterprise Cloud Services customers with productive systems. This report is also available for prospective customers under the signed non-disclosure agreement.

Back to top