SAP Trust Center

The scope of this SOC report includes the SAP Integrated Business Planning services as offered for the live productive customer systems that are hosted in SAP SE's data centers St. Leon–Rot (Germany), Walldorf (Germany), Newtown Square (USA), Colorado Springs (USA) as well as in the co-locations Amsterdam (Netherlands), Dammam (Saudi Arabia), Moscow (Russian Federation), Osaka (Japan), Riyadh (Saudi Arabia), Shanghai (China), Sterling (Virginia, USA), Sydney (Australia) Tokyo (Japan) and Abu Dhabi, United Arab Emirates (Microsoft Azure).

SAP Integrated Business Planning is SAP's platform for real-time and integrated planning, built on SAP HANA® (High Performance Analytic Appliance), utilizing HANA®’s Analytical features to the maximum. SAP Integrated Business Planning is being developed to deliver integrated, unified planning across sales and operations, demand, inventory, supply and response planning, as well as the supply chain control tower for dashboard analytics and monitoring. SAP Integrated Business Planning delivers a paradigm of user experience and efficiency, leveraging real-time dashboards, advanced predictive analytics, interactive simulation, embedded social collaboration and Microsoft Excel-enabled planning tables. 

The SAP Integrated Business Planning has five modules, addressing different business/planning areas Sales & Operations (S&OP), Demand, Inventory, Response and Supply, and Supply Chain Control Tower. A customer can subscribe to any of these solutions offered individually, and the commercials are based on the solution selected. To a large extend, the (HANA®) hardware sizing also is based on the solution subscribed.

SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Integrated Business Planning has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2020 to 31. October 2020 that are hosted in SAP SE's data centers St. Leon–Rot (Germany), Walldorf (Germany), Newtown Square (USA), Colorado Springs (USA) as well as in the co-locations Amsterdam (Netherlands), Dammam (Saudi Arabia), Moscow (Russian Federation), Osaka (Japan), Riyadh (Saudi Arabia), Shanghai (China), Sterling (Virginia, USA), Sydney (Australia) Tokyo (Japan) and Abu Dhabi, United Arab Emirates (Microsoft Azure) and the trust principles Security, Availability and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.