Skip to Content

Quality at SAP

Quality from our customers’ perspective

Every SAP employee has a quality assurance role, whether developing software or providing services and support. We cooperate closely with customers, partners, and suppliers, and regularly monitor our customers’ perception of our quality. Our quality culture is based on employee commitment, and we use innovative methods to support continuous product, process, and service quality improvement.

Our quality management systems

We have a quality management system in place that defines standardized processes for our organizations Global Development, Digital Business Services, and IT. These globally applicable processes enable our employees to share and apply best practices to improve quality and customer satisfaction.

SAP Global Development

SAP Global Development ensures that SAP solutions meet the highest possible standards. Our product quality standards are derived from ISO 25010 software quality model. 

SAP Digital Business Services

SAP Digital Business Services provides tailored services to maintain the quality of installed solutions.


SAP IT ensures the quality and stability of SAP’s internal IT infrastructure.


Third-party certification bodies provide independent confirmation that SAP meets the requirements of international standards. Since 1998 SAP has held an ISO 9001 certificate. We are also certified according to ISO 27001, ISO 22301, and BS 10012. All locations worldwide work according to one common process framework, including data security and privacy regulations.We regularly check compliance though internal reviews and audits. 

Service Organization Control (SOC) Attestations

SAP is committed to third-party validations, standards, and certifications of the policies and procedures we use to maintain our customers’ security, privacy, and data integrity. We maintain several certifications and accreditations to ensure we provide the highest standards of service and reliability to our customers.
SOC 1: Provides the auditor of a user entity’s financial statements information about controls at a service organization that may be relevant to a user entity’s internal control over financial reporting. A Type 2 SOC 1 report includes a detailed description of tests of controls performed by the CPA and results of the tests.
Note: SOC 1 (ISAE3402 / SSAE16) reports are only available for customers who had live, financially-relevant systems during the last audit period. Please contact your SAP sales representative to attain this report.
SOC 2: Provides management of a service organization, user entities, and others a report about controls at a service organization relevant to the security, availability, or processing integrity of the service organization’s system, or the confidentiality and privacy of the data processed by that system. A Type 2 SOC 2 report includes a detailed description of tests of controls performed by the CPA and results of the tests.
SOC 3: Provides users and interested parties a report about controls at the service organization related to security, availability, processing integrity, confidentiality or privacy. SOC 3 reports are a short-form report (i.e., no description of tests of controls and results) and may be used in a service organization’s marketing efforts.
More details on the difference between SOC 1, SOC 2 and SOC 3 can be found at

SAP Quality Awards

The SAP Quality Awards celebrate customers who have excelled in the implementation of their SAP software solutions. 
Back to top