SAP Trust Center
SAP Integrated Business Planning SOC 1 (ISAE3402) Audit Report 2020 H1
The scope of this SOC report includes the SAP Integrated Business Planning services as offered for the live productive customer systems that are hosted in SAP SE's data centers St. Leon–Rot, Germany; Walldorf, Germany; Newtown Square, USA; Colorado Springs, USA as well as in the co-locations Amsterdam, Netherlands; Dammam, Saudi Arabia; Moscow, Russian Federation; Osaka, Japan; Riyadh, Saudi Arabia; Shanghai, China; Sterling, Virginia, USA; Sydney, Australia; Tokyo, Japan and Abu Dhabi, United Arab Emirates (Microsoft Azure).
SAP Integrated Business Planning is SAP's platform for real-time and integrated planning, built on SAP HANA® (High Performance Analytic Appliance), utilizing HANA®’s Analytical features to the maximum. SAP Integrated Business Planning is being developed to deliver integrated, unified planning across sales and operations, demand, inventory, supply and response planning, as well as the supply chain control tower for dashboard analytics and monitoring. SAP Integrated Business Planning delivers a paradigm of user experience and efficiency, leveraging real-time dashboards, advanced predictive analytics, interactive simulation, embedded social collaboration and Microsoft Excel-enabled planning tables.
The SAP Integrated Business Planning has five modules, addressing different business/planning areas Sales & Operations (S&OP), Demand, Inventory, Response and Supply, and Supply Chain Control Tower. A customer can subscribe to any of these solutions offered individually, and the commercials are based on the solution selected. To a large extend, the (HANA®) hardware sizing also is based on the solution subscribed.
SOC1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC1 engagement. SOC1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC1 type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Integrated Business Planning has prepared SOC1 Type 2 audit report by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2019 to 30. April 2020.
The use of these reports is restricted. A copy of this report is available for all SAP Integrated Business Planning customers who had productive and had financially-relevant systems during the audit period covered by the report.