Skip to Content

SAP Multi Cloud SOC 2 Type 1 Audit Report 2020 H1

Multi Cloud at SAP refers to the 4+1 Strategy mandated by SAP Executive Board and driven by the Multi Cloud Adoption Program (MCAP). 4+1 is a combination of 4 hyperscalers that SAP is partnering with , Amazon Web Services, Google Cloud Platform, Microsoft Azure, and Alibaba Cloud for China - on a SaaS (Software-as-a-Service) level plus SAP's own Converged Cloud (CCloud) and offer Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Softwareas-a-Service (SaaS).

Multi Cloud (MC) is a centrally managed enabler for hyperscaler access across all Lines of Business (LoBs). 

  • Standardization: Ensure a controlled approach to hyperscaler management. 
  • Belonging: Ensure that SAP organizations receive the correct enterprise discounts and support entitlement.
  • Secure: Ensure and support secure communications and configurations for LoBs. 
  • Contingency: Offer backup-as-a-service.
  • Enablement: Provide accessibility to hyperscaler connectivity. 

At its very core, Multi Cloud is a centralized body, designed as an enabling force to facilitate and ease operational complications for LoB's as they journey onto the cloud, while also ensuring the ability to enforce and monitor corporate governance accountability.

The services offered within the Multi Cloud are

  • The hyperscalers - AWS, Azure, GCP
  • DevSecOps/DevNetOps• Backup-as-a-self-service (BaSS)
  • Chargeback/ShowBack
  • Capacity planning

SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Multi Cloud has prepared SOC2 Type 1 audit report by an independent 3rd party accountant. This version of the report is as of 1. May, 2020 and the trust principles Security, Availability and Confidentiality. 

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

Back to top