Skip to Content

SAP Trust Center

SAP Enterprise Management System SOC 2 (ISAE 3000) Audit Report 2021 H2

The scope of this SOC 2 report includes SAP Enterprise Management, SAP S/4HANA Cloud, SAP Marketing Cloud, and SAP Integrated Business Planning as offered in the primary data centers in Ashburn (US), Amsterdam, (The Netherlands), Colorado Springs (US), Sydney (Australia), Toronto (Canada), Dubai (UAE), Frankfurt (Germany), Moscow (Russia), Newtown Square (US), Riyadh (Saudi Arabia), St. Leon-Rot (Germany), Shanghai (China), Sterling (US), Tokyo (Japan), Council Bluffs (US) and Sao Paulo (Brazil).

SAP Product Engineering (PE) department consists of product management, engineering, cloud operations and infrastructure. PE supports teams to consolidate and operate the organization with the objective to be able to respond to changes, challenges and trends in the cloud industry and to customer expectations. The portfolio includes the SAP S/4 HANA Cloud suite, SAP Digital Supply Chain, Small and Mid-Sized Enterprises (SME), and industry solutions as well as cloud offerings. Cross-functions in the Product Engineering (PE) include Architecture, global SAP Labs Network, SAP Knowledge & Education, Globalization Services, and SAP User Experience teams with the responsibility for the overall quality of SAP software products.

SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

This version of the report covers the audit period 1. May 2021 to 31. October 2021.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

The scope of this SOC 2 report includes SAP Enterprise Management, SAP S/4HANA Cloud, SAP Marketing Cloud, and SAP Integrated Business Planning as offered in the primary data centers in Ashburn (US), Amsterdam, (The Netherlands), Colorado Springs (US), Sydney (Australia), Toronto (Canada), Dubai (UAE), Frankfurt (Germany), Moscow (Russia), Newtown Square (US), Riyadh (Saudi Arabia), St. Leon-Rot (Germany), Shanghai (China), Sterling (US), Tokyo (Japan), Council Bluffs (US) and Sao Paulo (Brazil).

SAP Product Engineering (PE) department consists of product management, engineering, cloud operations and infrastructure. PE supports teams to consolidate and operate the organization with the objective to be able to respond to changes, challenges and trends in the cloud industry and to customer expectations. The portfolio includes the SAP S/4 HANA Cloud suite, SAP Digital Supply Chain, Small and Mid-Sized Enterprises (SME), and industry solutions as well as cloud offerings. Cross-functions in the Product Engineering (PE) include Architecture, global SAP Labs Network, SAP Knowledge & Education, Globalization Services, and SAP User Experience teams with the responsibility for the overall quality of SAP software products.

SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

This version of the report covers the audit period 1. May 2021 to 31. October 2021.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

Back to top