SAP Trust Center
SAP Integrated Business Planning SOC 1 (ISAE 3402) Audit Report 2020 H2
The scope of this SOC report includes the SAP Integrated Business Planning services as offered for the live productive customer systems that are hosted in SAP SE's data centers St. Leon–Rot (Germany), Walldorf (Germany), Newtown Square (USA), Colorado Springs (USA) as well as in the co-locations Amsterdam (Netherlands), Dammam (Saudi Arabia), Moscow (Russian Federation), Osaka (Japan), Riyadh (Saudi Arabia), Shanghai (China), Sterling (Virginia, USA), Sydney (Australia) Tokyo (Japan) and Abu Dhabi, United Arab Emirates (Microsoft Azure).
SAP Integrated Business Planning is SAP's platform for real-time and integrated planning, built on SAP HANA® (High Performance Analytic Appliance), utilizing HANA®’s Analytical features to the maximum. SAP Integrated Business Planning is being developed to deliver integrated, unified planning across sales and operations, demand, inventory, supply and response planning, as well as the supply chain control tower for dashboard analytics and monitoring. SAP Integrated Business Planning delivers a paradigm of user experience and efficiency, leveraging real-time dashboards, advanced predictive analytics, interactive simulation, embedded social collaboration and Microsoft Excel-enabled planning tables.
The SAP Integrated Business Planning has five modules, addressing different business/planning areas Sales & Operations (S&OP), Demand, Inventory, Response and Supply, and Supply Chain Control Tower. A customer can subscribe to any of these solutions offered individually, and the commercials are based on the solution selected. To a large extend, the (HANA®) hardware sizing also is based on the solution subscribed.
SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC 1 engagement. SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Integrated Business Planning has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2020 to 31. October 2020 that are hosted in SAP SE's data centers St. Leon–Rot (Germany), Walldorf (Germany), Newtown Square (USA), Colorado Springs (USA) as well as in the co-locations Amsterdam (Netherlands), Dammam (Saudi Arabia), Moscow (Russian Federation), Osaka (Japan), Riyadh (Saudi Arabia), Shanghai (China), Sterling (Virginia, USA), Sydney (Australia) Tokyo (Japan) and Abu Dhabi, United Arab Emirates (Microsoft Azure).
The use of these reports is restricted. A copy of this report is available for all SAP Integrated Business Planning customers who had productive and had financially-relevant systems during the audit period covered by the report.