SAP Enterprise Management Cloud Computing Compliance Criteria Catalog (C5:2020) Audit Report 2024 H1
SAP Enterprise Management solutions in scope of this C5 report are:
SAP Business ByDesign,
SAP Integrated Business Planning,
SAP Marketing Cloud,
SAP S/4HANA Cloud Public Edition.
Services are offered on SAP Cloud Infrastructure (incl. SAP Business Technology Platform), Microsoft Azure or Google Cloud Platform. The following data centers are used by SAP Enterprise Management:
DC Locations | DC Providers |
Amsterdam, The Netherlands | SAP Converged Cloud |
Ashburn 3, VA, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Shanghai, China | SAP Converged Cloud |
Dubai, UAE | SAP Converged Cloud |
Toronto, Canada | SAP Converged Cloud |
Colorado Springs, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Dubai, United Arab Emirates | SAP Converged Cloud |
Frankfurt, Germany | SAP Converged Cloud |
NSQ, PA, US | SAP Converged Cloud |
Osaka, Japan | SAP Converged Cloud |
Riyadh, Saudi Arabia | SAP Converged Cloud |
St. Leon-Rot, Germany | SAP Converged Cloud |
Sterling, US | SAP Converged Cloud |
Tokyo, Japan | SAP Converged Cloud |
Council Bluffs, US | Google Cloud Platform |
Ashburn, VA, US | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Sao Paulo, Brazil | Google Cloud Platform |
Mumbai, India | Google Cloud Platform |
Eemshaven, The Netherlands | Google Cloud Platform |
Amsterdam, The Netherlands | Microsoft Azure |
Quincy, US | Microsoft Azure |
Walldorf, Germany | SAP Converged Cloud |
Cloud Computing Compliance Controls Catalogue (C5) reports are prepared in accordance with attestation standards established by the American Institute of Certified Public Accountants (“AICPA”) and in accordance with the International Standard on Assurance Engagements (“ISAE”) 3000 Revised, Assurance Engamenets Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Board (IAASB). C5 outlines minimum security for cloud computing, aimed at cloud providers, auditors, and clients. Introduced in 2016, it helps customers choose a secure cloud provider and tailor a risk management system. C5 assures cloud services security by providing transparency via a standardized examination and reporting system. The 2020 version of C5 includes 125 criteria from 17 areas, based on national and international standards and publications.
SAP Enterprise Management as prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2023 to 31. March 2024.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.
SAP Enterprise Management solutions in scope of this C5 report are:
SAP Business ByDesign,
SAP Integrated Business Planning,
SAP Marketing Cloud,
SAP S/4HANA Cloud Public Edition.
Services are offered on SAP Cloud Infrastructure (incl. SAP Business Technology Platform), Microsoft Azure or Google Cloud Platform. The following data centers are used by SAP Enterprise Management:
DC Locations | DC Providers |
Amsterdam, The Netherlands | SAP Converged Cloud |
Ashburn 3, VA, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Shanghai, China | SAP Converged Cloud |
Dubai, UAE | SAP Converged Cloud |
Toronto, Canada | SAP Converged Cloud |
Colorado Springs, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Dubai, United Arab Emirates | SAP Converged Cloud |
Frankfurt, Germany | SAP Converged Cloud |
NSQ, PA, US | SAP Converged Cloud |
Osaka, Japan | SAP Converged Cloud |
Riyadh, Saudi Arabia | SAP Converged Cloud |
St. Leon-Rot, Germany | SAP Converged Cloud |
Sterling, US | SAP Converged Cloud |
Tokyo, Japan | SAP Converged Cloud |
Council Bluffs, US | Google Cloud Platform |
Ashburn, VA, US | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Sao Paulo, Brazil | Google Cloud Platform |
Mumbai, India | Google Cloud Platform |
Eemshaven, The Netherlands | Google Cloud Platform |
Amsterdam, The Netherlands | Microsoft Azure |
Quincy, US | Microsoft Azure |
Walldorf, Germany | SAP Converged Cloud |
Cloud Computing Compliance Controls Catalogue (C5) reports are prepared in accordance with attestation standards established by the American Institute of Certified Public Accountants (“AICPA”) and in accordance with the International Standard on Assurance Engagements (“ISAE”) 3000 Revised, Assurance Engamenets Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Board (IAASB). C5 outlines minimum security for cloud computing, aimed at cloud providers, auditors, and clients. Introduced in 2016, it helps customers choose a secure cloud provider and tailor a risk management system. C5 assures cloud services security by providing transparency via a standardized examination and reporting system. The 2020 version of C5 includes 125 criteria from 17 areas, based on national and international standards and publications.
SAP Enterprise Management as prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2023 to 31. March 2024.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.