SAP Trust Center
SAP Ariba C5 Audit Report 2020
SAP Ariba, an SAP Company is a leading provider of on-demand spend management solutions. SAP Ariba’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance. Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment. SAP Ariba has deployed in regional data centers in San Jose (California), Amsterdam (Netherlands), Moscow (Russia), Shanghai (China), Dubai (UAE) and Riyadh (Saudi Arabia) as well as in co-locations Sunnyvale, California (USA).
The Cloud Computing Compliance Controls Catalogue (abbreviated “C5”) is intended primarily for cloud service providers as well as their customers and auditors. It is defined which requirements (also referred to as controls in this context) the cloud providers have to comply with or which minimum requirements the cloud providers should be obliged to meet. The catalogue is divided into 17 thematic sections (e.g. organization of information security, physical security). The surrounding parameters provide additional information on the data location, provision of services, place of jurisdiction, certifications and duties of investigation and disclosure towards government agencies and contain a system description.
SAP Ariba has regularly prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2018 to 31. October 2019, the locations San Jose (California), Amsterdam (Netherlands), Moscow (Russia), Shanghai (China), Dubai (UAE) and Riyadh (Saudi Arabia) as well as in co-locations Sunnyvale, California (USA) and the trust principles Security, Availability, Processing Integrity and Confidentiality..
The use of this report is restricted. A copy of this report is available for all SAP Ariba customers with productive systems. This report is also available for prospective customers under the signed non-disclosure agreement.