The scope of this SOC report includes the SAP Business ByDesign and SAP Cloud for Travel and Expense solutions.

SAP Business ByDesign (ByD) is a cloud-based Software-as-a-Service (SaaS) ERP offering for mid-market companies and subsidiaries, powered by SAP HANA®. With SAP Business ByDesign, organizations can manage their entire business with a single cloud ERP solution. It is suited for upper midmarket companies and subsidiaries of large corporations, this complete and integrated Software-as-a-Service (SaaS) suite supports financials, human resources, sales, procurement, customer service, supply chain management and more.

SAP Cloud for Travel and Expense is a cloud solution offered by SAP which helps companies to manage their business travel from planning to expense reimbursement while staying in compliance with corporate policies. The solution can be accessed via the web, but also supports a wide range of mobile devices. 

The SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls.  These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems that are used to process users’ data and the confidentiality and privacy of the information processed by these systems.  Additionally, they can play an important role in the oversight of  the organization, vendor management programs, and regulatory oversight.  SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Business ByDesign has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. October 2022 to 31. March 2023, in the data center locations for SAP ByD SAP Cloud Infrastructure, Frankfurt (Germany), Shanghai (China), Sydney (Australia), St. Leon Rot (Germany), and Walldorf (Germany), and in the data center locations for SAP ByD, Frankfurt (Germany) and St. Leon Rot (Germany), and the trust principles Security, Availability, and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.