SAP Enterprise Cloud Services SOC 1 Audit Report Q2 2025

Please Note: Starting from 2025 H1, SAP will release new SOC 1, SOC 2 and C5 audit reports called “SAP Central Cloud Services” comprising of SAP Cloud Services (IaaS, PaaS, SaaS) and SAP central services. Customers will automatically receive a copy of this audit report in addition to the requested report(s) to assess relevant controls of the internal subservice organization “SAP Central Cloud Services” as outlined in Section III.

Learn More:​ Digital Resources & Enablement

  • RISE with SAP S/4HANA Cloud, Private Edition

  • RISE with SAP S/4HANA Cloud, Private Cloud, Tailored Option incl. Customer Data Center Option

  • SAP ERP, Private Cloud edition, Tailored option

  • SAP HANA Enterprise Cloud Credit & Overage, Advanced Edition  incl. Customer Data Center Option (BYOL)

  • SAP S/4 HANA Cloud, Extended Edition

  • STE (Single Tenant Edition)

  • CPO (Cloud Private Option)

  • CPE (Cloud Private Edition)

  • SAP Credit & Overage HANA Enterprise Cloud Advanced Edition (Subscription)

  • SAP HANA Enterprise Cloud Advanced Edition (Subscription)

  • SAP HANA Enterprise Cloud Classic (Subscription and BYOL)

Services are offered on SAP Infrastructure, Customer Data Center Infrastructure, Amazon Web Services, Microsoft Azure or Google Cloud Platform.  A detailed list of locations of the datacenter is available within the report. The offered services are fully scalable and secure private managed cloud solutions available only from SAP. It empowers organizations to unlock the full value of SAP Enterprise Cloud Services in the cloud - accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. The offered services are using the SAP Enterprise Cloud Services architecture and processes but includes also specific SAP products, use rights and services. The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment.

 

The following Data Centers are used by SAP Enterprise Cloud Services (ECS):

  • Australia: Sydney

  • Canada: Toronto

  • Germany: Frankfurt

  • Germany: St. Leon-Rot

  • Germany: Walldorf

  • Japan: Osaka

  • Japan: Tokyo

  • Netherlands: Amsterdam

  • USA: Ashburn, VA

  • USA: Colorado Springs, CO

  • USA: Santa Clara, CA

  • USA: Sterling, VA

  • Asia-Pacific (Malaysia)

  • Australia: Canberra

  • Australia: Melbourne

  • Australia: New South Wales

  • Australia: Sydney

  • Australia: Victoria

  • Bahrain

  • Belgium: St. Ghislain

  • Brazil: Rio de Janeiro

  • Brazil: São Paulo

  • Canada: Calgary

  • Canada: Central

  • Canada: Montreal

  • Canada: Quebec City

  • Canada: Toronto

  • Chile: Santiago

  • China: Beijing

  • China: Hebei

  • China: Hong Kong

  • China: Jiangsu

  • China: Ningxia

  • China: Shanghai

  • Dammam (Saudi Arabia)

  • Finland: Hamina

  • France: Marseille

  • France: Paris

  • Germany: Berlin

  • Germany: Frankfurt

  • Germany: North

  • India: Chennai

  • India: Delhi

  • India: Hyderabad

  • India: Mumbai

  • India: Pune

  • Indonesia: Jakarta

  • Ireland

  • Ireland: Dublin

  • Israel

  • Israel: Tel Aviv

  • Italy: Milan

  • Italy: Turin

  • Japan: Osaka

  • Japan: Tokyo

  • Mexico: Querétaro

  • Netherlands: Amsterdam

  • Netherlands: Eemshaven

  • Norway: Oslo

  • Norway: Stavanger

  • Poland: Warsaw

  • Qatar: Doha

  • Singapore

  • Singapore: Jurong West

  • South Africa: Cape Town

  • South Africa: Johannesburg

  • South Korea: Busan

  • South Korea: Seoul

  • Spain

  • Spain: Madrid

  • Sweden: Gävle

  • Sweden: Stockholm

  • Switzerland: Geneva

  • Switzerland: Zurich

  • Switzerland: Zürich

  • Taiwan: Changhua County

  • Thailand: Bangkok

  • UK: Cardiff

  • UK: London

  • United Arab Emirates

  • United Arab Emirates: Abu Dhabi

  • United Arab Emirates: Dubai

  • USA: Arizona

  • USA: Ashburn, VA

  • USA: California

  • USA: Columbus, OH

  • USA: Council Bluffs, IA

  • USA: Dallas, TX

  • USA: Illinois

  • USA: Iowa

  • USA: Las Vegas, NV

  • USA: Los Angeles, CA

  • USA: Moncks Corner, SC

  • USA: N. Virginia

  • USA: Ohio

  • USA: Oregon

  • USA: Quincy, WA

  • USA: Salt Lake City, UT

  • USA: Texas

  • USA: The Dalles, OR

  • USA: Virginia

SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, under Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors).  Please note that this examination's scope does not include the controls and related control objectives of any subservice organizations. SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.

 

SAP Enterprise Cloud Services has prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. January 2025 to 30. June 2025.

 

The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Central Cloud Services customers who had productive and had financially-relevant systems during the audit period covered by the report.