SAP Trust Center
SAP Enterprise Cloud Services SOC 2 (ISAE 3000) Audit Report 2021 H2
The scope of this SOC report includes
· RISE with SAP S/4HANA Cloud, Private Edition
· RISE with SAP S/4HANA Cloud, Private Cloud, Tailored Option
· SAP HANA Enterprise Cloud Credit & Overage, Advanced Edition (BYOL) as well as passive, renewals only options:
· SAP S/4 HANA Cloud, Extended Edition
This offering has the following predecessors
o STE (Single Tenant Edition)
o CPO (Cloud Private Option)
o CPE (Cloud Private Edition)
· SAP Credit & Overage HANA Enterprise Cloud Advanced Edition (Subscription)
· SAP HANA Enterprise Cloud Advanced Edition (Subscription)
· SAP HANA Enterprise Cloud Classic (Subscription and BYOL)
Services are offered on SAP infrastructure, Amazon Web Services, Microsoft Azure or Google Cloud Platform. A detailed list of locations of the datacenter is available within the report.
RISE with SAP S/4 HANA Cloud, Private Edition, Private
Cloud, Tailored Option, as well as the predecessors, SAP S/4 HANA Cloud
Extended Edition, SAP HANA Enterprise Cloud Advanced Edition, SAP HANA
Enterprise Classic and SAP Credit & Overage HANA Enterprise Cloud Advanced
Edition are fully scalable and secure private managed cloud solutions available
only from SAP. It empowers organizations to unlock the full value of SAP
Enterprise Cloud Services in the cloud — accelerating growth and innovation,
driving IT and business transformation, quickly delivering business outcomes,
and reducing risk. SAP S/4 HANA Cloud, Extended Edition Service is using the
SAP Enterprise Cloud Services architecture and processes but includes also specific SAP products, use rights and services.
The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment. SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP's service organization systems, processes and controls. These narratives are
related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated time period.
RISE with SAP S/4 HANA Cloud, Private Edition, Private Cloud, Tailored Option, as well as the predecessors, SAP S/4 HANA Cloud Extended Edition, SAP HANA Enterprise Cloud Advanced Edition, SAP HANA Enterprise Classic and SAP Credit & Overage HANA Enterprise Cloud Advanced Edition has regularly prepared SOC2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period May, 1st 2021 to October, 31st 2021.
GxP: This report contains the controls for demonstrating compliance with GxP requirements. This controls address additional criteria related to the deployment and quality assurance. The controls have been tested along with the controls put in place for trust principles Security, Availability and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.