SAP Trust Center

The scope of this SOC report includes

• RISE with SAP S/4HANA Cloud, Private Edition 
• RISE with SAP S/4HANA Cloud, Private Cloud,
• Tailored Option SAP HANA Enterprise Cloud Credit & Overage, Advanced Edition (BYOL) as well as passive, renewals only options: SAP S/4 HANA Cloud, Extended Edition

This offering has the following predecessors:

• STE (Single Tenant Edition)  
• CPO (Cloud Private Option) 
• CPE (Cloud Private Edition) 
• SAP Credit & Overage HANA Enterprise Cloud Advanced Edition (Subscription) 
• SAP HANA Enterprise Cloud Advanced Edition (Subscription) 
• SAP HANA Enterprise Cloud Classic (Subscription and BYOL)

Services are offered on SAP infrastructure, Amazon Web Services, Microsoft Azure or Google Cloud Platform.  A detailed list of locations of the datacenter is available within the report. RISE with SAP S/4 HANA Cloud, Private Edition, Private Cloud, Tailored Option, as well as the predecessors, SAP S/4 HANA Cloud Extended Edition, SAP HANA Enterprise Cloud Advanced Edition, SAP HANA Enterprise Classic and SAP Credit & Overage HANA Enterprise Cloud Advanced Edition are fully scalable and secure private managed cloud solutions available only from SAP. It empowers organizations to unlock the full value of SAP Enterprise Cloud Services in the cloud — accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. SAP S/4 HANA Cloud, Extended Edition Service is using the SAP Enterprise Cloud Services architecture and processes but includes also specific SAP products, use rights and services.

The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment.  SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP's service organization systems, processes and controls.

These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated time period. 

RISE with SAP S/4 HANA Cloud, Private Edition, Private Cloud, Tailored Option, as well as the predecessors, SAP S/4 HANA Cloud Extended Edition, SAP HANA Enterprise Cloud Advanced Edition, SAP HANA Enterprise Classic and SAP Credit & Overage HANA Enterprise Cloud Advanced Edition has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period April 1st, 2022 to September 30th, 2022, the location Colorado (USA), St. Leon-Rot (Germany), and Walldorf (Germany). GxP: This report contains the controls for demonstrating compliance with GxP requirements. This controls address additional criteria related to the deployment and quality assurance. The controls have been tested along with the controls put in place for trust principles Security, Availability and Confidentiality. 

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.