The scope of this SOC report includes SAP Multi-Bank Connectivity is hosted in SAP SE's data center St. Leon–Rot, Germany as well as in co-locations Frankfurt, Germany and Amsterdam, Netherlands.
SAP Multi-Bank Connectivity (MBC) is a Software-as-a-Service (SaaS) solution running on SAP Cloud Platform (SCP), connecting financial services institutions (defined as a licensed financial institution authorized to facilitate account withdrawals/deposits and act as an intermediary in financial transactions) with their respective corporate customers (defined as a recognized entity or ‘Line of Business’, with legal existence, of a corporation which conducts business for said corporation) through a secure network owned and managed by SAP. This managed network offers a multitude of integration services provided over a single channel, while simultaneously supporting and facilitating further development and expansion. As key benefits, the MBC solution automates financial transaction transmission, mandates strong security guidelines, reduces payment rejection rates, and provides enhanced visibility to the involved corporate treasury. It combines SAPs expertise in applications, analytics, and in-memory computing to provide a standardized technology for financial institutions and their corporate customers through a platform that accommodates future integration needs.
SOC1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC1 engagement. SOC1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Multi-Bank Connectivity has regularly prepared SOC1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2019 to 31. October 2020 and the location St. Leon–Rot, Germany as well as in co-locations Frankfurt, Germany and Amsterdam, Netherlands.
The use of these reports is restricted. A copy of this report is available for all SAP Multi-Bank Connectivity customers who had productive and had financially-relevant systems during the audit period covered by the report.