Skip to Content

SAP Trust Center

SAP Ariba SOC 1 (ISAE 3402) Audit Report 2022 H1

SAP Ariba, an SAP Company is a leading provider of on-demand spend management solutions. SAP Ariba’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage, and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance.

Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment.  SAP Ariba has deployed in regional data centers in Shanghai (China), Amsterdam (Netherlands), Riyadh (Saudi Arabia), San Jose, California (USA), Moscow (Russia), and Dubai (UAE).

SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC 1 engagement. 

SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Ariba has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2021 to 31. March 2022, the locations Shanghai (China), Amsterdam (Netherlands), Riyadh (Saudi Arabia), San Jose, California (USA), Moscow (Russia), and Dubai (UAE).

The use of these reports is restricted. A copy of this report is available for all SAP Ariba customers who had productive and had financially-relevant systems during the audit period covered by the report.

SAP Ariba, an SAP Company is a leading provider of on-demand spend management solutions. SAP Ariba’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage, and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance.

Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment.  SAP Ariba has deployed in regional data centers in Shanghai (China), Amsterdam (Netherlands), Riyadh (Saudi Arabia), San Jose, California (USA), Moscow (Russia), and Dubai (UAE).

SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC 1 engagement. 

SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Ariba has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2021 to 31. March 2022, the locations Shanghai (China), Amsterdam (Netherlands), Riyadh (Saudi Arabia), San Jose, California (USA), Moscow (Russia), and Dubai (UAE).

The use of these reports is restricted. A copy of this report is available for all SAP Ariba customers who had productive and had financially-relevant systems during the audit period covered by the report.

Back to top