SAP Trust Center

The scope of this SOC report includes the SAP S/4HANA Cloud and SAP Marketing Cloud as offered in the primary data centers in Ashburn (US), Colorado Springs (US), Dubai (United Arab Emirates), Frankfurt (Germany), Moscow (Russia), Osaka (Japan), Riyadh (Saudi Arabia), Shanghai (China), St. Leon-Rot (Germany), Sterling (US), Sydney (Australia), Tokyo (Japan), Toronto (Canada) and in Google Cloud Platform data centers Council Bluffs (US), Sao Paulo (Brazil) and Frankfurt (Germany).

SAP S/4HANA Cloud (SAP Business Suite 4 SAP HANA Cloud) is providing a new generation of business applications – simple enterprise software for big data and agility. SAP S/4HANA Cloud is fully built on the in-memory platform SAP HANA. Using the advanced potential of SAP HANA, SAP S/4HANA Cloud is designed for business and provides an instant insight by using a single source of truth, real-time processes as well as by dynamic planning and analysis. With SAP Fiori user experience and less complex data model it is designed to run simple, and in parallel reduces the data footprint of your company. SAP S/4HANA Cloud is also already connected to business networks and company-internal collaboration networks (for example, SAP Jam Collaboration) and prepared for the Internet of things. With all these aspects, SAP is protecting your investments by facilitating next generation business applications. SAP S/4HANA Cloud is available as software-as-a-service.

SAP Marketing Cloud
SAP Marketing Cloud enables marketers to understand the real-time intent of individual customers to dynamically deliver contextually relevant experiences across channels, devices, and throughout the entire customer journey. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system.  SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time. 

SAP S/4HANA has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2020 to 31. October 2020, the primary data centers Ashburn (US), Colorado Springs (US), Dubai (United Arab Emirates), Frankfurt (Germany), Moscow (Russia), Osaka (Japan), Riyadh (Saudi Arabia), Shanghai (China), St. Leon-Rot (Germany), Sterling (US), Sydney (Australia), Tokyo (Japan), Toronto (Canada) and in Google Cloud Platform data centers Council Bluffs (US), Sao Paulo (Brazil) and Frankfurt (Germany) and the trust principle Security, Availability and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.