SAP Central Cloud Services SOC 1 Audit Report 2026 H1

SAP Central Cloud Services offers Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) to external consumers. These services are also available for general SAP internal consumption along with Infrastructure-as-a-Service (IaaS) capabilities, tools, Data Center Management and other services provided on SAP entity level.

 

The offerings are available in various distinct regions, including regions with SAP as cloud infrastructure provider and regions with hyperscaler (Amazon Web Services, Microsoft Azure, Google Cloud Platform) as a third-party infrastructure provider.

  • SAP Cloud Infrastructure Services

  • SAP BTP Runtime: 

    • SAP BTP, Neo environment

    • SAP BTP, Cloud Foundry runtime

    • SAP BTP, Kyma runtime

  • SAP BTP ABAP environment

  • SAP BTP, Kubernetes environment (SAP internal consumption only) 

  • SAP AI Core 

  • SAP AI Launchpad 

  • SAP AI Services, including 

    • Business Entity Recognition 

    • Data Attribute Recommendation 

    • Document Classification 

    • Document Information Extraction 

    • Service Ticket Intelligence 

    • Personalized Recommendation 

  • SAP Alert Notification service for SAP BTP 

  • SAP Analytics Cloud 

  • SAP Application Logging service for SAP BTP 

  • SAP ASE service 

  • SAP Audit Log service 

  • SAP Authorization and Trust Management service 

  • SAP Automation Pilot 

  • SAP Batch Release Hub for Life Sciences 

  • SAP Build Apps 

  • SAP Build Code

  • SAP Build Process Automation 

  • SAP Build Work Zone, advanced edition 

  • SAP Build Work Zone, standard edition 

  • SAP Business Accelerator Hub 

  • SAP Business Application Studio 

  • SAP Business Network Asset Collaboration 

  • SAP Business Network for Logistics, including 

    • SAP Business Network Freight Collaboration 

    • SAP BusinessNetwork Global Track and Trace 

    • SAP Business Network, intelligent insights add-on 

    • SAP Business Network Material Traceability

  • SAP Cell and Gene Therapy Orchestration   

  • SAP Cloud Appliance Library 

  • SAP Cloud Application Event Hub

  • SAP Cloud Application Services 

  • SAP Cloud for Energy 

  • SAP Cloud Identity Access Governance 

  • SAP Cloud Identity Services - Identity Authentication 

  • SAP Cloud Identity Services - Identity Provisioning 

  • SAP Cloud Integration for data services 

  • SAP Cloud Logging 

  • SAP Business Data Cloud

  • SAP Customer Data Cloud

  • SAP Customer Data Platform

  • SAP Cloud Management service for SAP BTP

  • SAP Cloud Portal service

  • SAP Cloud Transport Management

  • SAP Connectivity service

  • SAP Content Agent service

  • SAP Continuous Integration and Delivery

  • SAP Conversational AI

  • SAP Credential Store

  • SAP Custom Domain service 

  • SAP Data Custodian Key Management Service

  • SAP Data Intelligence Cloud 

  • SAP Data Privacy Integration 

  • SAP Data Quality Management 

  • SAP Data Retention Manager 

  • SAP Datasphere, including SAP BW Bridge 

  • SAP Destination service 

  • SAP Digital Manufacturing  

  • SAP Document AI under SAP AI services

  • SAP Document Center 

  • SAP Document Management service  

    • SAP Document Management Service, integration option 

    • SAP Document Management Service, application option

  • SAP Document service 

  • SAP Entitlement Management 

  • SAP Feature Flags service 

  • SAP Fiori Cloud (SAP Fiori) 

  • SAP Forms service by Adobe 

  • SAP Git service 

  • SAP HANA Cloud, including 

    • SAP HANA Cloud, data lake  

    • SAP HANA Cloud, SAP HANA database 

  • SAP HANA service for SAP BTP 

  • SAP HANA spatial services 

  • SAP Health Data Services for FHIR

  • SAP HTML5 Application Repository service for SAP BTP 

  • SAP Intelligent Clinical Supply Management 

  • SAP Integration Suite, including 

    • API Management ; including Graph

    • Cloud Integration 

    • Event Mesh

    • Integration Advisor 

    • Integration Assessment 

    • Migration Assessment 

    • OData Provisioning 

    • Open Connectors 

    • Trading Partner Management 

 

  • SAP Job Scheduling service

  • SAP Keystore service

  • SAP Landscape Management Cloud

  • SAP Malware Scanning service

  • SAP Market Communication for Utilities 

  • SAP Market Rates Management 

  • SAP Master Data Governance, cloud edition 

  • SAP Master Data Integration 

  • SAP Mobile Services, including Agentry 

  • SAP Monitoring service for SAP BTP 

  • SAP Multi-Bank Connectivity 

  • SAP Personal Data Manager 

  • SAP Platform Identity Provider service for SAP BTP 

  • SAP Private Link service 

  • SAP Profitability and Performance Management Cloud 

  • SAP Sustainability Control Tower

  • SAP Secure Login Service for SAP GUI 

  • SAP Service Manager 

  • SAP Software-as-a-Service Provisioning service 

  • SAP Solutions Lifecycle Management service for SAP BTP 

  • SAP Sports One 

  • SAP Subscription Billing 

  • SAP Task Center 

  • SAP Translation Hub

  • SAP Traceability Hub, including

    • SAP Traceability Hub Connectivity

    • SAP Traceability Hub Regulatory Reporting

    • SAP Traceability Hub Repository

  • SAP Usage Data Management service for SAP BTP 

  • SAP Virtual Machine service 

  • SAP Web IDE 

  • Application Autoscaler

  • Business Data Orchestration

  • Cloud Integration Automation 

  • Commercial Infrastructure Service

  • Java Debugging for SAP BTP 

  • Java Profiling for SAP BTP 

  • Joule 

  • OAuth 2.0 on SAP BTP 

  • Object Store on SAP BTP  

  • PostgreSQL on SAP BTP, hyperscaler option 

  • RabbitMQ on SAP BTP   

  • Redis on SAP BTP, hyperscaler option 

  • UI theme designer 

  • UI5 flexibility for key users 

  • Unified Gateway

The scope of this report covers the following data centers:

  • Austria: Vienna

  • Australia: New South Wales 

  • Australia: Sydney

  • Brazil: São Paulo 

  • Canada: Central 

  • Canada: Toronto

  • China: Hebei

  • China: Shanghai

  • Germany: Frankfurt 

  • Germany: Walldorf / Rot

  • India: Mumbai 

  • Ireland: Dublin

 

  • Japan: Osaka 

  • Japan: Tokyo 

  • Malaysia: Kuala Lumpur

  • Malaysia: Selangor 

  • Netherlands: Amsterdam

  • Saudi Arabia: Dammam 

  • Saudi Arabia: Riyadh

  • Singapore

  • South Korea: Seoul 

  • Switzerland: Zurich 

  • United Arab Emirates: Dubai 

 

  • USA: Ashburn, VA

  • USA: Chandler

  • USA: Colorado 

  • USA: Council Bluffs, IA 

  • USA: N. Virginia 

  • USA: Oregon

  • USA: Philadelphia, PA

  • USA: Quincy, WA 

  • USA: Sterling/NSQ/Ashburn

  • USA: Sacramento, CA 

  • USA: Santa Clara, CA 

  • USA: Virginia

SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, under Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors).  Please note that this examination's scope does not include the controls and related control objectives of any subservice organizations. SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.

 

SAP Central Cloud Services has prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. October 2025 to 31. March 2026.

 

The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Central Cloud Services customers who had productive and had financially-relevant systems during the audit period covered by the report.