The scope of this SOC report includes the SAP Qualtrics as offered in the data centers Ashburn (Virginia, USA), San Jose (California, USA), Toronto (Canada), Montreal (Canada), Frankfurt (Germany), Sydney (Australia) and United States (GovCloud).
The Qualtrics XM Platform is a web-based application that allows clients to create surveys and then collect, analyze, and store the data produced from those surveys. Clients can use the application to collect and analyze customer, employee, and community feedback to improve services and engagement for both external customers and internal customers. The Qualtrics XM Platform enables multiple clients to collect and analyze survey data within a single enterprise system, allowing all levels of the client or department to have access to important feedback data.
The XM Platform includes an array of services that can be utilized to track, manage, and improve the experience of external and internal customers, such as: CoreXM, Customer Experience, Employee Experience, Site Intercept, Actions and Tickets, Data Analytics and Reports and Dashboards.
SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Qualtrics has prepared SOC2 Type 1 audit report by an independent 3rd party accountant. This version of the report is as of 31 October 2019, the locations Ashburn (Virginia, USA), San Jose (California, USA), Toronto (Canada), Montreal (Canada), Frankfurt (Germany), Sydney (Australia) and United States (GovCloud) and the trust principles Security, Availability and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.