The scope of this SOC report includes the SAP Qualtrics solutions as offered for the live productive customer systems that are hosted at the Co-Location as well as AWS data centers Ashburn, Virginia USA; San Jose, California USA; Toronto, Canada; Montreal, Canada; Frankfurt, Germany; Sydney, Australia and United States (GovCloud).
The Qualtrics XM Platform is a web-based application that allows clients to create surveys and then collect, analyze, and store the data produced from those surveys. Clients can use the application to collect and analyze customer, employee, and community feedback to improve services and engagement for both external and internal stakeholders. The Qualtrics XM Platform enables multiple clients to collect and analyze survey data within a single enterprise system, allowing all levels of the client or department to have access to important feedback data.
Qualtrics creates a library where each client can store question templates, graphics, messages, and files to be used in building surveys and sending messages to participants. Clients can integrate data from other sources, such as their customer relationship management (CRM) tools and produce and share reports. They can upload a list of contacts as a CSV file or manually enter or edit contacts. Clients can also view the complete history of interactions that they have had with their contacts via emails or survey responses.
SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Qualtrics has prepared SOC2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2019 to 30. April 2020 and the trust principles Security, Availability and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.