Quality at SAP
Quality from our customers’ perspective
Every SAP employee has a quality assurance role, whether developing software or providing services and support. We cooperate closely with customers, partners, and suppliers, and regularly monitor our customers’ perception of our quality. Our quality culture is based on employee commitment, and we use innovative methods to support continuous product, process, and service quality improvement.
Quality management systems
We have a quality management system in place that defines standardized processes for our organization's global development, services, and IT. These globally applicable processes enable our employees to share and apply best practices to improve quality and customer satisfaction.
Global development ensures that SAP solutions meet the highest possible standards. Our product quality standards are derived from ISO 25010 software quality model.
Services and Support from SAP
SAP provides tailored services to maintain the quality of installed solutions.
The IT teams at SAP ensures the quality and stability of our internal IT infrastructure.
Third-party certification bodies provide independent confirmation that SAP meets the requirements of international standards. Since 1998 SAP has held an ISO 9001 certificate. We are also certified according to ISO 27001, ISO 22301, and BS 10012. All locations worldwide work according to one common process framework, including data security and privacy regulations. We regularly check compliance through internal reviews and audits.
Quality Management System
Personal Information Management System
Business Continuity Management System
Security Management System
Service Organization Control Attestations (SOC)
SAP is committed to third-party validations, standards, and certifications of the policies and procedures we use to maintain our customers’ security, privacy, and data integrity. We maintain several certifications and accreditations to ensure we provide the highest standards of service and reliability to our customers.
Provides the auditor of a user entity’s financial statements information about controls at a service organization that may be relevant to a user entity’s internal control over financial reporting. A Type 2 SOC 1 report includes a detailed description of tests of controls performed by the CPA and the results of the tests.
Note: SOC 1 (ISAE3402 / SSAE16) reports are only available for customers who had live, financially-relevant systems during the last audit period. Please contact your SAP sales representative to attain this report.
Provides management of a service organization, user entities, and others a report about controls at a service organization relevant to the security, availability, or processing integrity of the service organization’s system, or the confidentiality and privacy of the data processed by that system. A Type 2 SOC 2 report includes a detailed description of tests of controls performed by the CPA and the results of the tests.
Provides users and interested parties a report about controls at the service organization related to security, availability, processing integrity, confidentiality, or privacy. SOC 3 reports are a short-form report (i.e., no description of tests of controls and results) and may be used in a service organization’s marketing efforts.
SAP Quality Awards
The SAP Quality Awards celebrate customers who have excelled in the implementation of their SAP software solutions.