SAP Business Technology Platform (SAP BTP) is a technology platform that brings together application development, data and analytics, integration, automation, and AI capabilities in one unified environment. The platform offers users the ability to turn data into business value, compose end-to-end business processes, and build and extend SAP applications. The services and solutions of SAP BTP are available on multiple cloud infrastructure providers. The multi-cloud foundation supports different environments, such as Cloud Foundry, ABAP, Kyma, and Neo, as well as multiple different regions and a broad choice of programming languages.

The Cloud Computing Compliance Controls Catalogue (abbreviated “C5”) is intended primarily for cloud service providers as well as their customers and auditors. It is defined which requirements (also referred to as controls in this context) the cloud providers have to comply with or which minimum requirements the cloud providers should be obliged to meet. The catalogue is divided into 17 thematic sections (e.g. organization of information security, physical security). The surrounding parameters provide additional information on the data location, provision of services, place of jurisdiction, certifications and duties of investigation and disclosure towards government agencies and contain a system description.

SAP Business Technology Platform has prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period November 1, 2021 to September 30, 2022.