This report covers SAP Customer Data Solutions (CDS) which encompasses the two products SAP Customer Data Cloud (CDC) and SAP Customer Data Platform (CDP).

SAP Customer Data Cloud (CDC) is a provider of Customer Identity, Consent & Profile management solutions. CDC helps companies build customer relationships, identify customers across different devices, consolidate data into customer profiles and integrate data into marketing and service applications

SAP Customer Data Platform (CDP) was designed for social identities, use of mobile devices, consumer privacy and marketing. CDP provides developers with APIs to build and maintain registration, authentication, profile management, data analytics and third-party integration. Each customer's site has a unique API key, which is used for identification.

The SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls.  These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems that are used to process users’ data and the confidentiality and privacy of the information processed by these systems.  Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight.  SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Customer Data Solutions has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2022 to 31. March 2023, in the data center locations, Northern Virginia (USA), Dublin (Ireland), Sydney (Australia), Amsterdam (Netherlands), Virginia (USA), and Shanghai (China), and the trust principles Security, Availability, and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.