SAP Cloud Platform is the SAP Business Application Platform-as-a-Service (PaaS) offering. As an essential part of SAP’s cloud strategy, it enables SAP and its partners and customers to develop, deploy, run, operate, and use applications in a cloud environment. The cloud platform is built to enable interoperability and at the same time to ensure security and integrity required by applications operating in a distributed network environment.
SAP Cloud Platform is a multitenant public cloud offering which allows application providers, including SAP itself, to build lightweight, collaborative, network-oriented applications to complement and extend existing SAP solutions.
SAP Cloud Platform consists of services that are offered on different infrastructures, leveraging SAP infrastructures or external Infrastructure-as-a-Service (IaaS) provider.
SAP Cloud Platform is a product implemented by SAP, and as such, it uses the Innovation Cycle framework for product and solution creation, certified with ISO 9001:2015.
SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Cloud Platform has regularly prepared SOC2 Type 2 audit reports by an independent 3rd party accountant.
This version of the report covers the audit period 1. May 2019 to 31. October 2019, the location St. Leon–Rot (Germany) as well as in the co-location data centers:
Amsterdam (Netherlands) |
Sao Paulo (Brazil) |
Ashburn (Virginia, USA) |
Shanghai (China) |
Colorado Springs (Colorado, USA) |
Singapore |
Council Bluffs (Iowa) |
Sterling (Virginia, USA) |
Dubai (United Arab Emirates) |
Sydney (Australia) |
Frankfurt (Germany) |
Tokyo (Japan) |
Montreal (Canada) |
Toronto (Canada) |
Moscow (Russian Federation) |
US East (Virginia, USA) |
Phoenix (Arizona, USA) |
US West (Washington USA) |
Riyadh (Saudi Arabia) |
|
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.
SAP Cloud Platform SOC2 Type 2 report covers within audit period the following services:
SAP Cloud Platform Runtime |
Profiling Service |
Application Autoscaler Service |
Authorization & Trust Management Service |
OAuth 2.0 Service |
Destination Service |
Connectivity Service |
Keystore Service |
SAP Cloud Platform Enhanced Disaster Recovery |
SAP Cloud Platform SAP HANA Service |
Credential Store |
SAP Cloud Platform Virtual Machine |
PostgreSQL on SAP Cloud Platform |
Monitoring Service |
SAP Cloud Platform Git Service |
MongoDB on SAP Cloud Platform |
SAP Cloud Platform Integration |
Job Scheduler |
SAP Cloud Platform SAP ASE service |
SAP Cloud Platform Integration for data services |
Platform Identity Provider |
Redis on SAP Cloud Platform |
SAP Cloud Platform Portal |
SAP Cloud Platform, ABAP environment |
Object Store as a Service |
SAP Document Center |
SAP Fiori Cloud |
RabbitMQ on SAP Cloud Platform |
SAP Cloud Platform Mobile Services |
SAP Fiori Mobile |
Customer Domain Service |
SAP Cloud Platform Identity Provisioning |
UI Theme Designer |
Debugging Service |
SAP Cloud Platform API Management |
Open Connectors |
SAP Cloud Platform Document Service |
SAP Cloud Platform Identity and Authentication |
SAP Cloud Platform OData Provisioning |
Java Apps Lifecycle Management |
Application Logging Service |
SAP Cloud Platform WEB IDE |
Solutions Lifecycle Management |
Feature Flags Service |
SAP Analytics Cloud including SAP Digital Boardroom and SAP Analytics Hub |
|
|
SAP Kubernetes Gardener |