SAP Business Technology Platform SOC 1 Audit Report 2024 H2
SAP Business Technology Platform (SAP BTP) is a technology platform that brings together application development, data and analytics, integration, automation, and AI capabilities in one unified environment. The platform offers users the ability to turn data into business value, compose end-to-end business processes, and build and extend SAP applications.
The services and solutions of SAP BTP are available on multiple cloud infrastructure providers. The multi-cloud foundation supports different environments, such as Cloud Foundry, ABAP, Kyma, and Neo, as well as multiple different regions and a broad choice of programming languages.
SAP BTP SOC1 Type 2 report covers within audit period the following services:
SAP BTP Runtime:
SAP BTP, Neo runtime
SAP BTP, Cloud Foundry runtime
SAP BTP, Kyma runtime
SAP BTP, ABAP environment
SAP BTP, Kubernetes environment (internal only)
SAP AI Core
SAP AI Launchpad
SAP AI Services:
Business Entity Recognition
Data Attribute Recommendation
Document Classification
Document Information Extraction
Service Ticket Intelligence
Personalized Recommendation
SAP Alert Notification service for SAP BTP
SAP Analytics Cloud
SAP Application Logging Service for SAP BTP
SAP ASE service
SAP Audit Log service
SAP Authorization and Trust Management service
SAP Automation Pilot
SAP Batch Release Hub for Life Sciences
SAP Build Apps
SAP Build Process Automation
SAP Build Work Zone, advanced edition
SAP Build Work Zone, standard edition
SAP Business Accelerator Hub
SAP Business Application Studio
SAP Business Network Asset Collaboration
SAP Business Network for Logistics, including:
SAP Business Network Freight Collaboration
SAP Business Network Global Track and Trace
SAP Business Network Intelligent Insights
SAP Business Network Material Traceability
SAP Cloud Application Event Hub (previous name until September 2024: SAP Event Broker for SAP cloud applications)
SAP Cloud Appliance Library
SAP Cloud for Energy
SAP Cloud Identity Access Governance
SAP Cloud Identity Services - Identity Authentication
SAP Cloud Identity Services - Identity Provisioning
SAP Cloud Integration for data services
SAP Cloud Logging
SAP Cloud Management service for SAP BTP
SAP Cloud Portal service
SAP Cloud Transport Management
SAP Connectivity service
SAP Content Agent service
SAP Continuous Integration and Delivery
SAP Conversational AI
SAP Credential Store
SAP Custom Domain service
SAP Data Intelligence Cloud
SAP Data Privacy Integration
SAP Data Quality Management
SAP Data Retention Manager
SAP Datasphere, including SAP BW Bridge
SAP Destination service
SAP Digital Manufacturing
SAP Document Center
SAP Document Management service
SAP Document service
SAP Entitlement Management
SAP Event Broker for SAP Cloud Applications
SAP Event Mesh
SAP Feature Flags service
SAP Fiori Cloud
SAP Forms service by Adobe
SAP Git service
SAP HANA Cloud, including:
SAP HANA Cloud, data lake
SAP HANA Cloud, SAP HANA database
SAP HANA service for SAP BTP
SAP HANA spatial services
SAP HTML5 Application Repository service for SAP BTP
SAP Information Collaboration Hub
SAP Integration Suite, including:
SAP API Management
Cloud Integration
Graph
Integration Advisor
Open Connectors
SAP Job Scheduling service
SAP Key Management Service
SAP Keystore service
SAP Landscape Management Cloud
SAP Malware Scanning service
SAP Market Communication for Utilities
SAP Market Rates Management
SAP Master Data Governance, cloud edition
SAP Master Data Integration
SAP Mobile Services, including Agentry
SAP Monitoring service for SAP BTP
SAP Multi-Bank Connectivity
SAP OData Provisioning
SAP Personal Data Manager
SAP Platform Identity Provider service for SAP BTP
SAP Private Link service
SAP Profitability and Performance Management Cloud
SAP Secure Login Service for SAP GUI
SAP Service Manager
SAP Software-as-a-Service Provisioning service
SAP Solutions Lifecycle Management service for SAP BTP
SAP Sports One
SAP Subscription Billing
SAP Task Center
SAP Usage Data Management service for SAP BTP
SAP Virtual Machine service
SAP Web IDE
Application Autoscaler
Cloud Integration Automation
Commercial Infrastructure Service (internal only)
Data Attribute Recommendation
Java Application Lifecycle Management for SAP BTP
Java Debugging for SAP BTP
Java Profiling for SAP BTP
Joule
MongoDB on SAP BTP
OAuth 2.0 on SAP BTP
Object Store on SAP BTP
PostgreSQL on SAP BTP / PostgreSQL on SAP BTP, hyperscaler option
RabbitMQ on SAP BTP
Redis on SAP BTP / Redis on SAP BTP, hyperscaler option
UI Theme Designer
UI5 flexibility for key users
Unified Gateway (internal only)
The following regions and their IaaS provider are covered:
| DC Locations | DC Providers |
United Arab Emirates (Dubai) | SAP |
Australia (Sydney) | SAP |
China (Shanghai) | SAP |
Japan (Tokyo) | SAP |
Japan (Osaka) | SAP |
Saudi Arabia (Riyadh) | SAP |
Saudi Arabia (Dammam) | SAP |
Germany (St. Leon-Rot) | SAP |
Germany (Frankfurt) | SAP |
Netherlands (Amsterdam) | SAP |
Brazil (Sao Paulo) | SAP |
Canada (Toronto) | SAP |
USA (Ashburn, VA) | SAP |
USA (Sterling, VA) | SAP |
USA (Colorado Springs) | SAP |
USA (Chandler) | SAP |
USA (N.Virginia) | Amazon Web Services (AWS) |
Canada (Montreal) | Amazon Web Services (AWS) |
Singapore | Amazon Web Services (AWS) |
South Korea (Seoul) | Amazon Web Services (AWS) |
Germany (Frankfurt) | Amazon Web Services (AWS) |
India (Mumbai) | Amazon Web Services (AWS) |
Brazil (São Paulo) | Amazon Web Services (AWS) |
Australia (Sydney) | Amazon Web Services (AWS) |
Japan (Tokyo) | Amazon Web Services (AWS) |
USA (Oregon) | Amazon Web Services (AWS) |
USA (Virginia) | Microsoft Azure (Azure) |
USA(Quincy, WA) | Microsoft Azure (Azure) |
Canada (Toronto) | Microsoft Azure (Azure) |
Netherlands (Amsterdam) | Microsoft Azure (Azure) |
Singapore | Microsoft Azure (Azure) |
Australia (New South Wales) | Microsoft Azure (Azure) |
Japan (Tokyo) | Microsoft Azure (Azure) |
United Arab Emirates (Dubai) | Microsoft Azure (Azure) |
Switzerland (Zurich) | Microsoft Azure (Azure) |
USA (Council Bluffs,IA) | Google Cloud Platform (GCP) |
Germany (Frankfurt) | Google Cloud Platform (GCP) |
India (Mumbai) | Google Cloud Platform (GCP) |
SOC 1 reports are prepared pursuant to AT-C Section 320 and International Standard on Assurance Engagements No. 3402. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors). Please note that this examination's scope does not include the controls and related control objectives of any subservice organizations. SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.
SAP Business Technology Platform has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2024 to 30. September 2024.
The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Business Technology Platform customers who had productive and had financially-relevant systems during the audit period covered by the report.
SAP Business Technology Platform (SAP BTP) is a technology platform that brings together application development, data and analytics, integration, automation, and AI capabilities in one unified environment. The platform offers users the ability to turn data into business value, compose end-to-end business processes, and build and extend SAP applications.
The services and solutions of SAP BTP are available on multiple cloud infrastructure providers. The multi-cloud foundation supports different environments, such as Cloud Foundry, ABAP, Kyma, and Neo, as well as multiple different regions and a broad choice of programming languages.
SAP BTP SOC1 Type 2 report covers within audit period the following services:
SAP BTP Runtime:
SAP BTP, Neo runtime
SAP BTP, Cloud Foundry runtime
SAP BTP, Kyma runtime
SAP BTP, ABAP environment
SAP BTP, Kubernetes environment (internal only)
SAP AI Core
SAP AI Launchpad
SAP AI Services:
Business Entity Recognition
Data Attribute Recommendation
Document Classification
Document Information Extraction
Service Ticket Intelligence
Personalized Recommendation
SAP Alert Notification service for SAP BTP
SAP Analytics Cloud
SAP Application Logging Service for SAP BTP
SAP ASE service
SAP Audit Log service
SAP Authorization and Trust Management service
SAP Automation Pilot
SAP Batch Release Hub for Life Sciences
SAP Build Apps
SAP Build Process Automation
SAP Build Work Zone, advanced edition
SAP Build Work Zone, standard edition
SAP Business Accelerator Hub
SAP Business Application Studio
SAP Business Network Asset Collaboration
SAP Business Network for Logistics, including:
SAP Business Network Freight Collaboration
SAP Business Network Global Track and Trace
SAP Business Network Intelligent Insights
SAP Business Network Material Traceability
SAP Cloud Application Event Hub (previous name until September 2024: SAP Event Broker for SAP cloud applications)
SAP Cloud Appliance Library
SAP Cloud for Energy
SAP Cloud Identity Access Governance
SAP Cloud Identity Services - Identity Authentication
SAP Cloud Identity Services - Identity Provisioning
SAP Cloud Integration for data services
SAP Cloud Logging
SAP Cloud Management service for SAP BTP
SAP Cloud Portal service
SAP Cloud Transport Management
SAP Connectivity service
SAP Content Agent service
SAP Continuous Integration and Delivery
SAP Conversational AI
SAP Credential Store
SAP Custom Domain service
SAP Data Intelligence Cloud
SAP Data Privacy Integration
SAP Data Quality Management
SAP Data Retention Manager
SAP Datasphere, including SAP BW Bridge
SAP Destination service
SAP Digital Manufacturing
SAP Document Center
SAP Document Management service
SAP Document service
SAP Entitlement Management
SAP Event Broker for SAP Cloud Applications
SAP Event Mesh
SAP Feature Flags service
SAP Fiori Cloud
SAP Forms service by Adobe
SAP Git service
SAP HANA Cloud, including:
SAP HANA Cloud, data lake
SAP HANA Cloud, SAP HANA database
SAP HANA service for SAP BTP
SAP HANA spatial services
SAP HTML5 Application Repository service for SAP BTP
SAP Information Collaboration Hub
SAP Integration Suite, including:
SAP API Management
Cloud Integration
Graph
Integration Advisor
Open Connectors
SAP Job Scheduling service
SAP Key Management Service
SAP Keystore service
SAP Landscape Management Cloud
SAP Malware Scanning service
SAP Market Communication for Utilities
SAP Market Rates Management
SAP Master Data Governance, cloud edition
SAP Master Data Integration
SAP Mobile Services, including Agentry
SAP Monitoring service for SAP BTP
SAP Multi-Bank Connectivity
SAP OData Provisioning
SAP Personal Data Manager
SAP Platform Identity Provider service for SAP BTP
SAP Private Link service
SAP Profitability and Performance Management Cloud
SAP Secure Login Service for SAP GUI
SAP Service Manager
SAP Software-as-a-Service Provisioning service
SAP Solutions Lifecycle Management service for SAP BTP
SAP Sports One
SAP Subscription Billing
SAP Task Center
SAP Usage Data Management service for SAP BTP
SAP Virtual Machine service
SAP Web IDE
Application Autoscaler
Cloud Integration Automation
Commercial Infrastructure Service (internal only)
Data Attribute Recommendation
Java Application Lifecycle Management for SAP BTP
Java Debugging for SAP BTP
Java Profiling for SAP BTP
Joule
MongoDB on SAP BTP
OAuth 2.0 on SAP BTP
Object Store on SAP BTP
PostgreSQL on SAP BTP / PostgreSQL on SAP BTP, hyperscaler option
RabbitMQ on SAP BTP
Redis on SAP BTP / Redis on SAP BTP, hyperscaler option
UI Theme Designer
UI5 flexibility for key users
Unified Gateway (internal only)
The following regions and their IaaS provider are covered:
| DC Locations | DC Providers |
United Arab Emirates (Dubai) | SAP |
Australia (Sydney) | SAP |
China (Shanghai) | SAP |
Japan (Tokyo) | SAP |
Japan (Osaka) | SAP |
Saudi Arabia (Riyadh) | SAP |
Saudi Arabia (Dammam) | SAP |
Germany (St. Leon-Rot) | SAP |
Germany (Frankfurt) | SAP |
Netherlands (Amsterdam) | SAP |
Brazil (Sao Paulo) | SAP |
Canada (Toronto) | SAP |
USA (Ashburn, VA) | SAP |
USA (Sterling, VA) | SAP |
USA (Colorado Springs) | SAP |
USA (Chandler) | SAP |
USA (N.Virginia) | Amazon Web Services (AWS) |
Canada (Montreal) | Amazon Web Services (AWS) |
Singapore | Amazon Web Services (AWS) |
South Korea (Seoul) | Amazon Web Services (AWS) |
Germany (Frankfurt) | Amazon Web Services (AWS) |
India (Mumbai) | Amazon Web Services (AWS) |
Brazil (São Paulo) | Amazon Web Services (AWS) |
Australia (Sydney) | Amazon Web Services (AWS) |
Japan (Tokyo) | Amazon Web Services (AWS) |
USA (Oregon) | Amazon Web Services (AWS) |
USA (Virginia) | Microsoft Azure (Azure) |
USA(Quincy, WA) | Microsoft Azure (Azure) |
Canada (Toronto) | Microsoft Azure (Azure) |
Netherlands (Amsterdam) | Microsoft Azure (Azure) |
Singapore | Microsoft Azure (Azure) |
Australia (New South Wales) | Microsoft Azure (Azure) |
Japan (Tokyo) | Microsoft Azure (Azure) |
United Arab Emirates (Dubai) | Microsoft Azure (Azure) |
Switzerland (Zurich) | Microsoft Azure (Azure) |
USA (Council Bluffs,IA) | Google Cloud Platform (GCP) |
Germany (Frankfurt) | Google Cloud Platform (GCP) |
India (Mumbai) | Google Cloud Platform (GCP) |
SOC 1 reports are prepared pursuant to AT-C Section 320 and International Standard on Assurance Engagements No. 3402. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors). Please note that this examination's scope does not include the controls and related control objectives of any subservice organizations. SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.
SAP Business Technology Platform has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2024 to 30. September 2024.
The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Business Technology Platform customers who had productive and had financially-relevant systems during the audit period covered by the report.