Skip to Content

SAP Trust Center

SAP Cloud Platform SOC 2 Audit Report 2020 H1

SAP Cloud Platform is a Business Application Platform-as-a-Service (PaaS) offering. It enables SAP, its partners and customers to develop, deploy, run, operate, and use applications in a cloud environment. 

Additionally, SAP provides and operates Software-as-a-Service (SaaS) solutions on SAP Cloud Platform. Those also leverage the SAP Cloud Platform management system and operational controls. Therefore, everywhere in this system description where referred to SAP Cloud Platform, all services, tools, applications, SaaS solutions, part of or running on SAP Cloud Platform, are included as described in the chapter Service Overview. 

SAP Cloud Platform is a product implemented by SAP, and as such, it follows SAP’s Secure Development Lifecycle framework for product and solution creation, certified with ISO 9001:2015 and ISO 27001:2013.

SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Cloud Platform has regularly prepared SOC2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2019 to 30. April 2020, the location St. Leon–Rot (Germany) and Colorado Springs (Colorado, USA) as well as in the co-location data centers:

Amsterdam (Netherlands)

Shanghai (China)

Ashburn (Virginia, USA)


Council Bluffs (Iowa)

Sterling (Virginia, USA)

Dubai (United Arab Emirates)

Sydney (Australia)

Frankfurt (Germany)

Tokyo (Japan)

Montreal (Canada)

Toronto (Canada)

Moscow (Russian Federation)

US East (Virginia, USA)

Riyadh (Saudi Arabia)

US West (Washington USA)

Sao Paulo (Brazil)

US West, Chandler USA 

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

SAP Cloud Platform SOC2 Type 2 report covers within audit period the following services:

SAP Cloud Platform Runtime

Keystore Service

SAP Cloud Platform Git Service

Authorization & Trust Management Service

Credential Store

Job Scheduler

Connectivity Service

Monitoring Service

Platform Identity Provider

SAP Cloud Platform SAP HANA Service

SAP Cloud Platform Integration

SAP Cloud Platform, ABAP environment

PostgreSQL on SAP Cloud Platform

SAP Cloud Platform Integration for data services

SAP Fiori Cloud

MongoDB on SAP Cloud Platform

SAP Cloud Platform Portal

SAP Fiori Mobile

SAP Cloud Platform SAP ASE service

SAP Document Center

UI Theme Designer

Redis on SAP Cloud Platform

SAP Cloud Platform Mobile Services

Open Connectors

Object Store as a Service

SAP Cloud Platform Identity Provisioning

SAP Cloud Platform OData Provisioning

RabbitMQ on SAP Cloud Platform

SAP Cloud Platform API Management

SAP Cloud Platform WEB IDE

Customer Domain Service

SAP API Business Hub

Workflow Service

Debugging Service

SAP Cloud Platform Identity and Authentication

Forms by Adobe

SAP Cloud Platform Document Service

Application Logging Service

Digital Manufacturing Cloud

Java Apps Lifecycle Management

Feature Flags Service

Enterprise Messaging

Solutions Lifecycle Management

Application Autoscaler Service

Integration Advisor

Profiling Service

Destination Service

Remote Data Sync

OAuth 2.0 Service

SAP Cloud Platform Enhanced Disaster Recovery

SAP Analytics Cloud including SAP Digital Boardroom and SAP Analytics Hub


SAP Cloud Platform Virtual Machine

SAP Kubernetes Gardener 

Back to top