SAP Central Cloud Services SOC 1 Audit Report 2025 H1

SAP Central Cloud Services offers Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) to external consumers. These services are also available for general SAP internal consumption along with Infrastructure-as-a-Service (IaaS) capabilities, tools, Data Center Management and other services provided on SAP entity level.

The offerings are available in various distinct regions, including regions with SAP as cloud infrastructure provider and regions with hyperscaler (Amazon Web Services, Microsoft Azure, Google Cloud Platform) as a third-party infrastructure provider.

 

SAP CCS SOC 1 Type 2 report covers the following services:

  • SAP Cloud Infrastructure Services

  • SAP BTP Runtime: 

    • SAP BTP, Neo environment

    • SAP BTP, Cloud Foundry runtime

    • SAP BTP, Kyma runtime

  • SAP BTP ABAP environment 

  • SAP BTP, Kubernetes environment (SAP internal consumption only) 

  • SAP AI Core 

  • SAP AI Launchpad 

  • SAP AI Services, including 

    • Business Entity Recognition 

    • Data Attribute Recommendation 

    • Document Classification 

    • Document Information Extraction 

    • Service Ticket Intelligence 

    • Personalized Recommendation 

  • SAP Alert Notification service for SAP BTP 

  • SAP Analytics Cloud 

  • SAP Application Logging service for SAP BTP 

  • SAP ASE service 

  • SAP Audit Log service 

  • SAP Authorization and Trust Management service 

  • SAP Automation Pilot 

  • SAP Batch Release Hub for Life Sciences 

  • SAP Build Apps 

  • SAP Build Code

  • SAP Build Process Automation 

  • SAP Build Work Zone, advanced edition 

  • SAP Build Work Zone, standard edition 

  • SAP Business Accelerator Hub 

  • SAP Business Application Studio 

  • SAP Business Network Asset Collaboration 

  • SAP Business Network for Logistics, including 

    • SAP Business Network Freight Collaboration 

    • SAP BusinessNetwork Global Track and Trace 

    • SAP Business Network, intelligent insights add-on 

    • SAP Business Network Material Traceability

  • SAP Cell and Gene Therapy Orchestration   

  • SAP Cloud Appliance Library 

  • SAP Cloud Application Event Hub 

  • SAP Cloud for Energy 

  • SAP Cloud Identity Access Governance 

  • SAP Cloud Identity Services - Identity Authentication 

  • SAP Cloud Identity Services - Identity Provisioning 

  • SAP Cloud Integration for data services 

  • SAP Cloud Logging 

  • SAP Cloud Management service for SAP BTP

  • SAP Cloud Portal service

  • SAP Cloud Transport Management

  • SAP Connectivity service 

  • SAP Content Agent service 

  • SAP Continuous Integration and Delivery 

  • SAP Conversational AI 

  • SAP Credential Store 

  • SAP Custom Domain service 

  • SAP Data Intelligence Cloud 

  • SAP Data Privacy Integration 

  • SAP Data Quality Management 

  • SAP Data Retention Manager 

  • SAP Datasphere, including SAP BW Bridge 

  • SAP Destination service 

  • SAP Digital Manufacturing  

  • SAP Document Center 

  • SAP Document Management service  

  • SAP Document service 

  • SAP Entitlement Management 

  • SAP Event Mesh 

  • SAP Feature Flags service 

  • SAP Fiori Cloud (SAP Fiori) 

  • SAP Forms service by Adobe 

  • SAP Git service 

  • SAP HANA Cloud, including 

    • SAP HANA Cloud, data lake  

    • SAP HANA Cloud, SAP HANA database 

  • SAP HANA service for SAP BTP 

  • SAP HANA spatial services 

  • SAP Health Data Services for FHIR

  • SAP HTML5 Application Repository service for SAP BTP 

  • SAP Information Collaboration Hub 

  • SAP Intelligent Clinical Supply Management 

  • SAP Integration Suite, including 

    • API Management 

    • Cloud Integration 

    • Graph 

    • Integration Advisor 

    • Integration Assessment 

    • Migration Assessment 

    • OData Provisioning 

    • Open Connectors 

    • Trading Partner Management 

  • SAP BTP, Java server

  • SAP Job Scheduling service

  • SAP Key Management Service 

  • SAP Keystore service 

  • SAP Landscape Management Cloud 

  • SAP Malware Scanning service 

  • SAP Market Communication for Utilities 

  • SAP Market Rates Management 

  • SAP Master Data Governance, cloud edition 

  • SAP Master Data Integration 

  • SAP Mobile Services, including Agentry 

  • SAP Monitoring service for SAP BTP 

  • SAP Multi-Bank Connectivity 

  • SAP Personal Data Manager 

  • SAP Platform Identity Provider service for SAP BTP 

  • SAP Private Link service 

  • SAP Profitability and Performance Management Cloud 

  • SAP Secure Login Service for SAP GUI 

  • SAP Service Manager 

  • SAP Software-as-a-Service Provisioning service 

  • SAP Solutions Lifecycle Management service for SAP BTP 

  • SAP Sports One 

  • SAP Subscription Billing 

  • SAP Task Center 

  • SAP Translation Hub

  • SAP Usage Data Management service for SAP BTP 

  • SAP Virtual Machine service 

  • SAP Web IDE 

  • Application Autoscaler 

  • Cloud Integration Automation 

  • Commercial Infrastructure Service

  • Java Debugging for SAP BTP 

  • Java Profiling for SAP BTP 

  • Joule  

  • MongoDB service on SAP BTP

  • OAuth 2.0 on SAP BTP 

  • Object Store on SAP BTP 

  • PostgreSQL on SAP BTP  

  • PostgreSQL on SAP BTP, hyperscaler option 

  • RabbitMQ on SAP BTP 

  • Redis on SAP BTP  

  • Redis on SAP BTP, hyperscaler option 

  • UI theme designer 

  • UI5 flexibility for key users 

  • Unified Gateway

The scope of this report covers the following data centers:

  • Austria: Vienna

  • Australia: New South Wales 

  • Australia: Sydney

  • Brazil: São Paulo 

  • Canada: Central 

  • Canada: Toronto

  • China: Shanghai

  • Germany: Frankfurt 

  • Germany: Walldorf / Rot

  • India: Mumbai 

  • Ireland: Dublin

 

  • Japan: Osaka 

  • Japan: Tokyo 

  • Malaysia: Kuala Lumpur

  • Malaysia: Selangor 

  • Netherlands: Amsterdam

  • Saudi Arabia: Dammam 

  • Saudi Arabia: Riyadh

  • Singapore

  • South Korea: Seoul 

  • Switzerland: Zurich 

  • United Arab Emirates: Dubai 

 

  • USA: Ashburn, VA

  • USA: Chandler

  • USA: Colorado 

  • USA: Council Bluffs, IA 

  • USA: N. Virginia 

  • USA: Oregon

  • USA: Philadelphia, PA

  • USA: Quincy, WA 

  • USA: Sterling/NSQ/Ashburn

  • USA: Sacramento, CA 

  • USA: Santa Clara, CA 

  • USA: Virginia

Google Cloud Platform

  • Australia: Melbourne 

  • Australia: Sydney 

  • Belgium: St. Ghislain 

  • Brazil: São Paulo 

  • Canada: Montreal 

  • Canada: Toronto 

  • Chile: Santiago 

  • China: Hong Kong 

  • Finland: Hamina 

  • France: Paris 

  • Germany: Berlin 

  • India: Delhi 

  • Indonesia: Jakarta 

  • Israel: Tel Aviv

  • Italy: Milan 

  • Italy: Turin 

  • Japan: Osaka 

  • Japan: Tokyo 

  • Mexico: Queretaro

  • Netherlands: Eemshaven 

  • Poland: Warsaw 

  • Qatar: Doha 

  • Saudi Arabia: Dammam  

  • Singapore: Jurong West 

  • South Africa: Johannesburg 

  • South Korea: Seoul 

  • Spain: Madrid 

  • Switzerland: Zürich 

  • Taiwan: Changhua County 

  • UK: London 

  • USA: Ashburn, VA 

  • USA: Columbus, OH 

  • USA: Dallas, TX

  • USA: Las Vegas, NV 

  • USA: Los Angeles, CA 

  • USA: Moncks Corner, SC 

  • USA: Salt Lake City, UT 

  • USA: The Dalles, OR 

Amazon Web Services

  • Australia: Melbourne 

  • Bahrain 

  • Calgary 

  • China: Beijing 

  • China: Hong Kong 

  • China: Ningxia 

  • France: Paris 

  • India: Hyderabad 

  • Indonesia: Jakarta 

  • Ireland 

  • Israel: Tel Aviv 

  • Italy: Milan 

  • Japan: Osaka 

  • Malaysia: Cyberjaya

  • South Africa: Cape Town 

  • Spain 

  • Sweden: Stockholm 

  • Switzerland: Zurich 

  • UK: London 

  • United Arab Emirates 

  • USA: N. California 

  • USA: Ohio 

Microsoft Azure

  • Australia: Canberra 

  • Australia: Victoria 

  • Brazil: Rio de Janeiro 

  • Brazil: São Paulo 

  • Canada: Quebec City 

  • China: Beijing 

  • China: Hebei 

  • China: Hong Kong 

  • China: Jiangsu 

  • China: Shanghai 

  • France: Marseille 

  • France: Paris 

  • Germany: Frankfurt 

  • Germany: Magdeburg 

  • Germany: North 

  • India: Chennai 

  • India: Mumbai 

  • India: Pune 

  • Ireland: Dublin 

  • Israel 

  • Italy: Milan 

  • Japan: Osaka

  • Mexico: Queretaro

  • Norway: Oslo 

  • Norway: Stavanger 

  • Poland: Warsaw 

  • Qatar: Doha 

  • South Africa: Cape Town 

  • South Africa: Johannesburg 

  • South Korea: Busan 

  • South Korea: Seoul 

  • Spain: Madrid 

  • Sweden: Gävle 

  • Sweden: Staffanstorp 

  • Switzerland: Geneva 

  • UK: Cardiff 

  • UK: London 

  • United Arab Emirates: Abu Dhabi 

  • USA: Arizona 

  • USA: California 

  • USA: DoD Central 

  • USA: DoD East 

  • USA: Illinois 

  • USA: Iowa 

  • USA: Texas 

  • USA: Virginia 

  • USA: West Central 

SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, under Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors).  Please note that this examination's scope does not include the controls and related control objectives of any subservice organizations. SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.

 

SAP Central Cloud Services has prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. October 2024 to 31. March 2025.

 

The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Central Cloud Services customers who had productive and had financially-relevant systems during the audit period covered by the report.