SAP Central Cloud Services SOC 2 Audit Report 2025

SAP Central Cloud Services offers Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) to external consumers. These services are also available for general SAP internal consumption along with Infrastructure-as-a-Service (IaaS) capabilities, tools, Data Center Management and other services provided on SAP entity level.

The offerings are available in various distinct regions, including regions with SAP as cloud infrastructure provider and regions with hyperscaler (Amazon Web Services, Microsoft Azure, Google Cloud Platform) as a third-party infrastructure provider.

SAP CCS SOC 2 Type 2 report covers the following services:

: SAP Cloud Infrastructure Services (SAP internal consumption only)
SAP BTP Runtime:
SAP BTP, Neo environment
SAP BTP, Cloud Foundry runtime
SAP BTP, Kyma runtime

SAP BTP ABAP environment
SAP BTP, Kubernetes environment (SAP internal consumption only)
SAP AI Core
SAP AI Launchpad
SAP AI Services, including
Business Entity Recognition
Data Attribute Recommendation
Document Classification
Document Information Extraction
Service Ticket Intelligence
Personalized Recommendation

SAP Alert Notification service for SAP BTP
SAP Analytics Cloud
SAP Application Logging service for SAP BTP
SAP ASE service
SAP Audit Log service
SAP Authorization and Trust Management service
SAP Automation Pilot
SAP Batch Release Hub for Life Sciences
SAP Build Apps
SAP Build Code (in scope since October 1, 2024)
SAP Build Process Automation
SAP Build Work Zone, advanced edition
SAP Build Work Zone, standard edition
SAP Business Accelerator Hub
SAP Business Application Studio
SAP Business Network Asset Collaboration
SAP Business Network for Logistics, including
SAP Business Network Freight Collaboration
SAP Business Network Global Track and Trace
SAP Business Network, intelligent insights add-on
SAP Business Network Material Traceability

SAP Cell and Gene Therapy Orchestration
SAP Cloud Appliance Library
SAP Cloud Application Event Hub
SAP Cloud for Energy
SAP Cloud Identity Access Governance
SAP Cloud Identity Services - Identity Authentication
SAP Cloud Identity Services - Identity Provisioning
SAP Cloud Integration for data services

SAP Cloud Logging
SAP Cloud Management service for SAP BTP
SAP Cloud Portal service
SAP Cloud Transport Management
SAP Connectivity service
SAP Content Agent service
SAP Continuous Integration and Delivery
SAP Conversational AI
SAP Credential Store
SAP Custom Domain service
SAP Data Intelligence Cloud
SAP Data Privacy Integration
SAP Data Quality Management
SAP Data Retention Manager
SAP Datasphere, including SAP BW Bridge
SAP Destination service
SAP Digital Manufacturing
SAP Document Center
SAP Document Management service
SAP Document service
SAP Entitlement Management
SAP Feature Flags service
SAP Fiori Cloud (SAP Fiori)
SAP Forms service by Adobe
SAP Git service
SAP HANA Cloud, including
SAP HANA Cloud, data lake
SAP HANA Cloud, SAP HANA database

SAP HANA service for SAP BTP
SAP HANA spatial services
SAP Health Data Services for FHIR (in scope since October 1, 2024)
SAP HTML5 Application Repository service for SAP BTP
SAP Information Collaboration Hub for Life Sciences
SAP Intelligent Clinical Supply Management
SAP Integration Suite, including
API Management, including Graph
Cloud Integration
Event Mesh
Integration Advisor
Integration Assessment
Migration Assessment
OData Provisioning
Open Connectors
Trading Partner Management

SAP BTP, Java server

SAP Job Scheduling service
SAP Key Management Service
SAP Keystore service
SAP Landscape Management Cloud
SAP Malware Scanning service
SAP Market Communication for Utilities
SAP Market Rates Management
SAP Master Data Governance, cloud edition
SAP Master Data Integration
SAP Mobile Services, including Agentry
SAP Monitoring service for SAP BTP
SAP Multi-Bank Connectivity
SAP Personal Data Manager
SAP Platform Identity Provider service for SAP BTP
SAP Private Link service
SAP Profitability and Performance Management Cloud
SAP Secure Login Service for SAP GUI
SAP Service Manager
SAP Software-as-a-Service Provisioning service
SAP Solutions Lifecycle Management service for SAP BTP
SAP Sports One
SAP Subscription Billing
SAP Task Center
SAP Translation Hub (in scope since October 1, 2024)
SAP Usage Data Management service for SAP BTP
SAP Virtual Machine service
SAP Web IDE
Application Autoscaler
Cloud Integration Automation
Commercial Infrastructure Service (SAP internal consumption only)
Java Debugging for SAP BTP
Java Profiling for SAP BTP
Joule
MongoDB service on SAP BTP (service fully retired since December 2024)
OAuth 2.0 on SAP BTP
Object Store on SAP BTP
PostgreSQL on SAP BTP
PostgreSQL on SAP BTP, hyperscaler option
RabbitMQ on SAP BTP
Redis on SAP BTP
Redis on SAP BTP, hyperscaler option
UI theme designer
UI5 flexibility for key users
Unified Gateway (SAP internal consumption only)

The scope of this report covers the following data centers:
: Canada, Toronto
Germany, Frankfurt
Germany, Walldorf/St. Leon-Rot
Japan, Osaka

Japan, Tokyo
Netherlands, Amsterdam
United Arab Emirates, Dubai
USA, Chandler

USA, Colorado
USA, Sterling / NSQ / Ashburn
: Amazon Web Services

Australia: Melbourne
Australia: Sydney
Bahrain 
Brazil: São Paulo
Canada: Calgary
Canada: Central
China: Beijing 
China: Hong Kong
China: Ningxia
France: Paris 
Germany: Frankfurt
India: Hyderabad
India: Mumbai
Indonesia: Jakarta
Ireland 
Israel: Tel Aviv
Italy: Milan
Japan, Tokyo
Japan: Osaka 
Japan: Tokyo
Malaysia: Cyberjaya
Singapore
South Africa: Cape Town
South Korea: Seoul
Spain
Sweden: Stockholm 
Switzerland: Zurich
Thailand: Bangkok
UK: London
United Arab Emirates 
USA: California 
USA: Ohio
USA: Oregon
USA: Virginia

Google Cloud Platform

Australia: Melbourne
Australia: Sydney
Belgium: St. Ghislain
Brazil: São Paulo
Canada: Montreal
Canada: Toronto
Chile: Santiago
China: Hong Kong
Finland: Hamina
France: Paris
Germany: Berlin
Germany: Frankfurt
India: Delhi
India: Mumbai
Indonesia: Jakarta
Israel: Tel Aviv
Italy: Milan
Italy: Turin
Japan: Osaka
Japan: Tokyo
Mexico: Queretaro
Netherlands: Eemshaven
Poland: Warsaw
Qatar: Doha
Saudi Arabia: Dammam
Singapore: Jurong West
South Africa: Johannesburg
South Korea: Seoul
Spain: Madrid
Switzerland: Zürich
Taiwan: Changhua County
UK: London
USA: Ashburn, VA
USA: Columbus, OH
USA: Council Bluffs, IA
USA: Dallas, TX
USA: Las Vegas, NV
USA: Los Angeles, CA
USA: Moncks Corner, SC
USA: Salt Lake City, UT

Microsoft Azure

Australia: Canberra
Australia: New South Wales
Australia: Victoria
Brazil: Rio de Janeiro
Brazil: São Paulo
Canada: Quebec City
Canada: Toronto
China: Beijing
China: Hebei
China: Hong Kong
China: Jiangsu
China: Shanghai
France: Marseille
France: Paris
Germany: Frankfurt
Germany: Magdeburg
Germany: North
India: Chennai
India: Mumbai
India: Pune
Ireland: Dublin
Israel
Italy: Milan
Japan: Osaka
Japan: Tokyo
Mexico: Queretaro
Netherlands: Amsterdam
Norway: Oslo
Norway: Stavanger
Poland: Warsaw
Qatar: Doha
Singapore
South Africa: Cape Town
South Africa: Johannesburg
South Korea: Busan
South Korea: Seoul
Spain: Madrid
Sweden: Gävle
Sweden: Staffanstorp
Switzerland: Geneva
Switzerland: Zürich
UK: Cardiff
UK: London
United Arab Emirates, Dubai
United Arab Emirates: Abu Dhabi
United Arab Emirates: Dubai
USA: Arizona
USA: California
USA: DoD Central
USA: DoD East
USA: Illinois
USA: Iowa
USA: Quincy, WA
USA: Texas
USA: Virginia
USA: West Central

SOC 2 reports are prepared in accordance with AT-C Section 205 and the International Standard on Assurance Engagements No. 3000. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP LeanIX has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers as of the audit period April 1, 2024 to March 31, 2025, and the trust principles Security, Availability, and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with a non-disclosure agreement in place.

SAP Central Cloud Services SOC 2 Audit Report 2025

List of Services

SAP Data Center Locations

Amazon Web Services, Microsoft Azure, Google Cloud Platform Data Center Locations

Ātrās saites

Tendenču izveide

Par

Informācija par vietni