SAP Trust Center
SAP Commerce Cloud SOC 2 (ISAE 3000) Audit Report 2022 H1
SAP Commerce Cloud is a digital commerce platform offering a software-as-a-service (SaaS) model in the public cloud. Customers extend and build their own environment on top of the SAP Commerce Cloud core codbase to achieve the desired e-commerce solution. All solutions run within the dedicated hyperscaler subscription of each customer. Customers can perform several self-service tasks through Cloud Portal.
SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Commerce Cloud has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers the period 1. November 2021 to 31. March 2022, for data centers in Virginia (US East), Osaka (Japan), Sydney (Australia East), Melbourne (Australia Southeast), Sao Paolo (Brazil South), Toronto (Canada Central), Quebec City (Canada East), Hong Kong (East Asia), Tokyo (Japan), Dublin (Ireland), San Antonio (Texas), Singapore (Southeast Asia), Amsterdam (West Europe), California (West US), London (South UK), Cardiff (West UK), Pune (India Central), Chennai (India South), Shanghai (China East 2), Beijing (China North 2), Dubai (UAE North), Abu Dhabi (UAE Central), and Mumbai (India West).
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.