Skip to Content
تواصل معنا
تحدث معنا الدردشة غير متوفرة

SAP Trust Center

Find the information you need on cloud performance, security, privacy, and compliance.

Compliance

SAP regularly undergoes audits and reviews of its policies and controls, including data security and privacy regulations worldwide.

Compliance Certificates, Reports, and Attestations

SAP offers Service Organizational Control (SOC) reports to provide insights into the design and operating effectiveness of internal control systems implemented within cloud delivery units. For legal reasons, you will need to give further information when requesting some of the SOC reports. For any questions, please click on the contact us box on this page. 

My SAP Trust Center

Additional access to documentation

The support portal edition of the SAP Trust Center extends the public offering by granting access to additional information, documents, and other content available only to SAP customers and partners with a valid SAP user ID. Sign in and learn more. 

  • Statement of Applicability (SoA)
  • Evidence documents from SAP partners

Compliance FAQ's

Frequently Asked Questions

Is SAP ISO certified?

Since 1998 SAP has held an ISO 9001 certificate. We are also certified according to ISO 27001, ISO 22301, and BS 10012. All locations worldwide work according to one common process framework, including data security and privacy regulations. We regularly check compliance though internal reviews and audits.

Learn more

What Exactly Is BS 10012:17 from BSI and What Does It Provide?

It specifies a framework for implementing a personal information management system (PIMS)2 in compliance with the General Data Protection Regulation (GDPR) and mandates the implementation of such a system within corporate security programs. It describes a framework to manage the privacy of personal data and implement necessary policies, procedures, and controls to help ensure compliance with the GDPR.

Read more

What is the difference between a SOC 1 and SOC 2 report?

A SOC 2 report, similar to a SOC 1 report, evaluates internal controls, policies, and procedures. However, the difference is that a SOC 2 reports on controls that directly relate to the security, availability, processing integrity, confidentiality, and privacy at a service organization.

Back to top