SAP Cloud Platform is a Business Application Platform-as-a-Service (PaaS) offering. It enables SAP, its partners and customers to develop, deploy, run, operate, and use applications in a cloud environment.
Additionally, SAP provides and operates Software-as-a-Service (SaaS) solutions on SAP Cloud Platform. Those also leverage the SAP Cloud Platform management system and operational controls. Therefore, everywhere in this system description where referred to SAP Cloud Platform, all services, tools, applications, SaaS solutions, part of or running on SAP Cloud Platform, are included as described in the chapter Service Overview.
SAP Cloud Platform is a product implemented by SAP, and as such, it follows SAP’s Secure Development Lifecycle framework for product and solution creation, certified with ISO 9001:2015 and ISO 27001:2013.
SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Cloud Platform has regularly prepared SOC2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2019 to 30. April 2020, the location St. Leon–Rot (Germany) and Colorado Springs (Colorado, USA) as well as in the co-location data centers:
Amsterdam (Netherlands) |
Shanghai (China) |
Ashburn (Virginia, USA) |
Singapore |
Council Bluffs (Iowa) |
Sterling (Virginia, USA) |
Dubai (United Arab Emirates) |
Sydney (Australia) |
Frankfurt (Germany) |
Tokyo (Japan) |
Montreal (Canada) |
Toronto (Canada) |
Moscow (Russian Federation) |
US East (Virginia, USA) |
Riyadh (Saudi Arabia) |
US West (Washington USA) |
Sao Paulo (Brazil) |
US West, Chandler USA |
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.
SAP Cloud Platform SOC2 Type 2 report covers within audit period the following services:
SAP Cloud Platform Runtime |
Keystore Service |
SAP Cloud Platform Git Service |
Authorization & Trust Management Service |
Credential Store |
Job Scheduler |
Connectivity Service |
Monitoring Service |
Platform Identity Provider |
SAP Cloud Platform SAP HANA Service |
SAP Cloud Platform Integration |
SAP Cloud Platform, ABAP environment |
PostgreSQL on SAP Cloud Platform |
SAP Cloud Platform Integration for data services |
SAP Fiori Cloud |
MongoDB on SAP Cloud Platform |
SAP Cloud Platform Portal |
SAP Fiori Mobile |
SAP Cloud Platform SAP ASE service |
SAP Document Center |
UI Theme Designer |
Redis on SAP Cloud Platform |
SAP Cloud Platform Mobile Services |
Open Connectors |
Object Store as a Service |
SAP Cloud Platform Identity Provisioning |
SAP Cloud Platform OData Provisioning |
RabbitMQ on SAP Cloud Platform |
SAP Cloud Platform API Management |
SAP Cloud Platform WEB IDE |
Customer Domain Service |
SAP API Business Hub |
Workflow Service |
Debugging Service |
SAP Cloud Platform Identity and Authentication |
Forms by Adobe |
SAP Cloud Platform Document Service |
Application Logging Service |
Digital Manufacturing Cloud |
Java Apps Lifecycle Management |
Feature Flags Service |
Enterprise Messaging |
Solutions Lifecycle Management |
Application Autoscaler Service |
Integration Advisor |
Profiling Service |
Destination Service |
Remote Data Sync |
OAuth 2.0 Service |
SAP Cloud Platform Enhanced Disaster Recovery |
SAP Analytics Cloud including SAP Digital Boardroom and SAP Analytics Hub |
|
SAP Cloud Platform Virtual Machine |
SAP Kubernetes Gardener |