Skip to Content

SAP Data Custodian SOC 2 Type 1 Audit Report

The scope of this SOC report includes the SAP Data Custodian as offered in the data centers Frankfurt (Germany), North Europe (Ireland), West Europe (Netherlands), Council Bluffs (Iowa, USA) and East US (Virginia, US).

Data Custodian is a multi-cloud SaaS application developed by SAP, for deployment on cloud platforms like Google Cloud Platform (GCP), Amazon Web Services (AWS) and Microsoft Azure. This solution addresses global data protection regulations, in order to provide enterprise customers with comprehensive data monitoring across cloud environments. 

SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Data Custodian has prepared SOC2 Type 1 audit report by an independent 3rd party accountant. This version of the report is as of 31 October 2019, the Frankfurt (Germany), North Europe (Ireland), West Europe (Netherlands), Council Bluffs (Iowa, USA) and East US (Virginia, US) and the trust principles Security, Availability and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

Back to top