SAP Trust Center
SAP Ariba SOC 2 (ISAE 3000) Audit Report 2020 H2
SAP Ariba, an SAP Company is a leading provider of on-demand spend management solutions. SAP Ariba’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance. Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment. SAP Ariba has deployed in regional data centers in San Jose (California), Amsterdam (Netherlands), Moscow (Russia), Shanghai (China), Dubai (UAE) and Riyadh (Saudi Arabia) as well as in co-locations Sunnyvale, California (USA).
SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Ariba has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2020 to 31. October 2020, the locations San Jose (California), Amsterdam (Netherlands, Moscow (Russia), Shanghai (China), Dubai (UAE), Riyadh (Saudi Arabia) and Sydney (Australia) as well as in co-locations Sunnyvale, California (USA) and the trust principles Security, Availability, Processing Integrity and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.