The SOC 2 Report of SAP Enterprise Management includes SAP Asset Performance Management, SAP Integrated Business Planning, SAP Marketing Cloud, and SAP S/4HANA Cloud, public edition.

SAP Product Engineering (PE) department consists of product management, engineering, cloud operations and infrastructure. PE supports teams to consolidate and operate the organization with the objective to be able to respond to changes, challenges and trends in the cloud industry and to customer expectations. The portfolio includes the SAP S/4 HANA Cloud suite, SAP Digital Supply Chain, Small and Mid-Sized Enterprises (SME), and industry solutions as well as cloud offerings. Cross-functions in the Product Engineering (PE) include Architecture, global SAP Labs Network, SAP Knowledge & Education, Globalization Services, and SAP User Experience teams with the responsibility for the overall quality of SAP software products.

The SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls.  These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems that are used to process users’ data and the confidentiality and privacy of the information processed by these systems.  Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight.  SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

This version of the report covers the audit period 1. October 2022 to 31. March 2023 in the data center locations Toronto (Canada), Tokyo (Japan), Council Bluffs (US), GCP Ashburn, Mumbai (India), Eemshaven (Netherlands), Sao Paulo (Brazil), West US2, Europe (EU 10 & EU 20), and USA (US 10 & US 20), and the trust principles Security, Availability, and Confidentiality.

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.