The scope of this SOC report includes:

• RISE with SAP S/4HANA Cloud, Private Edition 

• RISE with SAP S/4HANA Cloud, Private Cloud, Tailored Option incl. Customer Data Center Option

• SAP HANA Enterprise Cloud Credit & Overage, Advanced Edition  incl.
  Customer Data Center Option (BYOL) as well as passive, renewals only
  options: 

SAP Enterprise Cloud Services offers services to customers through the following offerings (passive, renewals only):

• SAP S/4 HANA Cloud, Extended Edition

This offering has the following predecessors:

• STE (Single Tenant Edition)  

• CPO (Cloud Private Option) 

• CPE (Cloud Private Edition) 

• SAP Credit & Overage HANA Enterprise Cloud
  Advanced Edition (Subscription) 

• SAP HANA Enterprise Cloud Advanced Edition
  (Subscription) 

• SAP HANA Enterprise Cloud Classic
  (Subscription and BYOL)

Services are offered on SAP Infrastructure, Customer Data Center Infrastructure, Amazon Web Services, Microsoft Azure or Google Cloud Platform.  A detailed list of locations of the datacenter is available within the report. The offered services are fully scalable and secure private managed cloud solutions available only from SAP. It empowers organizations to unlock the full value of SAP Enterprise Cloud Services in the cloud - accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. The offered services are using the SAP Enterprise Cloud Services architecture and processes but includes also specific SAP products, use rights and services. The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment.  

SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, and evaluate the effect of the controls at the service organization on the user entities’ financial statements. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors).  SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.

The offered services have regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2022 to 31. March 2023, the location Colorado (USA), St. Leon-Rot (Germany), and Walldorf (Germany) and the Hyperscalers (listed in the report).

The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Enterprise Cloud Services customers who had productive and had financially-relevant systems during the audit period covered by the report.