SAP Trust Center
SAP Cloud Application Services SOC 1 (ISAE 3402) Audit Report 2021 H2
The scope of this SOC report includes the SAP Cloud Application Services solution for the period 1. May 2021 to 31. October 2021.
SAP CAS provides company-specific post-implementation support, optimization and improvement to manage day-to-day applications, technical and database operations.
SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.16, a new guidance that the auditors use to conduct a SOC 1 engagement. SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated period.
The use of these reports is restricted. A copy of this report is available for all SAP Cloud Application Services customers who had productive and had financially-relevant systems during the audit period covered by the report.