SAP Trust Center
SAP Configure Price Quote “CPQ” SOC 1 (ISAE 3402) Audit Report 2022 H1
SAP Configure Price Quote (CPQ) allows customers to configure, price, quote, propose, and sell product offerings. The SAP CPQ application can be used as a product and service catalogue with search and selection capabilities as well as for guided selling, proposal generation, and multi-level channel management tasks associated with sales configurators. The sales quote software is designed to help sales professionals understand customer needs, narrow down the product list, collaborate to propose the right products and services, and deliver an accurate quotation to the customer. The software helps to make sure users can search for the right product and compare against other similar products using product and pricing information in one place.
SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. Exiting customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.16, a new guidance that the auditors use to conduct a SOC 1 engagement. SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated period.
SAP CPQ has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2021 to 31. March 2022, the locations Ashburn (Virginia), Chicago (Illinois), Frankfurt (Germany), and Singapore.
The use of these reports is restricted. A copy of this report is available for all SAP CPQ customers who had productive and had financially-relevant systems during the audit period covered by the report.