This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, as well as the process approach and continuous improvement.
SAP Cloud Trust Center
Compliance
Get the assurance you need to know that our cloud offerings meet the latest compliance and security standards. We regularly check compliance through external reviews and audits and follow one common framework, including data security and privacy regulations, worldwide.
ISO/BS Certificates
SAP has developed and implemented an integrated framework based on several international standards. This approach provides a consistent, secure service that meets customer and applicable regulatory requirements. We address client satisfaction and continuous, as well as secure operation of our services, through the effective application of the framework, which includes continuous improvement and the prevents nonconformity. All cloud units certified against ISO/BS standards are annually audited by our certification body.
Previous
Next
ISO/IEC 9001 Quality Management System
ISO/IEC 27001 Security Management System
ISO/IEC 27001 is possibly the best-known standard in the ISO family. It provides holistic, risked-based approach to security and a comprehensive and measurable set of information security management practices.
ISO/IEC 22301 Business Continuity Management System
ISO 22301 is the international standard for business continuity management. It’s designed to protect business operations from potential disruption. This includes extreme weather, fire, flood, natural disaster, theft, IT outage, staff illness, and terror attacks.
BS 10012 Personal Information Management System
This standard covers areas such as employee security awareness training, risk assessments, data retention, and disposal. It establishes policies and procedures and enables the effective management of personal information on individuals.
ISO/IEC 20000 Service Management
This standard covers a system management approach to service management and provides measurable quality guidance for the best-practice framework IT Infrastructure Library (ITIL). It also includes elements from other frameworks such as Control Objectives for Information and Related Technologies (COBIT).
Service Organization Control Reports
SAP offers Service Organization Control (SOC) reports to provide assurance and detailed insight into the design and operating effectiveness of internal control systems implemented within cloud delivery units. SOC reports are industry independent and well-known. Cloud solutions from SAP are audited by our external auditor at least once a year.
Previous
Next
SOC 1 Reports
The auditor of our customer’s financial statements receives information about controls for cloud solutions from SAP that may be relevant to a customer’s internal control over financial reporting. The SOC 1 report follows the SSAE 16 and ISAE 3402 standards on auditing engagements and includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.
SOC 2 Reports
Customers and prospects are given insights into the control system relevant to security, availability, processing integrity, confidentiality, or privacy of the data. The SOC 2 report follows the ISAE 3000 and AT 101 auditing standards and is based on AICPA’s trust service principles. The report includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.
SOC 3 Reports
Interested parties get a report on the control system implemented within cloud solutions from SAP that are relevant to security, availability, processing integrity, confidentiality, or privacy. The SOC 3 report is a short-form record that provides no description of controls testing and results. It also summarizes the results of respective SOC 2 audits.
Other Certifications and Attestations
Besides ISO standards and SOC reports, selected cloud solutions from SAP provide additional certifications and attestations.
