Skip to Content

SAP Trust Center

SAP Converged Cloud SOC 2 (ISAE 3000) Audit Report 2021 H1

The scope of this SOC report includes the SAP Converged Cloud solutions as offered for the live productive customer systems that are hosted in SAP SE's data centers St. Leon–Rot (Germany), Walldorf (Germany),  Newtown Square (USA) and Shanghai (China) as well as in the co-location Amsterdam (Netherlands), Sterling (USA), Dubai (UAE), Frankfurt (Germany), Moscow (Russia), Osaka (Japan), Riyadh (Saudi Arabia), Sao Paulo (Brazil), Toronto (Canada), Colorado (USA), Sydney (Australia) and Tokyo (Japan), Australia.


Converged Cloud is SAP’s own standardized Infrastructure as a Service (IaaS) to support all of SAP’s cloud businesses on a global scale. It provides a vendor agnostic and harmonized hardware infrastructure architecture as well as an infrastructure orchestration and automation layer in all major SAP data centers. With Converged Cloud it is possible to deploy applications into data centers without the need for a solution specific infrastructure stack.

The Converged Cloud platform is an SAP internal offering to provide a consolidated cloud infrastructure to SAP cloud lines of businesses making available APIs, that are built on the foundation of OpenStack, as well as capabilities primarily provided by enterprise vendors, such as VMWare, CISCO, Dell and others.

SOC 2 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 2 reports are intended solely for the information and use of existing user entities (for ex. existing customers of the service organization),their financial statement auditors and management of the service organization. SOC 2 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC 2 engagement. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Converged Cloud has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2021 to 31. October 2021, the location St. Leon–Rot (Germany), Walldorf (Germany),  Newtown Square (USA) and Shanghai (China) as well as in the co-location Amsterdam (Netherlands), Sterling (USA), Dubai (UAE), Frankfurt (Germany), Moscow (Russia), Osaka (Japan), Riyadh (Saudi Arabia), Sao Paulo (Brazil), Toronto (Canada), Colorado (USA), Sydney (Australia) and Tokyo (Japan), Australia.

The use of these reports is restricted. A copy of this report is available for all SAP Converged Cloud customers who had productive and had financially-relevant systems during the audit period covered by the report.

Back to top