Skip to Content
Kontakta oss
Chatta nu Chatta offline
Få live-hjälp och chatta med en SAP-representant.
Kontakta oss
Skicka kommentarer, frågor eller feedback via e-post.
SAP Trust Center
A shield and a hand representing trust for SAP software

Service Organization Control Reports

SAP offers Service Organization Control (SOC) reports to provide assurance and detailed insight into the design and operating effectiveness of internal control systems implemented within cloud delivery units. SOC reports are industry independent and well-known. Cloud solutions from SAP are audited by our external auditor at least once a year.
Previous Next

SOC 1 Reports

The auditor of our customer’s financial statements receives information about controls for cloud solutions from SAP that may be relevant to a customer’s internal control over financial reporting. The SOC 1 report follows the SSAE 18 and ISAE 3402 standards on auditing engagements and includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.

SOC 2 Reports

Customers and prospects are given insights into the control system relevant to security, availability, processing integrity,  confidentiality, or privacy of the data. The SOC 2 report follows the ISAE 3000 and AT 101 auditing standards and is based on AICPA’s trust service principles. The report includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.

SOC 3 Reports

Interested parties get a report on the control system implemented within cloud solutions from SAP that are relevant to security, availability, processing integrity, confidentiality, or privacy. The SOC 3 report is a short-form record that provides no description of controls testing and results. It also summarizes the results of respective SOC 2 audits.

Other Certifications and Attestations

Besides ISO standards and SOC reports, selected cloud solutions from SAP provide additional certifications and attestations.
Previous Next

Payment Card Industry Data Security Standard (PCI DSS)

This global data security standard, also known as PCI DSS, is adopted by the payment card brands for all entities that process, store, or transmit cardholder data. It comprises common sense steps that mirror security best practices.

Good Practice Quality Guidelines and Regulations (GxP)

GxP is an acronym referring to the regulation and guidelines applicable to life sciences organizations that make food and medical products. These requirements  ensure that food and medical products are safe for consumers.

Cloud Computing Compliance Controls Catalogue (C5)

C5 has proven itself, due to its neutrality, scope, compactness and testability, as an attestation for a stable foundation for internal auditing and for information security management in regulated industries.

Trusted Information Security Assessment Exchange (TISAX)

TISAX enables mutual acceptance of Information Security Assessments in the automotive industry and provides a common assessment and exchange mechanism.

Federal Service for Technical and Export Control (FSTEC)

FSTEC enables Russia license for activities in the field of technical protection of confidential information.

Cloud Security Alliance (CSA)

CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, as well as, provide education on the uses  and security of Cloud Computing.

Product and industry specific information

See how SAP products can help deal with government regulations across industries.


Get more access to SAP Trust Center

Frequently Asked Questions

Back to top