SAP Cloud Application Services (CAS) provides company-specific post-implementation support, optimization and improvement to manage day-to-day applications, technical and database operations. 

SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, and evaluate the effect of the controls at the service organization on the user entities’ financial statements. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors).  SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.

The scope of this SOC report includes the SAP Cloud Application Services solution for the period 1. December 2022 to 31. March 2023.  All data is stored and processed in a dedicated environment per customer in one or more data centers and regions (e.g., EMEA, US, Canada, APJ) as per customer requirements.

The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Cloud Application Services customers who had productive and had financially-relevant systems during the audit period covered by the report.