SAP Trust Center
SAP Enterprise Cloud Services SOC 1 (ISAE 3402) Audit Report 2022 H2
The scope of this SOC report includes:
- RISE with SAP S/4HANA Cloud, Private Edition
- RISE with SAP S/4HANA Cloud, Private Cloud, Tailored Option
- SAP HANA Enterprise Cloud Credit & Overage, Advanced Edition (BYOL) as well as passive, renewals only options:
- SAP S/4 HANA Cloud, Extended Edition
This offering has the following predecessors:
- STE (Single Tenant Edition)
- CPO (Cloud Private Option)
- CPE (Cloud Private Edition)
- SAP Credit & Overage HANA Enterprise Cloud Advanced Edition (Subscription)
- SAP HANA Enterprise Cloud Advanced Edition (Subscription)
- SAP HANA Enterprise Cloud Classic (Subscription and BYOL)
Services are offered on SAP infrastructure, Amazon Web Services, Microsoft Azure or Google Cloud Platform. A detailed list of locations of the datacenter is available within the report. RISE with SAP S/4 HANA Cloud, Private Edition, Private Cloud, Tailored Option, as well as the predecessors, SAP S/4 HANA Cloud Extended Edition, SAP HANA Enterprise Cloud Advanced Edition, SAP HANA Enterprise Classic and SAP Credit & Overage HANA Enterprise Cloud Advanced Edition are fully scalable and secure private managed cloud solutions available only from SAP. It empowers organizations to unlock the full value of SAP Enterprise Cloud Services in the cloud — accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. SAP S/4 HANA Cloud, Extended Edition Service is using the SAP Enterprise Cloud Services architecture and processes but includes also specific SAP products, use rights and services.
The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment. SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC 1 engagement. SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated time period.
RISE with SAP S/4 HANA Cloud, Private Edition, Private Cloud, Tailored Option, as well as the predecessors, SAP S/4 HANA Cloud Extended Edition, SAP HANA Enterprise Cloud Advanced Edition, SAP HANA Enterprise Classic and SAP Credit & Overage HANA Enterprise Cloud Advanced Edition has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period April 1st, 2022, to September 30th, 2022. GxP: This report contains the controls for demonstrating compliance with GxP requirements. These controls address additional criteria related to the deployment and quality assurance. The controls have been tested along with the controls put in place for trust principles Security, Availability and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP Enterprise Cloud Services customers who had productive and had financially-relevant systems during the audit period covered by the report.