SAP Trust Center
SAP Trust Center
SAP Enterprise Cloud Services SOC 1 (ISAE 3402) Audit Report 2021 H2
The scope of this SOC report includes the SAP Enterprise Cloud Services and the SAP S/4 HANA Cloud, Extended Edition services as offered in the data centers for the productive customer systems that have the status “business live” (i.e. in daily productive business use) in the following locations: St. Leon–Rot (Germany), Amsterdam (Netherlands), Sterling (US), Santa Clara (US), Tokyo (Japan), Osaka (Japan), Sydney (Australia), Moscow (Russia), Toronto (Canada), Frankfurt (Germany), US East (Virginia), US West (Oregon), Singapore, Hongkong, Seoul (Korea) and Ireland (Dublin).
SAP Enterprise Cloud Services and the SAP S/4 HANA Cloud, Extended Edition services are fully scalable and secure private managed cloud solutions available only from SAP. It empowers organizations to unlock the full value of SAP HANA in the cloud — accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. SAP S/4 HANA Cloud, Extended Edition Service is using the SAP Enterprise Cloud Services architecture and processes but includes also specific SAP products, use rights and services.
The SAP Enterprise Cloud Services reference architecture helps the customer to use flexible services for modular and rapid deployment.
SOC 1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC 1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC 1 engagement. SOC 1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Enterprise Cloud Services/ SAP S/4 HANA Cloud, Single Tenant Edition Services has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. May 2021 to 31. October 2021, the locations St. Leon–Rot (Germany), Amsterdam (Netherlands), Sterling (US), Santa Clara (US), Tokyo (Japan), Osaka (Japan), Sydney (Australia), Moscow (Russia), Toronto (Canada), Frankfurt (Germany), US East (Virginia), US West (Oregon), Singapore, Hongkong, Seoul (Korea) and Ireland (Dublin).
The use of these reports is restricted. A copy of this report is available for all SAP Enterprise Cloud Edition customers who had productive and had financially-relevant systems during the audit period covered by the report.