SAP Enterprise Management SOC 2 Audit Report 2024 H1
SAP Enterprise Management solutions in scope of this SOC 2 report are:
SAP Advanced Financial Closing,
SAP Asset Performance Management,
SAP Business ByDesign,
SAP Integrated Business Planning,
SAP Marketing Cloud,
SAP S/4HANA Cloud for Projects,
SAP S/4HANA Cloud Public Edition.
SAP Enterprise Management infrastructure is located at the following data center locations:
DC Locations | DC Providers |
Amsterdam, The Netherlands | SAP Converged Cloud |
Ashburn 3, VA, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Shanghai, China | SAP Converged Cloud |
Dubai, UAE | SAP Converged Cloud |
Toronto, Canada | SAP Converged Cloud |
Colorado Springs, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Toronto, Canada | SAP Converged Cloud |
Dubai, United Arab Emirates | SAP Converged Cloud |
Frankfurt, Germany | SAP Converged Cloud |
NSQ, PA, US | SAP Converged Cloud |
Osaka, Japan | SAP Converged Cloud |
Riyadh, Saudi Arabia | SAP Converged Cloud |
St. Leon-Rot, Germany | SAP Converged Cloud |
Shanghai, China | SAP Converged Cloud |
Sterling, US | SAP Converged Cloud |
Tokyo, Japan | SAP Converged Cloud |
Council Bluffs, US | Google Cloud Platform |
Ashburn, VA, US | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Sao Paulo, Brazil | Google Cloud Platform |
Frankfurt, Germany | Google Cloud Platform |
Mumbai, India | Google Cloud Platform |
Eemshaven, The Netherlands | Google Cloud Platform |
Amsterdam, The Netherlands | Microsoft Azure |
Quincy, US | Microsoft Azure |
Ashburn, VA, US | Microsoft .NET |
Frankfurt, Germany | Microsoft .NET |
Singapore | Microsoft .NET |
Europe | SAP BTP, Cloud Foundry on AWS |
USA | SAP BTP, Cloud Foundry on AWS |
Singapore | SAP BTP, Cloud Foundry on AWS |
Europe | SAP BTP, Cloud Foundry on MS Azure |
USA | SAP BTP, Cloud Foundry on MS Azure |
Council Bluffs | SAP BTP, Cloud Foundry on GCP |
Canada | SAP BTP, Cloud Foundry on AWS |
Walldorf, Germany | SAP Converged Cloud |
East US (1) | MS Azure |
Germany West Central | MS Azure |
Southeast Asia (Singapore) | MS Azure |
SOC 2 reports are prepared in accordance with AT-C Section 205 and the International Standard on Assurance Engagements No. 3000. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Enterprise Management has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers as of the audit period 1. April 2023 to 31. March 2024, and the trust principles Security, Availability, and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with a non-disclosure agreement in place.
SAP Enterprise Management solutions in scope of this SOC 2 report are:
SAP Advanced Financial Closing,
SAP Asset Performance Management,
SAP Business ByDesign,
SAP Integrated Business Planning,
SAP Marketing Cloud,
SAP S/4HANA Cloud for Projects,
SAP S/4HANA Cloud Public Edition.
SAP Enterprise Management infrastructure is located at the following data center locations:
DC Locations | DC Providers |
Amsterdam, The Netherlands | SAP Converged Cloud |
Ashburn 3, VA, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Shanghai, China | SAP Converged Cloud |
Dubai, UAE | SAP Converged Cloud |
Toronto, Canada | SAP Converged Cloud |
Colorado Springs, US | SAP Converged Cloud |
Sydney, Australia | SAP Converged Cloud |
Toronto, Canada | SAP Converged Cloud |
Dubai, United Arab Emirates | SAP Converged Cloud |
Frankfurt, Germany | SAP Converged Cloud |
NSQ, PA, US | SAP Converged Cloud |
Osaka, Japan | SAP Converged Cloud |
Riyadh, Saudi Arabia | SAP Converged Cloud |
St. Leon-Rot, Germany | SAP Converged Cloud |
Shanghai, China | SAP Converged Cloud |
Sterling, US | SAP Converged Cloud |
Tokyo, Japan | SAP Converged Cloud |
Council Bluffs, US | Google Cloud Platform |
Ashburn, VA, US | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Sao Paulo, Brazil | Google Cloud Platform |
Frankfurt, Germany | Google Cloud Platform |
Mumbai, India | Google Cloud Platform |
Eemshaven, The Netherlands | Google Cloud Platform |
Amsterdam, The Netherlands | Microsoft Azure |
Quincy, US | Microsoft Azure |
Ashburn, VA, US | Microsoft .NET |
Frankfurt, Germany | Microsoft .NET |
Singapore | Microsoft .NET |
Europe | SAP BTP, Cloud Foundry on AWS |
USA | SAP BTP, Cloud Foundry on AWS |
Singapore | SAP BTP, Cloud Foundry on AWS |
Europe | SAP BTP, Cloud Foundry on MS Azure |
USA | SAP BTP, Cloud Foundry on MS Azure |
Council Bluffs | SAP BTP, Cloud Foundry on GCP |
Canada | SAP BTP, Cloud Foundry on AWS |
Walldorf, Germany | SAP Converged Cloud |
East US (1) | MS Azure |
Germany West Central | MS Azure |
Southeast Asia (Singapore) | MS Azure |
SOC 2 reports are prepared in accordance with AT-C Section 205 and the International Standard on Assurance Engagements No. 3000. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Enterprise Management has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers as of the audit period 1. April 2023 to 31. March 2024, and the trust principles Security, Availability, and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with a non-disclosure agreement in place.