Skip to Content
Jetzt chatten Chat offline
Lassen Sie sich helfen und chatten Sie mit einem SAP-Mitarbeiter.
Kontakt aufnehmen
Schreiben Sie uns eine E-Mail mit Fragen, Kommentaren oder Feedback.

SAP Cloud Platform Cloud Foundry SOC 2 Audit Report 2018 H2

The scope of this SOC report includes the SAP Cloud Platform Cloud Foundry services hosted in SAP SE's data centers St. Leon–Rot (Germany) as well as in the co-location data centers in Frankfurt (Germany), Sydney (Australia), US East (Virginia, USA), Tokyo (Japan) and Sao Paulo (Brazil).


SAP Cloud Platform is a Business Application Platform-as-a-Service (PaaS) offering. It enables SAP, its partners and customers to develop, deploy, run, operate, and use applications in a cloud environment.


SAP Cloud Platform is a multitenant public cloud offering which allows application providers, including SAP itself, to build lightweight, collaborative, network-oriented applications to complement and extend existing SAP solutions. 


Additionally, SAP provides and operates Software-as-a-Service (SaaS) solutions on SAP Cloud Platform. Those also leverage the SAP Cloud Platform management system and operational controls. Therefore, everywhere in this system description where referred to SAP Cloud Platform, all services, tools, applications, SaaS solutions, part of or running on SAP Cloud Platform, are included as described in the chapter Service Overview.


SAP Cloud Platform is a product implemented by SAP, and as such, it uses the Innovation Cycle framework for product and solution creation, certified with ISO 9001:2015.


SAP Cloud Platform Cloud Foundry is built upon an Open Source Cloud Application Platform called “Cloud Foundry”. Cloud Foundry itself is not bound to a particular infrastructure and can therefore be deployed on various cloud infrastructures


SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.


SAP Cloud Platform has prepared SOC2 Type 1 audit report by an independent 3rd party accountant. This version of the report is as of 31. October 2018, the location St. Leon–Rot (Germany) as well as in the co-location data centers in Frankfurt (Germany), Sydney (Australia), US East (Virginia, USA), Tokyo (Japan) and Sao Paulo (Brazil) and the trust principles Security, Availability and Confidentiality.


The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

Back to top