SAP Trust Center
SAP Business Technology Platform SOC 2 (ISAE 3000) Audit Report 2022 H1
SAP Business Technology Platform (SAP BTP) is an integrated offering comprised of four technology portfolios: database and data management, application development and integration, analytics, and intelligent technologies. The platform offers users the ability to turn data into business value, compose end-to-end business processes, and build and extend SAP applications.
The services and solutions of SAP BTP are available on multiple cloud infrastructure providers. The multi-cloud foundation supports different environments, such as Cloud Foundry, ABAP, Kyma, and Neo, as well as multiple different regions and a broad choice of programming languages.
The SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These narratives are related to the trust principles Security, Availability, Processing Integrity, Confidentiality, and Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Business Technology Platform has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period November 1, 2021 to March 31, 2022.
The following locations and their IaaS provider are covered:
SAP BTP SOC2 Type 2 report covers within audit period the following services:
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.