The scope of this SOC report includes the SAP Business ByDesign and SAP Cloud for Travel and Expense solutions as offered for the live productive customer systems that are hosted in SAP’s data centers St. Leon–Rot (Germany) and Newtown Square (USA), as well as in the co-location Frankfurt (Germany), Sydney (Australia) and Shanghai (China).
SAP Business ByDesign is a cloud-based Software-as-a-Service (SaaS) ERP offering for mid-market companies and subsidiaries, powered by SAP HANA®. With SAP Business ByDesign, organizations can manage their entire business with a single cloud ERP solution. Ideally suited for upper mid-market companies and subsidiaries of large corporations, this complete and integrated Software-as-a-Service (SaaS) suite supports financials, human resources, sales, procurement, customer service, supply chain management and more.
SAP Cloud for Travel and Expense is a cloud solution offered by SAP which helps companies to manage their business travel from planning to expense reimbursement while staying in compliance with corporate policies. The solution can be accessed via the web, but also supports a wide range of mobile devices.
SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Business ByDesign has regularly prepared SOC2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2018 to 30. April 2019, the locations St. Leon–Rot (Germany) and Newtown Square (USA), as well as in the co-location Frankfurt (Germany), Sydney (Australia) and Shanghai (China) and the trust service criteria Security, Availability and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.