SAP Customer Experience (SAP Cloud for Customer, SAP Sales Cloud and SAP Service Cloud Version 2 and SAP Commerce Cloud) SOC 1 Audit Report 2025 H2
The scope of this SOC report includes the SAP Cloud for Customer, SAP Sales Cloud and SAP Service Cloud Version 2 and SAP Commerce Cloud Systems.
The SAP Cloud for Customer system is an SAP Customer Relationship Management (CRM) Software-as-a-Service (SaaS) offering. It is a set of solutions for sales and service teams. All solutions are pre-integrated with SAP Business Suite and the solutions are supported on a wide range of browsers and mobile devices. It is a multi-tenant cloud offering that brings sales, customer service and social CRM together.
The SAP Sales Cloud and SAP Service Cloud version 2 is an SAP Customer Relationship Management (CRM) Software-as-a-Service (SaaS) offering. It is a cloud native product built on the Amazon Web Services (AWS) hyperscaler. It is a set of solutions for sales and service teams. All solutions are pre-integrated with SAP Business Suite and the solutions are supported on a wide range of browsers and mobile devices. SAP Sales Cloud and SAP Service Cloud version 2 is a multi-tenant cloud offering that brings sales, customer service and social CRM together.
The SAP Commerce Cloud system is a cloud-based e-commerce platform. Customers extend and build their own environment on top of the Commerce Cloud core codebase to achieve their desired e-commerce solution. All solutions run within the dedicated hyperscaler subscription of each customer. Customers can perform several self-service tasks through the Cloud Portal.
SAP Commerce Cloud Supported by Infrastructure Managed by Microsoft Azure is offered in the following data center regions:
SOC 1 reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, under Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. SOC 1 reports are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors). Please note that this examination's scope does not include the controls and related control objectives of any subservice organizations. SOC 1 Type 1 report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of controls to achieve the related control objectives as of a specified date, whereas a SOC 1 Type 2 also includes the operating effectiveness of controls to achieve the related control objectives throughout a specified period.
SAP Cloud for Customer, SAP Sales Cloud and SAP Service Cloud Version 2 and SAP Commerce Cloud has regularly prepared SOC 1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2025 to 30. September 2025.
The use of these reports is restricted to the management of the service organization, user entities, and user auditors. A copy of this report is available for all SAP Customer Experience customers who had productive and had financially-relevant systems during the audit period covered by the report.