SAP Central Cloud Services Cloud Computing Compliance Criteria Catalog (C5:2020) Audit Report 2025

SAP Central Cloud Services offers Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) to external consumers. These services are also available for general SAP internal consumption along with Infrastructure-as-a-Service (IaaS) capabilities, tools, Data Center Management and other services provided on SAP entity level.

The offerings are available in various distinct regions, including regions with SAP as cloud infrastructure provider and regions with hyperscaler (Amazon Web Services, Microsoft Azure, Google Cloud Platform) as a third-party infrastructure provider.

 

SAP CCS C5 Type 2 report covers the following services:

  • SAP Cloud Infrastructure Services

  • SAP BTP Runtime: 

    • SAP BTP, Neo environment

    • SAP BTP, Cloud Foundry runtime

    • SAP BTP, Kyma runtime

  • SAP BTP ABAP environment

  • SAP BTP, Kubernetes environment (SAP internal consumption only) 

  • SAP AI Core 

  • SAP AI Launchpad 

  • SAP AI Services, including 

    • Business Entity Recognition 

    • Data Attribute Recommendation 

    • Document Classification 

    • Document Information Extraction 

    • Service Ticket Intelligence 

    • Personalized Recommendation 

  • SAP Alert Notification service for SAP BTP 

  • SAP Analytics Cloud 

  • SAP Application Logging service for SAP BTP 

  • SAP ASE service 

  • SAP Audit Log service 

  • SAP Authorization and Trust Management service 

  • SAP Automation Pilot 

  • SAP Batch Release Hub for Life Sciences 

  • SAP Build Apps 

  • SAP Build Code

  • SAP Build Process Automation 

  • SAP Build Work Zone, advanced edition 

  • SAP Build Work Zone, standard edition 

  • SAP Business Accelerator Hub 

  • SAP Business Application Studio 

  • SAP Business Network Asset Collaboration 

  • SAP Business Network for Logistics, including 

    • SAP Business Network Freight Collaboration 

    • SAP Business Network Global Track and Trace 

    • SAP Business Network, intelligent insights add-on 

    • SAP Business Network Material Traceability

  • SAP Cell and Gene Therapy Orchestration   

  • SAP Cloud Appliance Library 

  • SAP Cloud Application Event Hub 

  • SAP Cloud for Energy 

  • SAP Cloud Identity Access Governance 

  • SAP Cloud Identity Services - Identity Authentication 

  • SAP Cloud Identity Services - Identity Provisioning 

  • SAP Cloud Integration for data services 

  • SAP Cloud Logging 

  • SAP Cloud Management service for SAP BTP

  • SAP Cloud Portal service

  • SAP Cloud Transport Management

  • SAP Connectivity service

  • SAP Content Agent service 

  • SAP Continuous Integration and Delivery 

  • SAP Conversational AI 

  • SAP Credential Store 

  • SAP Custom Domain service 

  • SAP Data Intelligence Cloud 

  • SAP Data Privacy Integration 

  • SAP Data Quality Management 

  • SAP Data Retention Manager 

  • SAP Datasphere, including SAP BW Bridge 

  • SAP Destination service 

  • SAP Digital Manufacturing  

  • SAP Document Center 

  • SAP Document Management service  

  • SAP Document service 

  • SAP Entitlement Management 

  • SAP Event Mesh 

  • SAP Feature Flags service 

  • SAP Fiori Cloud (SAP Fiori) 

  • SAP Forms service by Adobe 

  • SAP Git service 

  • SAP HANA Cloud, including 

    • SAP HANA Cloud, data lake  

    • SAP HANA Cloud, SAP HANA database 

  • SAP HANA service for SAP BTP 

  • SAP HANA spatial services 

  • SAP Health Data Services for FHIR

  • SAP HTML5 Application Repository service for SAP BTP 

  • SAP Information Collaboration Hub 

  • SAP Intelligent Clinical Supply Management 

  • SAP Integration Suite, including 

    • API Management 

    • Cloud Integration 

    • Graph 

    • Integration Advisor 

    • Integration Assessment 

    • Migration Assessment 

    • OData Provisioning 

    • Open Connectors 

    • Trading Partner Management 

  • SAP BTP, Java server

  • SAP Job Scheduling service

  • SAP Key Management Service

  • SAP Keystore service 

  • SAP Landscape Management Cloud 

  • SAP Malware Scanning service 

  • SAP Market Communication for Utilities 

  • SAP Market Rates Management 

  • SAP Master Data Governance, cloud edition 

  • SAP Master Data Integration 

  • SAP Mobile Services, including Agentry 

  • SAP Monitoring service for SAP BTP 

  • SAP Multi-Bank Connectivity 

  • SAP Personal Data Manager 

  • SAP Platform Identity Provider service for SAP BTP 

  • SAP Private Link service 

  • SAP Profitability and Performance Management Cloud 

  • SAP Secure Login Service for SAP GUI 

  • SAP Service Manager 

  • SAP Software-as-a-Service Provisioning service 

  • SAP Solutions Lifecycle Management service for SAP BTP 

  • SAP Sports One 

  • SAP Subscription Billing 

  • SAP Task Center 

  • SAP Translation Hub

  • SAP Usage Data Management service for SAP BTP 

  • SAP Virtual Machine service 

  • SAP Web IDE 

  • Application Autoscaler 

  • Cloud Integration Automation 

  • Commercial Infrastructure Service

  • Java Debugging for SAP BTP 

  • Java Profiling for SAP BTP 

  • Joule  

  • MongoDB service on SAP BTP

  • OAuth 2.0 on SAP BTP 

  • Object Store on SAP BTP 

  • PostgreSQL on SAP BTP  

  • PostgreSQL on SAP BTP, hyperscaler option 

  • RabbitMQ on SAP BTP 

  • Redis on SAP BTP  

  • Redis on SAP BTP, hyperscaler option 

  • UI theme designer 

  • UI5 flexibility for key users 

  • Unified Gateway

The scope of this report covers the following data centers:

  • Austria: Vienna

  • Australia: New South Wales 

  • Australia: Sydney

  • Brazil: São Paulo 

  • Canada: Central 

  • Canada: Toronto

  • China: Shanghai

  • Germany: Frankfurt 

  • Germany: Walldorf / Rot

  • India: Mumbai 

  • Ireland: Dublin

  • Japan: Osaka 

  • Japan: Tokyo 

  • Malaysia: Kuala Lumpur

  • Malaysia: Selangor 

  • Netherlands: Amsterdam

  • Saudi Arabia: Dammam 

  • Saudi Arabia: Riyadh

  • Singapore

  • South Korea: Seoul 

  • Switzerland: Zurich 

  • United Arab Emirates: Dubai

  • USA: Ashburn, VA

  • USA: Chandler

  • USA: Colorado 

  • USA: Council Bluffs, IA 

  • USA: N. Virginia 

  • USA: Oregon

  • USA: Philadelphia, PA

  • USA: Quincy, WA 

  • USA: Sterling/NSQ/Ashburn

  • USA: Sacramento, CA 

  • USA: Santa Clara, CA 

  • USA: Virginia

Google Cloud Platform

  • Australia: Melbourne

  • Australia: Sydney 

  • Belgium: St. Ghislain 

  • Brazil: São Paulo 

  • Canada: Montreal 

  • Canada: Toronto 

  • Chile: Santiago 

  • China: Hong Kong 

  • Finland: Hamina 

  • France: Paris 

  • Germany: Berlin 

  • India: Delhi 

  • Indonesia: Jakarta 

  • Israel: Tel Aviv

  • Italy: Milan 

  • Italy: Turin 

  • Japan: Osaka 

  • Japan: Tokyo 

  • Mexico: Queretaro

  • Netherlands: Eemshaven 

  • Poland: Warsaw 

  • Qatar: Doha 

  • Saudi Arabia: Dammam 

  • Singapore: Jurong West 

  • South Africa: Johannesburg 

  • South Korea: Seoul 

  • Spain: Madrid 

  • Switzerland: Zürich 

  • Taiwan: Changhua County 

  • UK: London 

  • USA: Ashburn, VA 

  • USA: Columbus, OH 

  • USA: Dallas, TX

  • USA: Las Vegas, NV 

  • USA: Los Angeles, CA 

  • USA: Moncks Corner, SC 

  • USA: Salt Lake City, UT 

  • USA: The Dalles, OR 

Amazon Web Services

  • Australia: Melbourne 

  • Bahrain 

  • Calgary 

  • China: Beijing 

  • China: Hong Kong 

  • China: Ningxia 

  • France: Paris 

  • India: Hyderabad 

  • Indonesia: Jakarta 

  • Ireland 

  • Israel: Tel Aviv 

  • Italy: Milan 

  • Japan: Osaka 

  • Malaysia: Cyberjaya

  • South Africa: Cape Town 

  • Spain 

  • Sweden: Stockholm 

  • Switzerland: Zurich 

  • UK: London 

  • United Arab Emirates 

  • USA: N. California 

  • USA: Ohio 

Microsoft Azure

  • Australia: Canberra 

  • Australia: Victoria 

  • Brazil: Rio de Janeiro 

  • Brazil: São Paulo 

  • Canada: Quebec City 

  • China: Beijing 

  • China: Hebei 

  • China: Hong Kong 

  • China: Jiangsu 

  • China: Shanghai 

  • France: Marseille 

  • France: Paris 

  • Germany: Frankfurt 

  • Germany: Magdeburg 

  • Germany: North 

  • India: Chennai 

  • India: Mumbai 

  • India: Pune 

  • Ireland: Dublin 

  • Israel 

  • Italy: Milan 

  • Japan: Osaka

  • Mexico: Queretaro

  • Norway: Oslo 

  • Norway: Stavanger 

  • Poland: Warsaw 

  • Qatar: Doha 

  • South Africa: Cape Town 

  • South Africa: Johannesburg 

  • South Korea: Busan 

  • South Korea: Seoul 

  • Spain: Madrid 

  • Sweden: Gävle 

  • Sweden: Staffanstorp 

  • Switzerland: Geneva 

  • UK: Cardiff 

  • UK: London 

  • United Arab Emirates: Abu Dhabi 

  • USA: Arizona 

  • USA: California 

  • USA: DoD Central 

  • USA: DoD East 

  • USA: Illinois 

  • USA: Iowa 

  • USA: Texas 

  • USA: Virginia 

  • USA: West Central

Cloud Computing Compliance Controls Catalogue (C5) reports are prepared in accordance with attestation standards established by the American Institute of Certified Public Accountants (“AICPA”) and in accordance with the International Standard on Assurance Engagements (“ISAE”) 3000 Revised, Assurance Engamenets Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Board (IAASB). C5 outlines minimum security for cloud computing, aimed at cloud providers, auditors, and clients. Introduced in 2016, it helps customers choose a secure cloud provider and tailor a risk management system. C5 assures cloud services security by providing transparency via a standardized examination and reporting system. The 2020 version of C5 includes 125 criteria from 17 areas, based on national and international standards and publications.

 

SAP Central Cloud Services has regularly prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2024 to 31. March 2025.

 

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.