SAP Emarsys SOC 2 Audit Report 2025
Please Note: Starting from 2025 H1, SAP will release new SOC 1, SOC 2 and C5 audit reports called “SAP Central Cloud Services” comprising of SAP Cloud Services (IaaS, PaaS, SaaS) and SAP central services. Customers will automatically receive a copy of this audit report in addition to the requested report(s) to assess relevant controls of the internal subservice organization “SAP Central Cloud Services” as outlined in Section III.
Learn More: Digital Resources & Enablement
SAP Emarsys is the customer engagement solution for SAP Customer Experience, empowering businesses across any industry to deliver personalized, AI-driven, omnichannel experiences. Securely connect data from any source with native SAP connectors, 3rd party integrations and robust APIs. Build AI-powered content and campaigns that are personalized for each segment or individual. And orchestrate consent-driven, omnichannel customer lifecycle journeys across online and offline channels, with pre-built and custom reporting to measure it all. From digitally native disruptors to global enterprises, SAP Emarsys helps bring out the best customer experience in every business by meeting customers where they are with the products, information, and engagements they need, exactly when and where they need them across the customer lifecycle.
SOC 2 reports are prepared in accordance with AT-C Section 205 and the International Standard on Assurance Engagements No. 3000. SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAP’s service organization systems, processes, and controls. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to Security, Availability, and Processing Integrity of the systems that are used to process users’ data and the Confidentiality and Privacy of the information processed by these systems (AICPA, Trust Services Criteria). Additionally, they can play an important role in the oversight of the organization, vendor management programs, and regulatory oversight. Please note that this examination's scope does not include the controls of any subservice organizations. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.
SAP Emarsys has prepared SOC 2 Type 2 audit report by an independent 3rd party accountant. This version of the report covers as of the audit period 1. April 2024 to 31. March 2025, and the trust principles Security, Availability, Processing Integrity, and Confidentiality.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with a non-disclosure agreement in place.