Skip to Content

SAP Cloud Platform SOC 2 Audit Report 2019 H1

SAP Cloud Platform is the SAP Business Application Platform-as-a-Service (PaaS) offering. As an essential part of SAP’s cloud strategy it enables SAP and its partners and customers to develop, deploy, run, operate, and use applications in a cloud environment.

The cloud platform is built to enable interoperability and at the same time to ensure security and integrity required by applications operating in a distributed network environment. 

SAP Cloud Platform is a multitenant public cloud offering which allows application providers, including SAP itself, to build lightweight, collaborative, network-oriented applications to complement and extend existing SAP solutions.

SAP Cloud Platform consists of services that are offered on different infrastructures, leveraging SAP infrastructures or external Infrastructure-as-a-Service (IaaS) provider.  

SAP Cloud Platform is a product implemented by SAP, and as such, it uses the Innovation Cycle framework for product and solution creation, certified with ISO 9001:2015.

SOC2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC2 also contains details on performed tests and their results. SOC2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Cloud Platform has regularly prepared SOC2 Type 2 audit reports by an independent 3rd party accountant.

This version of the report covers the audit period 1. November 2018 to 30. April 2019, the location St. Leon–Rot (Germany) as well as in the co-location data centers:

Amsterdam (Netherlands)

Riyadh (Saudi Arabia)

Ashburn (Virginia, USA)

Sao Paulo (Brazil)

Council Bluffs (Iowa)


Dubai (United Arab Emirates)

Sterling (Virginia, USA)

Frankfurt (Germany)

Sydney (Australia)

Montreal (Canada)

Tokyo (Japan)

Moscow (Russian Federation)

Toronto (Canada)

Osaka (Japan)

US East (Virginia, USA)

Phoenix (Arizona, USA)


The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

SAP Cloud Platform SOC2 Type 2 report covers within audit period the following services:

SAP Cloud Platform Runtime

Custom Domain Service

SAP Cloud Platform Integration

Authorization & Trust Management Service

Debugging Service

SAP Cloud Platform Integration for data services

Connectivity Service

SAP Cloud Platform Document Service

SAP Cloud Platform Portal

SAP Cloud Platform SAP HANA Service

Java Apps Lifecycle Management

SAP Document Center

PostgreSQL on SAP Cloud Platform

Solutions Lifecycle Management

SAP Cloud Platform Mobile Services

MongoDB on SAP Cloud Platform

Profiling Service

SAP Cloud Platform Identity Provisioning

SAP Cloud Platform SAP ASE service

OAuth 2.0 Service

SAP Cloud Platform API Management

Redis on SAP Cloud Platform

Keystore Service

SAP Cloud Platform Identity and Authentication

Object Store as a Service

Credential Store

Application Logging Service

RabbitMQ on SAP Cloud Platform

Monitoring Service

Feature Flags Service

Application Autoscaler Service

Destination Service

SAP Cloud Platform Enhanced Disaster Recovery

SAP Cloud Platform Virtual Machine

SAP Cloud Platform Git Service

Job Scheduler

Platform Identity Provider

SAP Cloud Platform - ABAP environment

SAP Fiori Cloud

SAP Fiori Mobile

UI Theme Designer

Open Connectors

SAP Cloud Platform OData Provisioning

SAP Cloud Platform WEB IDE

SAP Analytics Cloud including SAP Digital Boardroom and SAP Analytics Hub

Back to top