The scope of this 2024 Cloud Security Assessment covers SAP Fieldglass deployed in Australia using the Information Security Manual (ISM) controls manual published March 2024.

 

The scope of a Cloud Security Assessment (CSA) undertaken by an Infosec Registered Assessor Program (IRAP) certified assessor includes the evaluation of the security fundamentals of SAP, and the regional deployment (where applicable) of the Cloud Service offering. The resulting attestation created by the assessor is made available as a Cloud Security Assessment (CSA) Pack to organization’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use SAP Cloud Services securely. This CSA Pack will include the Cloud Security Assessment Report (CSAR) and any addendums, the Cloud Security Controls Matrix (CSCM) now renamed to the Cloud Controls Matrix (CCM) detailing the individual controls and the responsibilities of SAP and the cloud consumer.

 

This assessment is undertaken in accordance with the Digital Transformation Agency (DTA)’s Secure Cloud Strategy, and Australian Cyber Security Centre (ACSC)’s Anatomy of a Cloud Assessment and Authorisation Framework guidelines.  For more information see: https://www.cyber.gov.au/acsc/view-all-content/publications/anatomy-cloud-assessment-and-authorisation

 

The use of these reports is restricted. A copy of this report is available for all SAP customers, prospects, and partners with non-disclosure agreement in place.