Skip to Content

SAP Trust Center

SAP HANA Enterprise Cloud SOC 1 (ISAE3402) Audit Report 2020 H1

The scope of this SOC report includes the SAP HANA® Enterprise Cloud and the SAP S/4 HANA Cloud, Single Tenant Edition services as offered in the data centers for the productive customer systems that have the status “business live” (i.e. in daily productive business use) in the following locations:

SAP Owned Data Center: Colorado, US; St. Leon–Rot, Germany

Co-locations: Amsterdam, Netherlands; Ashburn, US; Frankfurt, Germany; Moscow, Russia; Osaka, Japan; Santa Clara, US; Sterling, US; Sydney, Australia; Tokyo, Japan; Toronto, Canada

Amazon Web Services: Asia-Pacific, Seoul; Asia-Pacific, Singapore; Asia-Pacific, Sydney; Asia-Pacific, Tokyo: EU, Frankfurt; EU, Ireland; Middle East, Bahrain; South America, Sao-Paulo; US East, North Virginia; US West, Oregon

Microsoft Azure: Australia East, Sydney; Canada Central, Toronto; East Asia, Hongkong; Germany Central, Frankfurt; Ireland, Dublin; Japan East, Tokyo; Japan West, Osaka; Korea Central, Seoul; South Africa North, Johannesburg; South East Asia, Singapore; US East, Virginia; US West, Washington; West Europe, Amsterdam

Google Cloud Platform: US Central, Iowa; US East, Northern Virginia; West Europe, London

SAP HANA Enterprise Cloud is a fully scalable and secure private managed cloud solution available only from SAP. It empowers organizations to unlock the full value of SAP HANA in the cloud — accelerating growth and innovation, driving IT and business transformation, quickly delivering business outcomes, and reducing risk. 

The SAP HANA Enterprise Cloud reference architecture helps the customer to use flexible services for modular and rapid deployment. The SAP HANA Enterprise Cloud drives 

  • Innovation at your own pace
  • An adaptive, scalable operating model
  • Reduced time and cost to go-live
  • Comprehensive SLAs coordinated across your solution landscape

SOC1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC1 reports are intended solely for the information and use of existing user entities (for ex. Exiting customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC1 engagement. SOC1 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP HANA® Enterprise Cloud has regularly prepared SOC1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2019 to 30. April 2020.

GxP: This report contains controls for demonstrating compliance with GxP requirements. This controls address additional criteria related to the deployment and quality assurance. The controls have been tested along with the controls put in place for trust principles Security, Availability and Confidentiality. 

The use of these reports is restricted. A copy of this report is available for all SAP HANA® Enterprise Cloud customers who had productive and had financially-relevant systems during the audit period covered by the report.

Back to top