Skip to Content

SAP Trust Center

SAP Sales Performance Management + HITRUST SOC 2 (ISAE 3000) Audit Report 2022 H1

Callidus Software Inc., doing business as SAP Sales Performance Management (SPM), was acquired by SAP SE in April 2018 and is part of SAP’s SuccessFactors business segment providing cloud-based sales, marketing, learning, and customer experience solutions. SAP SPM enables organizations to accelerate and maximize their lead to money process with a complete suite of solutions that identify the right leads, ensure proper territory and quota distribution, enable salesforce, automate bid configuration pricing and quoting, manage contracts, streamline sales compensation, and capture customer feedback for competitive advantage. Over 6,700 leading organizations, across all industries, rely on SAP SPM to optimize the lead to money process and close more deals, faster. 

"Lead to Money" is a process designed to enable companies to respond to the changing role of sales and marketing in the redefined buying cycle. In the last decade, the ubiquity of social networks, mobile devices, and e-commerce has transformed the traditional sales cycle into a buyer-lead journey. The core mission of SAP SPM is to accelerate and maximize effectiveness along this “Lead to Money” process. SAP SPM provides a suite of Software-as-a-Service ("SaaS") solutions which generate revenue from cloud subscriptions, sales operation services, and term licenses. SaaS customers typically purchase annual subscriptions but can also purchase multi-year subscriptions.

SOC 2 reports fulfill various information and assurance needs of customers and aim to place trust in SAPs service organization systems, processes and controls. These narratives are related to the trust principles Security, Availability, Confidentiality Processing Integrity or Privacy which must be met to demonstrate a well-designed system. SOC 2 also contains details on performed tests and their results. SOC 2 Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC 2 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP SPM + HITRUST (Health Information Trust Alliance Common Security Framework Version 9.4.2) has regularly prepared SOC 2 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2021 to 31. March 2022, the locations San Ramon (California), Birmingham (Alabama), Belgrade (Serbia), Hyderabad (India), as well as in co-locations Sacrament, CA and Ashburn, VA (USA), Frankfurt (Germany), Selangor (Malaysia), Kuala Lumpur (Malaysia), Singapore, and Dublin (Ireland). 

The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.

Back to top