SAP has developed and implemented an integrated framework based on several international standards. This approach provides a consistent, secure service that meets customer and applicable regulatory requirements. We address client satisfaction and continuous, as well as secure operation of our services, through the effective application of the framework, which includes continuous improvement and the prevents nonconformity. All cloud units certified against ISO/BS standards are annually audited by our certification body.
ISO 27001 is possibly the best-known standard in the ISO family. It provides holistic, risked-based approach to security and a comprehensive and measurable set of information security management practices.
SOC 1 Report : The auditor of our customer’s financial statements receives information about controls for cloud solutions from SAP that may be relevant to a customer’s internal control over financial reporting. The SOC 1 report follows the SSAE 16 and ISAE 3402 standards on auditing engagements and includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.
SOC 2 Report : Customers and prospects are given insights into the control system relevant to security, availability, processing integrity, confidentiality, or privacy of the data. The SOC 2 report follows the ISAE 3000 and AT 101 auditing standards and is based on AICPA’s trust service principles. The report includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.
Please note: Once you have requested the report, it takes around 2-3 weeks for the report to be sent to the requester.
We recommend, based on your audit schedule, kindly request the SOC or ISO reports in advance to avoid any delays/incidents.
You can also view our SAP Cloud Trust Center to know more details.