You want to request for a SOC 1 or SOC 2 or ISO 27001 report for audit purpose.
SAP Business ByDesign, SAP Hybris Cloud for Customer
SAP has developed and implemented an integrated framework based on several international standards. This approach provides a consistent, secure service that meets customer and applicable regulatory requirements. We address client satisfaction and continuous, as well as secure operation of our services, through the effective application of the framework, which includes continuous improvement and the prevents nonconformity. All cloud units certified against ISO/BS standards are annually audited by our certification body.
ISO 27001 is possibly the best-known standard in the ISO family. It provides holistic, risked-based approach to security and a comprehensive and measurable set of information security management practices.
SOC 1 Report : The auditor of our customer’s financial statements receives information about controls for cloud solutions from SAP that may be relevant to a customer’s internal control over financial reporting. The SOC 1 report follows the SSAE 16 and ISAE 3402 standards on auditing engagements and includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.
SOC 2 Report : Customers and prospects are given insights into the control system relevant to security, availability, processing integrity, confidentiality, or privacy of the data. The SOC 2 report follows the ISAE 3000 and AT 101 auditing standards and is based on AICPA’s trust service principles. The report includes a detailed description of the design (type I/type II) and effectiveness (type II) of the controls audited.
You can find these reports in the SAP Cloud Trust Center .If the reports are not available in the compliance center, then you can request the report via accessing the link Request for SOC report
Please note: Once you have requested the report, it takes around 2-3 weeks for the report to be sent to the requestor.
We recommend, based on your audit schedule, kindly request the SOC or ISO reports in advance to avoid any delays/incidents.
You can also view our SAP Cloud Trust Center to know more detials.
SOC1, SOC2, ISO27001, Audit reports , KBA , SRD-CC-CC , Control Centre , How To
SAP Business ByDesign all versions ; SAP Cloud for Customer add-ins all versions