SAP Knowledge Base Article - Public

2871898 - Request for penetration test results

Symptom

Are penetration test results available from SAP SuccessFactors

Environment

SAP SuccessFactors Learning - All Supported Versions

Resolution

The decision was taken in 2019 to no longer publish penetration test (PenTest) reports for SAP Cloud Platform. Instead, customers are to review the C5 & SOC2 reports where our penetration test policies and procedures are assessed.

SOC2 Report and the C5 Report covers the hacking simulations as we call penetration testing at SAP as it is about ethical hacking. In addition we are having external assurance by our auditors about penetration testing and vulnerability scanning.

Therefore, SCP changed the process from scheduled penetration test to continuous testing and mitigation. The C5 report provides respective evidence with the half-yearly audit cycle.

The C5 report is available via self-service on the SAP Trust Center, Compliance finder

Keywords

Penetration test, results, C5, SOC2, compliance finder, SAP Trust Center , KBA , LOD-SF-LMS-ADM , Admin Tools , Problem

Product

SAP SuccessFactors HXM Core all versions ; SAP SuccessFactors Learning all versions