Quality at SAP
SAP is committed to third-party validations, standards, and certifications of the policies and procedures we use to maintain our customers’ security, privacy, and data integrity. We maintain several certifications and accreditations to ensure we provide the highest standards of service and reliability to our customers.
SOC 1: Provides the auditor of a user entity’s financial statements information about controls at a service organization that may be relevant to a user entity’s internal control over financial reporting. A Type 2 SOC 1 report includes a detailed description of tests of controls performed by the CPA and results of the tests.
Note: SOC 1 (ISAE3402 / SSAE16) reports are only available for customers who had live, financially-relevant systems during the last audit period. Please contact your SAP sales representative to attain this report.
SOC 2: Provides management of a service organization, user entities, and others a report about controls at a service organization relevant to the security, availability, or processing integrity of the service organization’s system, or the confidentiality and privacy of the data processed by that system. A Type 2 SOC 2 report includes a detailed description of tests of controls performed by the CPA and results of the tests.
SOC 3: Provides users and interested parties a report about controls at the service organization related to security, availability, processing integrity, confidentiality or privacy. SOC 3 reports are a short-form report (i.e., no description of tests of controls and results) and may be used in a service organization’s marketing efforts.
Reports: Service organization controls 1 and 2
SOC 1 and SOC 2 reports will be delivered on customer request. Please contact your sales representative to obtain a copy.