2681625 - How to Get SOC1, SOC2 or ISO 27001 Reports for Audits in SAP Business ByDesign

A SOC 1, SOC 2, or ISO 27001 report is required for audit purposes, with instructions needed on the request process.

SAP Business ByDesign

An integrated framework, developed and implemented by SAP, is based on multiple international standards to ensure a consistent and secure service that meets both customer and regulatory requirements. Client satisfaction, secure service operation, and continuous improvement are achieved through the effective application of this framework, which also prevents nonconformities. All cloud units certified under ISO and BS standards undergo annual audits conducted by an independent certification body.

ISO 27001: is one of the most widely recognized standards in the ISO family. It establishes a holistic, risk-based approach to security and defines a comprehensive, measurable set of information security management practices.

SOC 1 Report: Designed for financial auditors, this report provides information on the controls in place for SAP cloud solutions that may be relevant to a customer’s internal control over financial reporting. Following the SSAE 16 and ISAE 3402 auditing standards, the report includes a detailed assessment of the design (Type I/Type II) and operational effectiveness (Type II) of the audited controls.

SOC 2 Report: Customers and prospects receive insights into the control system related to security, availability, processing integrity, confidentiality, or data privacy. This report follows the ISAE 3000 and AT 101 auditing standards and is based on AICPA’s Trust Service Principles. It includes a comprehensive evaluation of the design (Type I/Type II) and operational effectiveness (Type II) of the audited controls.

These reports are available in the SAP Cloud Trust Center in Compliance tab. If a report is not accessible in the SAP Cloud Trust center portal, please reach out to respective contacts AE (Account Executive), CSP (Customer Success Partner) or CSM (Customer Success Management).

After the report is requested, delivery typically takes 2-3 weeks. To prevent delays or disruptions, requesting SOC or ISO reports in advance, based on the audit schedule, is advised.

You can request such a report also via the following link: https://www.sap.com/about/trust-center/certification-compliance/sap-sem-soc-1-2024-h2.html Here scroll to the very bottom and click on the button "Request a copy of SOC1 / SOC2 report".

How to request 2024 SOC reports?

• SAP Enterprise Management SOC 1 Audit Report 2024 H1
• SAP Enterprise Management SOC 1 Audit Report 2024 H2
• SAP Enterprise Management SOC 1 Bridge Letter Package
• SAP Enterprise Management SOC 2 Audit Report 2024 H1
• SAP Enterprise Management SOC 2 Bridge Letter Package

SOC1, SOC2, ISO27001, Audit reports, SAP Cloud Trust Ceter, Compliance, SAP Business ByDesign , KBA , soc reports , soc report , soc , SRD-CC-CI-CCS , ByD Service Control Center , How To