Symptom
Are penetration test results available from SAP SuccessFactors
Environment
SAP SuccessFactors Learning - All Supported Versions
Resolution
The decision was taken in 2019 to no longer publish penetration test (PenTest) reports for SAP Cloud Platform. Instead, customers are to review the C5 & SOC2 reports where our penetration test policies and procedures are assessed.
SOC2 Report and the C5 Report covers the hacking simulations as we call penetration testing at SAP as it is about ethical hacking. In addition we are having external assurance by our auditors about penetration testing and vulnerability scanning.
Therefore, SCP changed the process from scheduled penetration test to continuous testing and mitigation. The C5 report provides respective evidence with the half-yearly audit cycle.
The C5 report is available via self-service on the SAP Trust Center, Compliance finder
Keywords
Penetration test, results, C5, SOC2, compliance finder, SAP Trust Center , KBA , LOD-SF-LMS-ADM , System Admin, Global Variables, References , Problem