SAP Knowledge Base Article - Public

2871898 - Request for penetration test results


Are penetration test results available from SAP SuccessFactors


SAP SuccessFactors Learning - All Supported Versions


The decision was taken in 2019 to no longer publish penetration test (PenTest) reports for SAP Cloud Platform. Instead, customers are to review the C5 & SOC2 reports where our penetration test policies and procedures are assessed.

SOC2 Report and the C5 Report covers the hacking simulations as we call penetration testing at SAP as it is about ethical hacking. In addition we are having external assurance by our auditors about penetration testing and vulnerability scanning.

Therefore, SCP changed the process from scheduled penetration test to continuous testing and mitigation. The C5 report provides respective evidence with the half-yearly audit cycle.

The C5 report is available via self-service on the SAP Trust Center, Compliance finder


Penetration test, results, C5, SOC2, compliance finder, SAP Trust Center , KBA , LOD-SF-LMS-ADM , System Admin, Global Variables, References , Problem


SAP SuccessFactors HXM Core all versions ; SAP SuccessFactors Learning all versions