SAP Integrated Business Planning SOC 1 (ISAE 3402) Audit Report 2021 H1

The scope of this SOC report includes the SAP Integrated Business Planning services as offered for the live productive customer systems that are hosted in SAP SE's data centers St. Leon–Rot (Germany) Frankfurt (Germany), Newtown Square (USA), Sterling (USA), Moscow (Russia), Riyadh (Saudi Arabia), Dubai (UAE), Shanghai (China), Sydney (Australia) and Tokyo (Japan). 

SAP Integrated Business Planning is SAP's platform for real-time and integrated planning, built on SAP HANA (High Performance Analytic Appliance), utilizing HANA’s Analytical features to the maximum. SAP Integrated Business Planning is being developed to deliver integrated, unified planning across Sales and Operations, Demand, Inventory, Supply and Response planning, as well as the Supply Chain Control Tower for dashboard analytics and monitoring. SAP Integrated Business Planning delivers a paradigm of user experience and efficiency, leveraging real-time dashboards, advanced predictive analytics, interactive simulation, embedded social collaboration and Microsoft Excel-enabled planning tables. 

The SAP Integrated Business Planning has five modules, addressing different business/planning areas Sales & Operations (S&OP), Demand, Inventory, Response and Supply, and Supply Chain Control Tower. A customer can subscribe to any of these solutions offered individually, and the commercials are based on the solution selected. To a large extend, the (HANA) hardware sizing also is based on the solution subscribed.

SOC1 reports specifically address service organizations internal control over financial reporting and controls specified by the service provider. The SOC1 reports are intended solely for the information and use of existing user entities (for ex. Existing customers of the service organization), their financial statement auditors and management of the service organization. SOC 1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No.18, a new guidance that the auditors use to conduct a SOC1 engagement. SOC1

Type 1 covers management’s description of a service organization’s system and the suitability of the design of controls at a specific point in time, whereas a SOC1 Type 2 also includes the operating effectiveness of controls for a dedicated period of time.

SAP Integrated Business Planning has regularly prepared SOC1 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. November 2020 to 30. April 2021, the locations St. Leon–Rot (Germany) Frankfurt (Germany), Newtown Square (USA), Sterling (USA), Moscow (Russia), Riyadh (Saudi Arabia), Dubai (UAE), Shanghai (China), Sydney (Australia) and Tokyo (Japan). 

The use of these reports is restricted. A copy of this report is available for all SAP Integrated Business Planning customers who had productive and had financially-relevant systems during the audit period covered by the report.