SAP Cloud Platform

Trust Center

The Secure and Trusted Platform for Business

No business is without trust. And at SAP, security is serious business. We at SAP are committed to the security of
SAP Cloud Platform and its infrastructure.

Run Secure with Compliance

SAP’s security measures are audited through various certifications and attestations (ISO 9001, ISO27001, SOC 1 Type 2 and SOC 2 Type 2). Third-party certification bodies provide independent confirmation that SAP meets the requirements of international standards.

Learn more

Run Secure on SAP Data Centers

SAP’s data centers around the world meet the highest security standards. All SAP’s data centers are technically comparable physical facilities featuring high availability infrastructure, network security and threat management mitigation. You can decide in which country, region or continent your cloud business runs including the location of the data storage and SAP’s support.

SAP's data centers feature facility security, high infrastructure availability, network security, and threat mitigation management such as penetration testing by internal and external ethical hackers.

Learn more

Run Secure with Data Protection at SAP

At SAP, ensuring the protection of our customer’s data is critical.

SAP HANA database uses data encryption to protect data saved to disk from unauthorized access at the operating system level. For data at rest within your application, SAP provides a wide range of data security with customer-controlled encryption based on industry standards. SAP ensures the privacy of your data in the Cloud by supporting strictly isolated data.

Learn more about data volume encryption

Learn more about SAP HANA security

Run Secure with Transparency

SAP cloud customers specify in their contract which data center they want to use as their “data location."

Backups are always located in the same jurisdiction as the data that is used in day-to-day operations, but for security reasons, the two are physically separated.

We have clear and company-wide guidelines in place that define how we respond to requests for customer data coming from law enforcement authorities and regarding national security concerns.

We take our commitment to our customers and legal compliance very seriously. Customer data is only shared if the request is legally valid. Our legal department evaluates every inquiry in detail. In addition, we will question a request if there are grounds for assuming that they are not in conformity with the law.

Run Secure with Multi-Layer Security

There is a multi-layer approach to secure the access to your applications running on the SAP Cloud Platform.

Secure Communication

SAP Cloud Platform landscape runs in an isolated network, which is protected from the outside by firewalls, DMZ, and communication proxies for all inbound and outbound communications to and from the network. All customer user access to the SAP Cloud Platform is done through an authenticated Hypertext Transfer Protocol Secure (HTTPS) session from the user’s browser.

Secure User Access

Users with administrative tasks can be easily secured to access the SAP Cloud Platform by using the user management services and the Two Factor Authentication provided with SAP Cloud Platform, single sign-on service.

Secure Deployment

Malware detection is implemented for central services such as application deployment and document storage.

Security Monitoring

Security monitoring is done via audit logging, which is a critical element of a company’s risk management strategy. SAP Cloud Platform writes logs for security-relevant events and the written log files are digitally signed to ensure their integrity.

Learn more about SAP security