INTERNAL
Ming Chang & Mary Lasher
November, 2020
SAP Global SecurityOverview of My Trust Center & Trust Center
My Trust Center – Background
3INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
What is the SAP Trust Center?
www.sap.com/trust-center
The SAP Trust Center is a public-facing website on sap.com,
designed to provide unified and easy access to trust related content,
such as security, privacy, and compliance.
▪ Delivers transparency
▪ Easy access to SAP trust-related documents, certificates, and
contracts
▪ Users can initiate requests and engage with SAP
Security
Measures to ensure
SAP Cloud Security
Privacy
SAP respects and
protects the rights of
individuals
Compliance
Shows the vast variety
of ISO/BS as well as
certificates
Cloud Service Status
Availability data of our
cloud services
showing the current
live status
Agreements
Overview of the
building blocks of
SAP contracts
Data Center
Virtually and physically
protected data with
state-of-the-art
technologies
Cloud Operations
Shows how SAP runs
cloud operations to
help plan and optimize
resources
4INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
The newly launched My Trust Center offers instant access to classified information and other selected content around Security, Data Privacy, Compliance and Agreements topics for all visitors with an S-User login.
My Trust Center extends the public SAP Trust Center with information, documents and evidence available only to SAP customers and SAP partners.
There is a subscription functionality for many of the resources which offers you and your customers email notifications about changes and updates for content which is of particular relevance to you and your customers.
Why another Trust Center in My Support?
5INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
My Trust Center – Homepage
6INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP My Trust Center - Policies, Frameworks and TOMs
TOMs
• Provides current Technical and Organizational Measures (TOMs)
implemented to protect Personal Data processed in SAP Cloud
solutions
Cloud Security Framework
• Documentation of Security Controls and Measures applied to specific
subset of SAP Cloud solutions as detailed in the document Version
3.1 (August 21, 2020)
7INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP My Trust Center - SAP Sub-Processors
• Subscribe to Sub-processors list
• SAP Note 2645947 SAP Sub-Processor transparency and Advanced
Notification
8INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP My Trust Center - Compliance Documents
• Evidence From SAP Partners / co-location
• SOC1
• SOC2
• SOC3
• ISO 27001
• ISO 9001
• Bridge letter
9INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP My Trust Center - Tools & Documentation
• Documents about Security and Data Protection & Privacy for SAP
Products, Cloud Services, Professional Services and Support *
• SAP’s Standards, Processes, and Guidelines for Protecting Data and
Information
• Remote Support and Service Desk Security
• Recommendations for the use of cryptographic mechanisms in the IPsec
and IKE protocols
• SAP COVID-19 Response Case Study
* Any information provided is not legally binding
10INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
My Trust Center – Content and Notification Subscription
11INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
My Trust Center – Email Notification
INTERNAL
November 2020
SAP Trust Center
Find the information you need on security, privacy and compliance
13INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Introduction
What is the SAP Trust Center?
Where can I find the SAP Trust Center?
What can I expect from the SAP Trust Center?
Agenda
14INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
The SAP Trust Center is a public-facing website with unified and easy access to information on security, privacy, and compliance.
It is targeted towards customers, prospects, and partners.
It serves as an engagement center where users can initiate requests, engage with SAP via chat and email, and collect all assets and information they require.
What is the SAP Trust Center?
15INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
You can access the website by entering:
www.sap.com/trust-center to the navigation
bar of your browser.
SAP Trust Center is also placed under
“about” on www.sap.com page
Where can I find the
SAP Trust Center?
16INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
The SAP Trust Center includes topics such as security, cloud service
performance, data center locations, privacy, compliance certificates, and
typical cloud, on premise, and partner agreements.
What can I expect from the SAP Trust Center?
Cloud Status Security Privacy Compliance AgreementsData CenterCloud Operations
Dedicated content areas:
17INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP’s cloud portfolio will undergo incremental integration into
CSS. Downtimes related to regular maintenance and/or major
upgrade activities are not reflected. A disruption/degradation is only
visible if its duration is >= 5 minutes and if >= 5% of the productive
systems in a data center are impacted.
Cloud Service Status (CSS) shows live data on the performance
of our cloud services. Gain insights on service availability,
incidents, and the history of cloud services from SAP worldwide.
Cloud Service Status
Cloud Status Cloud Products
18INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
The Privacy section offers information on data privacy, data
processing agreements, and implemented data protection
management sytems.
The Security section offers information on how SAP helps to
protect the confidentiality, integrity, and availability of your
data. Find SAP guides and articles on data security, cybersecurity,
and data center security.
Security and Privacy
Security Privacy
19INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
The Cloud Operations section provide transparency into cloud
service delivery and availability, as well as hybrid IT landscapes,
and thus helps you in planning and optimizing resources.
SAP regularly undergoes audits and reviews of its policies and
controls, including data security and privacy regulations worldwide.
Use the Compliance Finder to easily search for certifications,
attestations as well as Service Organizational Control (SOC)
reports.
Compliance and Cloud Operations
Compliance Cloud Operations
20INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Find various agreement documents for cloud, software, and
service offerings from SAP. When referenced in specific order
forms, these agreement documents form the basis of your
contractual relationship with SAP. .
View a map of data center locations where the selected SAP cloud
services are currently operated. Find out how a data center works,
how we secure our data centers, and much more.
Data Center and Agreements
Data Center Agreements
Contact us.
Ming Chang
Mary Lasher
Visit www.sap.com/trust-center
© 2019 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of
SAP SE or an SAP affiliate company.
The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its
distributors contain proprietary software components of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or
warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials.
The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty
statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional
warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or
any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation,
and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platforms, directions, and
functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason
without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or
functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ
materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they
should not be relied upon in making purchasing decisions.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names
mentioned are the trademarks of their respective companies.
See www.sap.com/copyright for additional trademark information and notices.
www.sap.com/contactsap
Follow us