INTERNAL

Ming Chang & Mary Lasher

November, 2020

SAP Global SecurityOverview of My Trust Center & Trust Center

My Trust Center – Background

3INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

What is the SAP Trust Center?

www.sap.com/trust-center

The SAP Trust Center is a public-facing website on sap.com,

designed to provide unified and easy access to trust related content,

such as security, privacy, and compliance.

▪ Delivers transparency

▪ Easy access to SAP trust-related documents, certificates, and

contracts

▪ Users can initiate requests and engage with SAP

Security

Measures to ensure

SAP Cloud Security

Privacy

SAP respects and

protects the rights of

individuals

Compliance

Shows the vast variety

of ISO/BS as well as

certificates

Cloud Service Status

Availability data of our

cloud services

showing the current

live status

Agreements

Overview of the

building blocks of

SAP contracts

Data Center

Virtually and physically

protected data with

state-of-the-art

technologies

Cloud Operations

Shows how SAP runs

cloud operations to

help plan and optimize

resources

4INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

The newly launched My Trust Center offers instant access to classified information and other selected content around Security, Data Privacy, Compliance and Agreements topics for all visitors with an S-User login.

My Trust Center extends the public SAP Trust Center with information, documents and evidence available only to SAP customers and SAP partners.

There is a subscription functionality for many of the resources which offers you and your customers email notifications about changes and updates for content which is of particular relevance to you and your customers.

Why another Trust Center in My Support?

5INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

My Trust Center – Homepage

6INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

SAP My Trust Center - Policies, Frameworks and TOMs

TOMs

• Provides current Technical and Organizational Measures (TOMs)

implemented to protect Personal Data processed in SAP Cloud

solutions

Cloud Security Framework

• Documentation of Security Controls and Measures applied to specific

subset of SAP Cloud solutions as detailed in the document Version

3.1 (August 21, 2020)

7INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

SAP My Trust Center - SAP Sub-Processors

• Subscribe to Sub-processors list

• SAP Note 2645947 SAP Sub-Processor transparency and Advanced

Notification

8INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

SAP My Trust Center - Compliance Documents

• Evidence From SAP Partners / co-location

• SOC1

• SOC2

• SOC3

• ISO 27001

• ISO 9001

• Bridge letter

9INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

SAP My Trust Center - Tools & Documentation

• Documents about Security and Data Protection & Privacy for SAP

Products, Cloud Services, Professional Services and Support *

• SAP’s Standards, Processes, and Guidelines for Protecting Data and

Information

• Remote Support and Service Desk Security

• Recommendations for the use of cryptographic mechanisms in the IPsec

and IKE protocols

• SAP COVID-19 Response Case Study

* Any information provided is not legally binding

10INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

My Trust Center – Content and Notification Subscription

11INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

My Trust Center – Email Notification

INTERNAL

November 2020

SAP Trust Center

Find the information you need on security, privacy and compliance

13INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

Introduction

What is the SAP Trust Center?

Where can I find the SAP Trust Center?

What can I expect from the SAP Trust Center?

Agenda

14INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

The SAP Trust Center is a public-facing website with unified and easy access to information on security, privacy, and compliance.

It is targeted towards customers, prospects, and partners.

It serves as an engagement center where users can initiate requests, engage with SAP via chat and email, and collect all assets and information they require.

What is the SAP Trust Center?

15INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

You can access the website by entering:

www.sap.com/trust-center to the navigation

bar of your browser.

SAP Trust Center is also placed under

“about” on www.sap.com page

Where can I find the

SAP Trust Center?

16INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

The SAP Trust Center includes topics such as security, cloud service

performance, data center locations, privacy, compliance certificates, and

typical cloud, on premise, and partner agreements.

What can I expect from the SAP Trust Center?

Cloud Status Security Privacy Compliance AgreementsData CenterCloud Operations

Dedicated content areas:

17INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

SAP’s cloud portfolio will undergo incremental integration into

CSS. Downtimes related to regular maintenance and/or major

upgrade activities are not reflected. A disruption/degradation is only

visible if its duration is >= 5 minutes and if >= 5% of the productive

systems in a data center are impacted.

Cloud Service Status (CSS) shows live data on the performance

of our cloud services. Gain insights on service availability,

incidents, and the history of cloud services from SAP worldwide.

Cloud Service Status

Cloud Status Cloud Products

18INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

The Privacy section offers information on data privacy, data

processing agreements, and implemented data protection

management sytems.

The Security section offers information on how SAP helps to

protect the confidentiality, integrity, and availability of your

data. Find SAP guides and articles on data security, cybersecurity,

and data center security.

Security and Privacy

Security Privacy

19INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

The Cloud Operations section provide transparency into cloud

service delivery and availability, as well as hybrid IT landscapes,

and thus helps you in planning and optimizing resources.

SAP regularly undergoes audits and reviews of its policies and

controls, including data security and privacy regulations worldwide.

Use the Compliance Finder to easily search for certifications,

attestations as well as Service Organizational Control (SOC)

reports.

Compliance and Cloud Operations

Compliance Cloud Operations

20INTERNAL© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

Find various agreement documents for cloud, software, and

service offerings from SAP. When referenced in specific order

forms, these agreement documents form the basis of your

contractual relationship with SAP. .

View a map of data center locations where the selected SAP cloud

services are currently operated. Find out how a data center works,

how we secure our data centers, and much more.

Data Center and Agreements

Data Center Agreements

Contact us.

Ming Chang

Ming.chang@sap.com

Mary Lasher

Mary.lasher@sap.com

Visit www.sap.com/trust-center

© 2019 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of

SAP SE or an SAP affiliate company.

The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its

distributors contain proprietary software components of other software vendors. National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or

warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials.

The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty

statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional

warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or

any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation,

and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platforms, directions, and

functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason

without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or

functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ

materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they

should not be relied upon in making purchasing decisions.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered

trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names

mentioned are the trademarks of their respective companies.

See www.sap.com/copyright for additional trademark information and notices.

www.sap.com/contactsap

Follow us