Sustainability and Corporate Social Responsibility (CSR)

We define sustainability as the creation of social, environmental, and economic value for long-term business success and responsible global development. In line with this definition, we aim to move from a separate sustainability strategy to a sustainable corporate strategy. This means we seek to embed sustainability in everything we do: our solutions, our operations, and our social investment.

Innovation belongs to all of us. Yet, according to The World Bank, more than half of global citizens are not included in the digital economy. SAP Corporate Social Responsibility (CSR) is tackling this issue head-on, powering opportunity for all people through digital inclusion initiatives.

Learn about SAP CSR

The International Integrated Reporting Council (IIRC, http://www.theiirc.org/) defines integrated reporting as "a process that results in communication, most visibly a periodic? integrated report, about value creation over time. An integrated report is a concise communication about how an organization’s strategy, governance, performance and prospects lead to the creation of value over the short, medium and long term." SAP published its first Integrated Report in 2013 (for the 2012 year). The current SAP Integrated Report may be found at www.sapintegratedreport.com

SAP aims to achieve a net-zero carbon footprint for SAP’s operations by 2025. This includes all direct (scope 1), indirect (scope 2), and selected categories of value chain (scope 3) greenhouse gas emissions (GHG) such as business flights, employee commuting, and co-locations of data centers. SAP will continue existing initiatives and programs to drive efficiency and innovation to avoid and reduce GHG emissions, following our approach “avoid – reduce – compensate.”

• (1) Avoid: Whenever possible, SAP aims to avoid the creation of GHG. This is our priority (e.g., usage of virtual telecommunication instead of business flights).
• (2) Reduce: If we cannot avoid GHG emissions, we aim to drive efficiency and reduce GHG emissions for all type of emissions (e.g., carpooling and car sharing, e-mobility).
• (3) Compensate: Compensation / offsetting is only the last option. We extend our existing proven compensation models by enlarging our embedded internal carbon pricing model for CO₂-free travel by train and airplane. Another example is the implementation of carbon neutral fuel cards for company cars.?

We define employee engagement as a score for the level of employee commitment, pride, and loyalty, as well as our employees’ feeling of being an advocate of SAP. It is calculated based on the results of regular employee surveys. Employee engagement remains one of SAP’s four corporate strategic goals, along with growth, profitability, and customer loyalty.?In 2017, we again achieved an employee egagement score of 85%. For 2020, we aim to reach an Employee Engagement Index between 84% and 86%. For more information, visit the SAP Integrated Report, Social Highlights section.

Our compliance management system details our policies and procedures for ensuring ethical business conduct. Our policies govern the conduct of our management, employees, suppliers and partners, as well as critical areas of our business such as sales, vendor selection, and payroll. In addition, we train employees on the SAP Code of Business Conduct for Employees, which includes guidelines on bribery, antitrust, and a host of other topics. In the case of any breaches of compliance, we take appropriate remedial action. You can find more information in the SAP Integrated Report, Business Conduct section.

At SAP, we believe that it is not enough to simply have a sustainability strategy but that, instead, our overall corporate strategy must itself be sustainable. Only by achieving this can we fulfill our vision to help the world run better and improve people’s lives. We therefore strive to promote sustainability across our entire business. Led by our chief sustainability officer, a dedicated team works to embed sustainability into our corporate strategy and promotes new sustainability initiatives across the organization. Our chief financial officer (CFO) is the sponsor for sustainability on the Executive Board, and we also have a dedicated person in charge of sustainability in each area of the business. These individuals are responsible for embedding sustainability in their business practices, for example, by setting relevant targets and implementing related programs. They are held accountable for their achievements in review meetings with the CFO and the chief sustainability officer that take place twice a year.

We have implemented safeguards to help protect the fundamental rights of everyone whose data is processed by SAP, whether they are our customers, prospects, employees, or partners. In addition, we work towards compliance with all relevant legal requirements for data protection. Our secure software development lifecycle conforms to the ISO/IEC 27034 standard for application security and is closely embedded into our ISO 9001-certified process framework for developing standard software. Our secure operations strategy focuses on the security principles of “confidentiality, integrity, and availability” to support overall protection of our business, as well as our customers’ businesses.

Industry best-practice certifications are key success factors for our secure operations strategy. Many of our cloud solutions undergo Service Organization Control (SOC) audits ISAE3402, SSAE16 SOC I Type II, and SSAE16 SOC II Type II. The SOC standards are harmonized with a number of ISO certifications including ISO 9001, 27001, and 22301. SAP is committed to ensuring compliance with the harmonized European data protection law, the General Data Protection Regulation (GDPR). We have implemented a wide range of measures to protect data controlled by SAP and SAP customers from unauthorized access and processing, as well as from accidental loss or destruction. These include, among others, the implementation of our data protection management system (DPMS) in areas critical to data protection. This system is certified on a yearly basis by the British Standards Institute.