We have implemented safeguards to help protect the fundamental rights of everyone whose data is processed by SAP, whether they are our customers, prospects, employees, or partners. In addition, we work towards compliance with all relevant legal requirements for data protection. Our secure software development lifecycle conforms to the ISO/IEC 27034 standard for application security and is closely embedded into our ISO 9001-certified process framework for developing standard software. Our secure operations strategy focuses on the security principles of “confidentiality, integrity, and availability” to support overall protection of our business, as well as our customers’ businesses.
Industry best-practice certifications are key success factors for our secure operations strategy. Many of our cloud solutions undergo Service Organization Control (SOC) audits ISAE3402, SSAE16 SOC I Type II, and SSAE16 SOC II Type II. The SOC standards are harmonized with a number of ISO certifications including ISO 9001, 27001, and 22301. SAP is committed to ensuring compliance with the harmonized European data protection law, the General Data Protection Regulation (GDPR). We have implemented a wide range of measures to protect data controlled by SAP and SAP customers from unauthorized access and processing, as well as from accidental loss or destruction. These include, among others, the implementation of our data protection management system (DPMS) in areas critical to data protection. This system is certified on a yearly basis by the British Standards Institute.