Académique Documents
Professionnel Documents
Culture Documents
Public
Physical Security
Network Security
Backup and Recovery
Support of Compliance
Confidentiality & Integrity
Summary
(Helpful Links)
Network Security
Compliance
Energy Efficiency
High Availability
BS25999 / ISO 22301
GREEN IT
CERTIFIED
CERTIFIED
Quality Management
IT Operations
ISO 9001
ISO 27001
CERTIFIED
CERTIFIED
Cloud Operations
SOC-2
International Accounting
Regulations
ISAE3402
SSAE16
TESTIFIED*
TESTIFIED*
Tax compliancy
PS 880
Network Security
Compliance
International Standard on
Assurance Engagements
(ISAE) No. 3402 Type B
It is globally recognized assurance
report on controls at a service
organization. It has been put forth by
the
International
Auditing
and
Assurance Standards Board (IAASB).
The focus of this quality standard lies
on controls that have a potential
impact on financial reporting.
ISAE 3402 is an "assurance" standard.
It is the international successor
standard of SAS 70.
Statement on Standards for
Attestation Engagements (SSAE)
No. 16
This is the US equivalent
international standard ISAE 3402.
to
Network Security
Compliance
Data Center
BS25999
CERTIFIED
ISO 27001
CERTIFIED
5
Network Security
Location
Country
St. Leon-Rot
Deutschland SAP
Walldorf
Deutschland SAP
Newtownsquare, PH
USA
SAP
Newtownsquare, PH
USA
SAP
Chandler, AZ
USA
Ashburn, VA
USA
Verizon
Amsterdam
NL
Telecity
JAM
Amsterdam
NL
Telecity
JAM
Sydney
AUS
Verizon
SFSF
Sydney
AUS
MacQuire
Chicago, IL
USA
CSC
Chicago, IL
USA
Rackspace
Jobs2Web
Sommerville, MA
USA
Internap
Sourcing
Maidstone
UK
CSC
Sourcing
Operator
Compliance
Service
C4C, ByD based, Payroll, OnDemand Portal, Photon
(Lumira Cloud), JPaaS, S&OP, SAP HANA Cloud for
Automobiles/Utilities
C4C, ByD based, S&OP
Compliance
POWER
BUILDING
FIRE +
FLOOD
Network Security
COOL
ING
Physical Security
Network Security
Compliance
IDS
Rev.
Proxy
FIREWALLS
Datacenter
Network Security
Compliance
Data Encryption
Highest level of protection with up to 256-Bit Data encryption protocols using
Transport Layer Security*
Multiple Firewalls
Shield internal network from hackers
Network Security
Primary Storage
production Data Center
Compliance
Secondary Storage
in offsite backup Location
Most recent
snapshot on
primary storage
Multiple snapshots
on retention policy
10
Network Security
Compliance
Snapshots:
Backups are created with snapshots from disk to disk. This ensures fast creation,
backups, and, if required, fast restoration.
Frequency:
Daily full backup. Log files incrementally backed up every two hours: all changes in
database since the last full backup are saved.
Location:
Database and log-file backups are stored in a geographically separated data center
but stay in the designated region.
Objective:
Recovery up to the last transaction is supported within database recovery process.
Maximum lost time for customer is two hours - if the primary data center is
completely destroyed.
Retention times:
Backups of the last 3 days are kept on primary and secondary storage.
Previous backups are kept up to 14 days in the geographically separated backup
data center.
ISO 27001
CERTIFIED
11
Network Security
Compliance
Compliance features
Journal entries that allow tracing of business transactions
to source documents
ISAE3402
SSAE16
TESTIFIED*
TESTIFIED*
Network Security
Compliance
Inability to delete accounting-relevant data, and all changes made to financially relevant
data are recorded in a change-history log
Help for customers to perform audits
13
Role Based
Access
Activity
Logging
Network Security
Compliance
Data
Ownership
Network Security
Compliance
Personalized log-traces
Personalized log-traces
15
Certified operations
World-class data centers
Advanced network
security
16
Helpful Links:
SAP Contract
Details
Security FAQs
Standards and
Audits
Certificates
SAP DC Energy
Efficiency
http://www.sap.com/corporate-en/our-company/agreements/index.epx
Search e.g. ByD Terms and Conditions US
www.sme.sap.com Sell Security Topics FAQs
www.sme.sap.com Sell Security and Standard Accreditations
www.service.sap.com/certificates
http://www.sap.com/press.epx?pressid=13030
Data Center
Security Video
http://youtu.be/oK5OIaUPEZ4
http://youtu.be/wxOs1AdJXLs
(German)
(English)
Cloud Operations
Video
http://youtu.be/3EZy1jq_vjE
http://youtu.be/zGvKZkQixCg
(German)
(English)
www.sapdatacenter.com
(English)
17
Appendix
Network Security
to
SAP NEWSBYTE - April 12, 2010 Two SAP AG (NYSE: SAP) data
centers in Germany have been
certified as energy efficient by TV
Rheinland, a German group that
documents the safety and quality of
business and technology systems to
establish sustainability in social and
industrial development. To date, only
10 data centers from various
companies
have
received
this
certification. Out of those, the SAP
data center in St. Leon-Rot, Germany,
achieved the highest ratings
Compliance
German Audience
(PS880 included)
International Standard on
Assurance Engagements
(ISAE) No. 3402 Type B
It is globally recognized assurance
report on controls at a service
organization. It has been put forth by
the
International
Auditing
and
Assurance Standards Board (IAASB).
The focus of this quality standard lies
on controls that have a potential
impact on financial reporting.
ISAE 3402 is an "assurance" standard.
It is the international successor
standard of SAS 70.
PS 880 Certificate for ByDesign.
Prfung rechnungslegungsrelevanter
Softwareprodukte
Ensures the product is in line with
German GoB Grundstzen
ordnungsgemer Buchfhrung.
Renewed for each software release.
20
German Audience
(PS880 included)
Network Security
Compliance
Compliance features
Journal entries that allow tracing of business transactions
to source documents
Number ranges that distinguish journal entries
Accounting-relevant data cannot be deleted from audit
trails
SSAE16
PS 880
TESTIFIED*
TESTIFIED*
CERTIFIED
German Audience
(PS880 included)
Network Security
Compliance
Inability to delete accounting-relevant data, and all changes made to financially relevant
data are recorded in a change-history log
Help for customers to perform audits
22
Planning Status
April 2012
Network Security
Compliance
Data Center
BS25999
CERTIFIED
ISO 27001
CERTIFIED
23
No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP AG. The information contained herein may be
changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary
software components of other software vendors.
Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are
registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x,
System z, System z10, z10, z/VM, z/OS, OS/390, zEnterprise, PowerVM, Power
Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA,
pureScale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP,
RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli,
Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the United States and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered
trademarks of Adobe Systems Incorporated in the United States and other countries.
Oracle and Java are registered trademarks of Oracle and its affiliates.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps,
Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync,
Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik and Android are
trademarks or registered trademarks of Google Inc.
INTERMEC is a registered trademark of Intermec Technologies Corporation.
Wi-Fi is a registered trademark of Wi-Fi Alliance.
Bluetooth is a registered trademark of Bluetooth SIG Inc.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase
products and services mentioned herein as well as their respective logos are trademarks or
registered trademarks of Sybase Inc. Sybase is an SAP company.
HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C,
World Wide Web Consortium, Massachusetts Institute of Technology.
Crossgate, m@gic EDDY, B2B 360, and B2B 360 Services are registered trademarks
of Crossgate AG in Germany and other countries. Crossgate is an SAP company.
Apple, App Store, iBooks, iPad, iPhone, iPhoto, iPod, iTunes, Multi-Touch, Objective-C,
Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc.
All other product and service names mentioned are the trademarks of their respective
companies. Data contained in this document serves informational purposes only. National
product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be
reproduced, copied, or transmitted in any form or for any purpose without the express prior
written permission of SAP AG.
24
Weitergabe und Vervielfltigung dieser Publikation oder von Teilen daraus sind, zu
welchem Zweck und in welcher Form auch immer, ohne die ausdrckliche schriftliche
Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen
knnen ohne vorherige Ankndigung gendert werden.
Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps,
Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync,
Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik und Android sind
Marken oder eingetragene Marken von Google Inc.
Microsoft, Windows, Excel, Outlook, und PowerPoint sind eingetragene Marken der
Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x,
System z, System z10, z10, z/VM, z/OS, OS/390, zEnterprise, PowerVM, Power
Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA,
pureScale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP,
RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli,
Informix und Smarter Planet sind Marken oder eingetragene Marken der IBM Corporation.
Linux ist eine eingetragene Marke von Linus Torvalds in den USA und anderen Lndern.
Adobe, das Adobe-Logo, Acrobat, PostScript und Reader sind Marken oder eingetragene
Marken von Adobe Systems Incorporated in den USA und/oder anderen Lndern.
Oracle und Java sind eingetragene Marken von Oracle und/oder ihrer
Tochtergesellschaften.
UNIX, X/Open, OSF/1 und Motif sind eingetragene Marken der Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame und MultiWin
sind Marken oder eingetragene Marken von Citrix Systems, Inc.
HTML, XML, XHTML und W3C sind Marken oder eingetragene Marken des W3C,
World Wide Web Consortium, Massachusetts Institute of Technology.
Apple, App Store, iBooks, iPad, iPhone, iPhoto, iPod, iTunes, Multi-Touch, Objective-C,
Retina, Safari, Siri und Xcode sind Marken oder eingetragene Marken der Apple Inc.
IOS ist eine eingetragene Marke von Cisco Systems Inc.
RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry
Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook und BlackBerry App
World sind Marken oder eingetragene Marken von Research in Motion Limited.
25