SAP Datasphere - Security Compliance

SAP Datasphere: Ensuring Compliance and Security for Your Data

In today's data-driven world, security and compliance are paramount. SAP Datasphere recognizes this critical need and provides a robust framework to safeguard your data assets. It achieves this through a multi-layered approach that encompasses certifications, reports, and adherence to strict data protection guidelines.

Certifications and Reports: Validating Security Standards

SAP Datasphere undergoes regular audits and reviews to ensure its policies and controls meet the highest industry standards. This commitment to security is reflected in its compliance with several key certifications and reports:

• ISO/IEC 27001 Security Management System: This internationally recognized standard ensures the implementation of a comprehensive information security management system (ISMS). This includes risk assessments, security controls, and continuous improvement processes to protect data confidentiality, integrity, and availability. You can find more information in the [Information Security Management System](link to Information Security Management System).
• ISO/IEC 22301 Business Continuity Management System: This standard focuses on establishing and maintaining a robust business continuity management system (BCMS). It ensures that SAP Datasphere can effectively respond to disruptions and maintain critical operations, minimizing downtime and data loss. For more details, refer to the [Business Continuity Management System](link to Business Continuity Management System).
• SOC 1 Type 2 and SOC 2 Type 2 Reports: These reports provide assurance about the effectiveness of SAP Datasphere's internal controls over financial reporting (SOC 1) and security, availability, processing integrity, confidentiality, and privacy (SOC 2). They offer detailed insights into the platform's security posture, based on independent audits. See the [SAP Business Technology Platform SOC 1 (ISAE3402) Audit Report](link to SAP Business Technology Platform SOC 1 (ISAE3402) Audit Report 2021 H1) and the [SAP Business Technology Platform SOC 2 Audit Report](link to SAP Business Technology Platform SOC 2 Audit Report 2021 H1) for more information.
• STAR Certification: ISO/IEC 27001:2013: This certification, listed on the STAR Registry, further validates SAP Datasphere's compliance with ISO/IEC 27001. It provides independent verification of the platform's security controls and practices. Refer to the [STAR Registry Listing for SAP Business Technology Platform](link to STAR Registry Listing for SAP Business Technology Platform) for details.
• CSA STAR, CCM version 3.0.1: This certification from the Cloud Security Alliance (CSA) demonstrates SAP Datasphere's adherence to the Cloud Controls Matrix (CCM). It provides a comprehensive framework for cloud security, covering various domains like governance, risk management, data security, and infrastructure security. You can find more information in the [SAP Business Technology Platform CSA STAR Certificate](link to SAP Business Technology Platform CSA STAR Certificate).
• EU Cloud CoC European Data Protection Code of Conduct for Cloud Service Providers: SAP Datasphere adheres to the EU Cloud CoC, demonstrating its commitment to data protection and compliance with the European General Data Protection Regulation (GDPR). This code of conduct provides a framework for cloud providers to process personal data responsibly and transparently. For detailed information, see the [SAP Business Technology Platform EU Cloud CoC](link to SAP Business Technology Platform EU Cloud CoC).

Data Protection: A Core Principle

Beyond certifications, SAP Datasphere follows SAP's global data protection and privacy guidelines. These guidelines ensure that personal data is handled with care and in compliance with applicable regulations like GDPR, CCPA, and others.

Key aspects of data protection in SAP Datasphere include:

• Data Minimization: Collecting and processing only the necessary personal data.
• Purpose Limitation: Using personal data only for specified, explicit, and legitimate purposes.
• Data Security: Implementing appropriate technical and organizational measures to protect personal data from unauthorized access, use, disclosure, alteration, or destruction.
• Data Subject Rights: Respecting data subject rights, including the right to access, rectify, erase, and restrict processing of their personal data.

For a deeper understanding of SAP's data protection guidelines, refer to the [Data Privacy](link to Data Privacy) page. You can also access the specific Personal Data Processing policy for your region on the [Personal Data Processing for SAP Cloud Services](link to Personal Data Processing for SAP Cloud Services) page.

In conclusion, SAP Datasphere prioritizes compliance and security, offering a robust framework to protect your valuable data assets. By adhering to international standards, undergoing independent audits, and following strict data protection guidelines, it provides a secure and reliable environment for your data management needs.

• https://www2.deloitte.com/us/en/pages/advisory/events/tpa-summit.html
• https://univcapstone.com/data-privacy/