Mindtree Limited

SAP Hybris Cloud for Customer (C4C)

The provision of implementation services for the end-to-end implementation of SAP Hybris Cloud for Customer (C4C) and Cloud for Service(C4S) into a customer’s existing SAP landscape. This service also includes a range of pre and post implementation services to support the customers adoption of SAP Cloud for Customer and Service.


  • Service Desk/Contact Centre/Call Centre/Knowledge Base Tool
  • Supports exisiting Line Of Business workflow and porocesses
  • Mobile, device agnostic application and extensions
  • CRM, Customer / Citizen / Contact Relationship Management
  • Optimised for consumption via Digital Channels
  • Secure, UK only and EU only Data Residency and Processing
  • Development Platform to deploy and manage other applications
  • Public Sector Accelorators available, e.g. for Council, Health, Police
  • The only true real-time CRM system running on SAP HANA
  • Flexable Licencing and Support options


  • Automate and process in realtime
  • Built with native digital commerce, engagment and marketing capability
  • ERP & back office systems and applications intergration
  • Ease of deployment with established and expert partner ecosytem
  • Easy to use, adaptive and responsive User Interface (UI)
  • Market and engage to an audience of one
  • Open API Platform supporting easy integrations
  • Presentation and mobilisations environment for ALL (SAP and non) systems
  • Secure Platform to support Public,Private or Hybrid Cloud
  • UK Support Centre with UK only Staff and Datacentre


£37 to £117 per user per month

Service documents

G-Cloud 11


Mindtree Limited

Paril Popat



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to SAP Hybris Cloud for Customer (Cloud) integrates with SAP Enterprise Resource Planning (ERP) via HCI and PI and/ or with SAP Customer Relationship Management (CRM) via HCI and PI.

Additionally, with OData API, you can query, read, add, update and delete data from and into SAP Cloud for Customer.
Cloud deployment model Public cloud
Service constraints Potential disadvantage of the application is that every three months there is an update of the solution. This update is pushed to every C4C user in the world. Unfortunately, you can’t choose to wait a week or to keep using the older version. However, it is understandable decision of SAP, as this assures that all users are running the newest innovations and receive the same support.
System requirements
  • Microsoft Silverlight (minimum 5.0)
  • Adobe Reader 8.1.3 or higher

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times We offer a range of SLAs to meet all budgets
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer a variety of support models from ad-hoc per ticket support to fully outsourced Application Management Support
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Depending on the client's needs we can provide written documentation and user guide on how to use the C4C service. Bluefin Solutions offer knowledge transfer, onsite training and online/ remote training from our offshore consultants.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data extraction tools are available in the SAP C4C product.
End-of-contract process Please read section 6 of the GENERAL TERMS AND CONDITIONS

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Native mobile apps are available for Apple and Android devices.
Service interface No
What users can and can't do using the API Here are approximately 200 APi's which can be consumed in C4C for various objects. These API's can either create data or extract data from the system based on the standard provided system objects. These API's are system specific and will enable system testing prior to deploying to a production system.

The API's are delivered as standard with each C4C system, and with very little configuration they are ready to use, depending on the security requirements these services can be secured either with SSL certificates or Basic Authentication.

There are a number of options for sending data which could include system to system messages or front end user applications to populate the objects. The API can be customised by adding additional fields to the service to either store or extract the required data.

The provided API cannot be reduced and a complete object extract is required where standard fields have been populated, the only control available is to decide whether to add additionally created fields to the service or not.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customisation is possible through Key User Tools (KUT) where user can adjust screen layouts for different business roles and manipulate field creations. Via Cloud Application Studio user can access development tools to create bespoke objects or new screens. KUT and Cloud Studio Application -SDK development allows customisation of the C4C screens, objects, data validation and layout. There are also several options in-built within the system to allow admins to restrict the data that users can access or see, or to auto determine rule based field population. Only certain users (i.e. administrators) can customise the system based on roles and authorisations that have been set up. Regular system user can only customise his/her screen to suit business or personal preference.


Independence of resources The SAP C4C solution is cloud based,fully scalable and can be dynamically enhanced as the load increases or decreases. A key benefit of a cloud solution is that it does not need to care about scaling or multi-tenancy as SAP caters for this as part of the global service. This global scalability is transparent and provided automatically. There are zero infrastructure costs as this is a subscription based service priced per user, additional license costs would be based on user volumes and potentially any expert support required in support of future functional changes.


Service usage metrics Yes
Metrics types SAP provides dashboards and reports to measure and monitor how the solution is being used by C4C licensed users.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold SAP

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach The SAP cloud is inspected several times a year by external auditors, in accordance with various standards (including ISO 27001, ISAE-3402, and SSAE-16) to ensure that the security organization as well as all technical and organizational measures are implemented and reflect state-of-the-art technology. These certificates and audit reports may be shared with customers, although this may require signing a non-disclosure agreement (NDA).
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All SAP Cloud for Customers data objects can be extracted via an Excel mechanism.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability SAP warrants at least 99.5% availability over any calendar month. Please see the following link for details:
Approach to resilience An intrusion detection system monitors incoming data and identifies suspicious activities, while firewalls made by different manufacturers protect the data in the data center. Data and backup files are exchanged with customers in an encrypted format or transmitted via secure fiber-optic cables.
Outage reporting Should the multiple-redundancy power supply system fail, batteries are automatically and immediately actuated and supply electricity for up to 15 minutes. Within this time frame, emergency power diesel generators are started up. They can then supply power to the data center for an extended period.
A power outage is simulated once annually. The external power supply is cut off, so that the emergency power supply is actuated. This procedure ensures that the batteries can bridge the power failure as expected, the diesel motors start up automatically, and an extended supply of electricity is provided. This test is conducted and recorded by the data center operator. The reports are then submitted to the TÜV, which compares them to the ISO 27001 standards.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Every user type must authenticate itself to SAP Cloud solutions for regular browser-based front-end access, as well as for electronic data exchange, such as Business-to-Business communication. SAP Cloud solutions do not support anonymous access. When a new user is created in your SAP Cloud solution, for example, during the hiring process of a new employee, a user ID is created. To log on your SAP Cloud solution, the following authentication mechanisms are supported:
● Logon using SAML 2.0 assertion for front-end Single Sign-On (SSO)
● Logon using client certificate (X.509) as logon certificate
● Logon using user ID and password
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 PWC
ISO/IEC 27001 accreditation date 21/04/2015
What the ISO/IEC 27001 doesn’t cover Link to Certificate
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • SOC 1 / SSAE 16
  • SOC 2
  • ISO 22301

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All SAP Cloud services are ISO 27001 certified. For detailed information please refer to http://www.sapdatacenter.com for more detailed information.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Cloud solutions from SAP help organizations meet security requirements by providing industry standard certifications and IT IL-based operational processes that include security management and governance functionality such as the following:
•Change and security patch management processes
•Security incident management processes
•Identity management processes
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach SAP has implemented technical vulnerability management in its solutions to reduce risks resulting from the exploitation of technical vulnerabilities. The use of operator logs and fault logging helps ensure the identification of system problems. System monitoring checks the effectiveness of the controls that are implemented and verifies conformity to the information security policies and standards found in cloud solutions from SAP. The company uses industry-leading security partners to conduct daily and monthly penetration tests on the production environment, and customers
also can perform their own application vulnerability testing.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach SAP applies high security level not only to the cloud server environment but also to the administrator client infrastructure found in cloud solutions to quickly respond to potential compromises. Every PC or laptop used by employees that work on providing these service offerings are monitored by antivirus software, intrusion prevention systems, and compliance monitoring tools. This helps ensure quick response to incidents and also checks compliance of the operating system and applications used by our employees with the company’s security policy. Additionally, the hard drives in all client devices are encrypted.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach SAP Cloud implements formal event reporting and follows escalation procedures if an information security incident occurs. Real-time notifications of vulnerabilities and security incidents are entered into the SAP ticketing system, and the appropriate SAP personnel are notified. All actions taken to resolve a problem are documented, so all problems can be tracked to completion. Information security staff will generate a report regarding the need for enhanced or additional controls to limit the frequency, damage, and cost of future occurrences, as well as required revisions to information security policies.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £37 to £117 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document odt document: Skills Framework for the Information Age rate card pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑