SAP S/4HANA Cloud Finance and Procurement

Provision of an intelligent, integrated CloudERP solution focused through a software as a service subscription. Covering core financial and procurement processes with a modern User Experience. Incorporating advanced AI and Machine Learning options to reduce manual effort and increase efficiency.


  • Real time Data Acquisition
  • Real time reporting
  • Data Temperature Management
  • Data Warehouse Tooling
  • Connects to many data sources
  • Provides Extraction, Transformation and Loads
  • Cloud Infrastructure and Services
  • Pro-active managed Services
  • Independent Customer Driven upgrade cycles, fit to standard
  • Selective Data Transfer tools to convert from on premise ECC


  • Embedded Intelligence
  • Reduced Solution Implementation Costs
  • Fast Data Warehouse Reporting
  • Accelerated User Adoption
  • User Experience is Device agnostic
  • Supports Intelligent Enterprise processes, Digital ERP Core
  • Predictive Intelligence and Intelligent Automation


£282 a licence a month

Service documents


G-Cloud 12

Service ID

4 4 0 7 1 3 5 0 1 2 1 7 3 6 0


SAP UK Ltd David Dinsdale
Telephone: +44 7880 469556

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
S/4HANA Cloud ERP is implemented according to clean ERP principles. This means utilising the best practices available within the solution as Fit to Standard. Where backlog items are found to be necessary, extension capabilities through the SAP Cloud Platform (extensibility tools) and configuring outside best practices are possible.
In order to support the clean ERP principles, there are 5 Golden Rules for implementing:
1. Foster Cloud Mindset enforcing fit-to-standard and agile deployment methodology - Activate
2. Use Pre-configured solutions with predefined processes
3. Use of modern Integration technologies
4. Use of modern Extensibility technologies
5. Transparency of deviations
System requirements
  • Browser (to support URL)
  • Solution Manager strongly advised (see additional Service Offering)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Different ticket priorities have different response times, but the maximum response time for a Priority 1 ticket is 4 hours.
Overall SLA's will align and be triaged with the support organisation (in-house or through a third party).
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Through the website
Web chat accessibility testing
In terms of support, the SAP Service Marketplace is the default go-to anchor point for interacting with SAP. Our progressive extensibility options with bot/AI and access methods mean that add-on's or extensions can offer far more opportunity than can be explained in this response to , however for ensure consistency across all SAP solutions the SAP Marketplace is the default access point.
Onsite support
Yes, at extra cost
Support levels
1. Very High - A support message is priority one if the problem has very serious consequences
for normal business transactions and prevents urgent,
business-critical work from being performed. The message requires
immediate processing because the malfunction can cause serious
2. High - A support message is priority two if normal business transactions in a
system are seriously affected and prevent necessary
tasks from being performed.
3. Medium
4. Low
Support available to third parties

Onboarding and offboarding

Getting started
SAP provides comprehensive online user guides, test scripts and set up documentation in publicly available online documentation.

The solution contains embedded help functionality which has links to online documentation which is context relevant to help users understand the transaction and the context.

License subscription price includes Enterprise Support, Cloud Infrastructure and Services and Pro-active managed Services with a dedicated SAP Customer Success Manager.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We complete a HANA database Copy or a Full Environment Copy as well as providing data extraction capability to download customer data.
End-of-contract process
The database is terminated and deleted with witness documentation.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The S/4HANA Application is designed to be dynamic, identifying the device being used and scaling screen real estate to suit, providing consistency within the User Experience.
Service interface
Description of service interface
SAP Solution Manager can be optionally installed ad is strongly recommended.
Accessibility standards
None or don’t know
Description of accessibility
Customers can optionally open the SAP Solution Manager connection to allow SAP support personnel to diagnose the problem. This is an additional service.
Accessibility testing
Disability Discrimination Act (DDA) compliant
What users can and can't do using the API
Privileged users can set up the service through the API
Privileged users can make changes through the API
Limitations will exists to how users can set up or make changes through the API
Dependent on the API, Digital Access rights may be incurred pending the API usage rights
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
There are a number of ways in which the solution can be customised:
1. In-app extensibility which allows for creation of the reports, applications, custom fields and more in a way which does not prevent future upgrades
2. Side-by-side extensibility which allows for the creation of custom applications on the SAP Cloud Platform using multiple programming languages which does not prevent upgrades
3. Classic extensibility options such as ABAP programming, BAdis, BApis and customer user-exits, where applicable or converting from and maintaining existing interfaces in SAP ECC where applicable


Independence of resources
Additional consumption units for VCPU and Memory can be purchased to scale up the Cloud based instance.


Service usage metrics
Metrics types
Yes - this is part of standard content
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported using Smart Data Integration to multiple database vendors
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
Most Database Vendors

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The SLA is 99.5 system availability monthly with planned outages at weekends for maintenance and upgrades.
Approach to resilience
SAPs approach to resilience is available at
Outage reporting
SAP provides service outage reports using all three methods:
1. A public dashboard is available online showing all datacentre availability as well as customer specific information,
2. API acknowledgement, and
3. email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
SAP’s comprehensive administrative user access management follows the principles of minimal authorization (the need-to-know principle) and segregation of duties. Administrative access to data processing systems in SAP STE is subject to strict requirements for personnel and is managed by an access management tool for cloud services.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
International Standards Agency
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All components are covered.
ISO 28000:2007 certification
Who accredited the ISO 28000:2007
International Standards Organisation
ISO 28000:2007 accreditation date
What the ISO 28000:2007 doesn’t cover
All components covered.
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
SAP’s security framework focuses on the three cornerstones of secure products, operations, and the company (see the figure). Secure products put the focus on delivering software to our customers that meets the highest levels of security standards with continuous vigilance regarding vulnerabilities and rapid action to remediate issues. Secure operations add another layer to protect data at the level of internal networks, infrastruc-ture, and ecosystem and prevent security lapses within SAP’s internal operations. Secure company facilitates a culture of security at SAP, where employees and associ-ates understand their role in helping secure SAP and its customers for success in the digital economy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
SaaS Model so all configuration and updates are controlled by SAP and independently controlled by the customer to ensure planned activities align to business inter-dependencies. All configuration and change management is invoked via the Solution Manager which is an optional Service Description that is strongly advised.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
SAP’s security-patch management process mitigates threats and vulnerabilities. SAP’s security team rates security patches based
on the Common Vulnerability Scoring System standard for operating systems, databases,and virtualization in cloud services. Critical
security vulnerabilities that might endanger SAP’s service delivery capabilities. Platform are patched on a priority basis normally on a weekly basis during the weekend.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Securing Cloud services undertakes sophisticated monitoring for malware protection and monitoring. Therefore, SAP has defined and implemented a malware management process with which we consistently and continuously ensure secure service delivery free of viruses, spam, spyware, and other malicious software. It comprises antimalware agent deployment, regular scans, and malware reporting processes.
Incident management type
Supplier-defined controls
Incident management approach
Incident management process that is aligned with the International
Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27035:2011 information security principles.
Security incidents are monitored and tracked by security specialists in cooperation with defined communication channels until resolved. security breaches involve the accidental or unlawful destruction, loss, alteration, or disclosure of customer personal data or confidential data. Or it may refer to a similar incident involving personal data for which a data processor is required under applicable law to provide notice to the data controller.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£282 a licence a month
Discount for educational organisations
Free trial available

Service documents