SAP UK Ltd

SAP Cloud Platform

SAP Cloud Platform is the enterprise, platform-as-a-service, enabling you to simplify open, agile business application development, With unique in-memory database and business application services, it includes a rich set of application services including Database, Mobile Development, App Security. Enterprises can quickly and simply build, extend, and integrate modern, mobile-enabled apps.

Features

  • Integration - Bringing cloud applications into business landscape
  • UX - Create applications with a personalized user experience
  • Analytics - Unearth new opps with real-time predictive analytics
  • Mobile - Native & Hybrid Business apps with secure access
  • Data & Storage - Remove divide between transaction & analytics
  • Biz Services - Marketplace for new biz apps
  • Dev & Ops - Develop and manage applications
  • Security - Pre-built security services i.e authentication, single sign-on etc
  • IoT - On-board, manage connected devices, get realtime predictive analysis
  • Collaboration - Securely access, share business content and applications

Benefits

  • Accelerated time to value (from idea to application)
  • Increased Developer productivity (standard and web based development tools)
  • Mobilized applicaitons: Support for tablets, smart phones or desktop
  • Lower cost - fully managed PaaS
  • Increased value of existing applications through secure integration
  • Lower risk: Enterprise grade SLA's and support
  • Opens new opportunities: Marketplace integration to monetize applications
  • Simplified IT: broadest set of platform capabilities from single vendor

Pricing

£23 to £118 per user per month

Service documents

G-Cloud 9

694736155260760

SAP UK Ltd

Tracy Gill

+44 (0)791751 4262

tracy.gill@sap.com

Service scope

Service scope
Service constraints Maintenance Windows for all Cloud Services are set forth in the Service Level Agreement for SAP Cloud Services - attached
System requirements
  • CPU Single core 3 GHz, x86-64
  • Memory 1GB, Disk 1GB
  • Windows 7, 8.1, 10, Windows Server 2008 - 2012 R2
  • SUSE Enterprise Server 11, 12, Redhat Enterprise 6, 7
  • Microsoft Internet Explorer 9 or higher
  • Mozilla Firefox 10 and latest version
  • Safari 5.1 and higher
  • Safari 5.1 and higher Google Chrome (latest versions)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24/7 for priority 1 and 2 issues.
Non Business Critical support is from 8am to 6pm local time.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support No
Support levels Maintenance support and system issues are supported by SAP direct, application support is provided via our partner channel and therefore costs are provided by them direct. Maintenance support is provided as part of the subscription cost and therefore at not extra charge. 24/7 for priority 1 and 2 issues. Non Business Critical support is from 8am to 6pm local time.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Help for users to get started with SAP services include
- onsite training
- online learning
- user documentation
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Guided Self-Services (GSS)
  • Expert-guided Implementations (EGI)
  • Accelerated Innovation Enablement (AIE)
  • Meet-the-Expert sessions (MTE)
  • Guided-Discovery Tutorials
End-of-contract data extraction There are data download facilities to extract the data
End-of-contract process When the contract end's the customer can either renew or revoke their licences and stop subscribing to the service at no additional cost.

Using the service

Using the service
Web browser interface Yes
Using the web interface Supported browsers
• Internet Explorer 8
• Internet Explorer 9
• Internet Explorer 10+
• Microsoft Edge
• Firefox
• Chrome
• Safari 9+
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing Service interface testing
Interface testing has been done with screenreaders
API Yes
What users can and can't do using the API SAP Cloud Platform API Management is an open-extension platform that simplifies integration with SAP and non-SAP solutions. Enabling businesses to easily share digital assets as application programming interfaces (APIs) beyond traditional applications and websites with business partners to create business networks and cross-company collaboration. To discover, explore, and test available APIs, please visit the SAP API Business Hub.

SAP Cloud Platform API Management provides the unique ability to connect devices to business transactions, as well as allows companies to build business networks, offering enterprises the ability to scale and innovate while opening up new channels, partner ecosystems, and revenue opportunities.
API automation tools Other
API documentation Yes
API documentation formats HTML
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources We constantly monitor usage and future forecast of our cloud based services and ensure we have sufficient redundancy and capacity to allow for data peaks / spikes and natural increases in volume. Our contractual SLA on uptime can be found in our contracts.
Usage notifications Yes
Usage reporting
  • API
  • Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • HTTP request and response status
  • Memory
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach AES 256 bit encryption
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls For productive databases, a full data backup is done once a day. Log backup is triggered at least every 30 minutes. The corresponding data or log backups are replicated to a secondary location every two hours. Backups are kept (complete data and log) on a primary location for the last two backups and on a secondary location for the last 14 days. Backups are deleted afterwards. Recovery is therefore only possible within a time frame of 14 days. Restoring the system from files on a secondary location might take some time depending on the availability.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The Service Level Agreement for SAP Cloud Services applies to the Cloud Services described in this Service Description Guide, provided, however, the System Availability SLA for all Cloud Services is 99.9% per month. Any deviations from the 99.9% System Availability SLA or any aspect of the standard Service Level Agreement for SAP Cloud Services are noted in the applicable Cloud Service terms in this Service Description Guide. The Service Level Agreement for SAP Cloud Services can be found at: http://go.sap.com/about/agreements/cloud-services.html?search=Service Level Agreement (also available from SAP upon request).
Approach to resilience This information is available on request
Outage reporting Outages are reported using e-mail alerts aswell as public dashboards available in the user community

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Via IP Filtering. 2 Factor authentication. Other information can be provided on request
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 PWC
ISO/IEC 27001 accreditation date 13/02/2013
What the ISO/IEC 27001 doesn’t cover The certificate is valid for The ISMS of SAP SE governing development, maintenance and operations of the SAP HANA Cloud Platform
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • ISO 9001 Quality Management
  • BS 10012 Personal Information Management
  • ISO 22301 Business Continuity Management
  • Service Organization Control (SOC) Attestations SOC 1, 2 and 3

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes This information can be provided upon request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All processes and policies are defined following industry best standards. Most of these policies are internal and are audited in our SOC2 Audit which is made twice a year and available to our customers
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All processes and policies are defined following industry best standards. Most of these policies are internal and are audited in our SOC2 Audit which is made twice a year and available to our customers
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All processes and policies are defined following industry best standards. Most of these policies are internal and are audited in our SOC2 Audit which is made twice a year and available to our customers
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach All processes and policies are defined following industry best standards. Most of these policies are internal and are audited in our SOC2 Audit which is made twice a year and available to our customers

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate We implement virtualisation, and we also use multiple other technical mechanisms to separate customer data.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £23 to £118 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Intended for non-production use.
Includes community support.
Provides early access to beta functionality

1 User
1 GB Database Storage
10 GB/month bandwidth
Link to free trial https://cloudplatform.sap.com/content/dam/website/skywalker/en_us/PDFs/SAP_CP_PricingPDF_3_24_17b.pdf

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑