www.sapdatacenter.

com



How Secure Is the Data Center
Security Chapter 02.01.
Access
Can unauthorized
people enter the data
center?


Access to Data
How are hacker attacks
fended off?


Power Supply
What happens when the
power goes out?


Hardware
If the servers fail, is the
data still secure?


Fire Protection
If a fire should break out,
who responds?


Building
What happens if there is
a natural disaster?


Data Privacy
Is data protection
guaranteed?


Backup
How can you recover
data?





Access

The data center is monitored around the clock. Single-person access and mantrap
systems provide access only to authorized individuals. Technicians can then enter
special rooms using custom-configured ID cards. High-sensitivity areas require
authentication by means of biometric scans

Access to Data

An intrusion detection system monitors incoming data and identifies suspicious
activities, while firewalls made by different manufacturers protect the data in the data
center. Data and backup files are exchanged with customers in an encrypted format or
transmitted via secure fiber-optic cables.

Power Supply

Should the multiple-redundancy power supply system fail, batteries are automatically
and immediately actuated and supply electricity for up to 15 minutes. Within this time
frame, emergency power diesel generators are started up. They can then supply power
to the data center for an extended period..

Hardware

All virtual and physical servers, HANA databases, storage units and networks in use
access a pool of physical hardware. If individual components should fail, the load can
be directly re-allocated to other components without impairing system stability. If
hardware fails due to a fire, data can be recovered from the backup system

Fire Protection The data center is subdivided into many fire compartments. In addition, thousands of
fire detectors and aspirating smoke detectors (ASD) monitor all rooms. The ASDs pick
up on the emission of specific gases that stem from overheating electronic components
and set off a preliminary alarm. Should a fire break out, the affected room is flooded
with extinguishing gas (INERGEN) and the fire is smothered. Sprinklers are not used,
as water would destroy sensitive electronic devices. As a last resort, however, water or
foam may still be used as an extinguishing method by the fire department, which is
automatically alerted to the emergency






Copyright/Trademark

Building The data center consists of 100,000 metric tons of reinforced concrete and rests on 480
concrete pillars, each extending 16 meters into the ground. The exterior walls are 30
centimeters thick and made of reinforced concrete. The server rooms are further
surrounded by 3 concrete walls. This design provides effective protection against
storms and even a small airplane crash.

Data Privacy SAP ensures compliance with data protection provisions. Data from cloud customers
falls under the jurisdiction selected by the customer and is not forwarded to third parties.
SAPs support services ensure that data protection is also maintained during required
maintenance operations.

Backup

Backups are carried out in the form of disk-to-disk copies, which enables rapid data
creation and recovery. Besides full backups done on a daily basis, interim versions are
created several times per day and are then archived, like all backups, at a second
location for security purposes.



At regular intervals, TV, KPMG, and SAP itself test whether the technology and infrastructure are
operating smoothly. An overview of the most important checks is provided below.

CONTINUAL CHECKS
Databases and servers are routinely checked in real time to ensure that they operate properly.

Batteries for the emergency power supply must always be charged. Thus, the condition of batteries is
continuously tested. If a batterys maximum capacity decreases excessively, it is replaced.

Gas cylinders containing the INERGEN fire-extinguishing gas must sustain a specific level of pressure. An
electronic pressure gauge on each gas cylinder electronically transmits deviations from the standard value to
the central gas distribution facility.

MONTHLY
The diesel engines are automatically started once per month to perform a full load test.

EVERY THREE MONTHS
An aspirating smoke detector (ASD) emits a preliminary alarm to the security department upon the slightest
signs of fire or smoke. A second fire detector then emits a piercing alarm in the event of an emergency. An
external company performs tests every three months using a smoke device to determine whether the ASD
and fire detectors are still active.

EVERY SIX MONTHS
The diesel engines switch control panels are checked twice annually by an external company. The
inspection ensures that, in a real power outage, the switchover will function and that power is supplied to the
servers.

EVERY YEAR
Doors, windows, and ventilation systems are inspected annually. The TV (an international safety
certification organization) inspects all access points to the data center in accordance with ISO 27001
specifications. The door check verifies what types of door locks (toggle locks or dead bolt locks) are used
and whether they comply with the ISO standard. In addition, doors may not be kept open for too long. During
the TV inspection visit, the door is left open for one minute to see whether an alarm is triggered as per the
standard.

KPMG goes one step further and inspects the data centers black box according to the international ISAE
3402 (or SSAE 16) certification standard. In other words, it checks the video recordings made over the last
365 days that prove that doors were opened only for authorized individuals. Inspectors refer to this measure
as a door effectiveness check.


Copyright/Trademark


Access authorization: Records from log files, card scanners, and duty rosters of the security service are
checked by the TV once annually according to ISO 27001. Some of the items on the TV checklist
include: how the security service organizes its 24-hour surveillance; how access cards are issued; and how
the approval process is conducted.

For the black building test, a power outage is simulated once annually. The external power supply is cut
off, so that the emergency power supply is actuated. This procedure ensures that the batteries can bridge
the power failure as expected, the diesel motors start up automatically, and an extended supply of electricity
is provided. This test is conducted and recorded by the data center operator. The reports are then submitted
to the TV, which compares them to the ISO 27001 standards.

The assigned installation company regularly services the fire-extinguishing system and generates reports on
the operability of sensors, for example, or any possible gas emissions. The reports are sent to the TV and
KPMG. This annual inspection is part of the ISO 27001 and ISAE 3402 (or SSAE 16) certification process.

An external company inspects construction measures along with the engineering and architectural
blueprints. This ensures that construction work on the data center does not damage a critical power cable
due to improper or careless installation, for example. SAP submits the engineering and architectural
blueprints to auditors once annually.

Fire protection: Ceilings, walls, and doors in the data center must provide 90 minutes of fire resistance,
according to the T90 and F90 classifications for fire resistance, that is. The TV checks this capability using
construction plans and an inspection of the premises, in following with the ISO 27001 specifications.

Air-conditioning system/temperature: As part of the annual inspection, the TV reviews the
maintenance records of the electronic systems and room temperature reports in accordance with ISO 27001.