SAP UK Ltd

GROW with SAP S/4HANA Cloud for Finance and Procurement

GROW is a comprehensive offering that enables customers to run their SAP S/4HANA systems on a public cloud environment. It combines the benefits of multi-tenant cloud, such as scalability, standardization, flexibility, & security, with the extensibility of SAP's BTP. GROW is designed to accelerate digital transformation & optimize business processes.

Features

• Real-time Data Acquisition, Reporting and Monitoring
• Information Lifecycle Management
• Real-Time Analytics, Embedded AI and Machine Learning
• Generative AI (GenAI), Machine Learning and Internet of Things (IoT)
• Connects To Many Data Sources Via SAP Published API's
• Provides Extraction, Transformation and Loads
• Cloud Infrastructure and Services
• Proactive Vendor Managed Services, No Hidden Costs
• Data Migration tools to convert from Legacy to S/4HANA Cloud
• SAP Driven Automated Upgrades, iRPA Driven Post-Upgrade Testing

Benefits

• Digital Discovery Assessment Provides Solution Transparency and Roadmap View
• Real-Time Reporting and Custom Report Builder
• Single SLA for Applications, Technology and Infrastructure, In One Contract
• User Experience is Device Agnostic and Configurable by Users
• Supports Intelligent Enterprise Processes, Digital ERP Core
• Embedded Predictive Intelligence and Intelligent Automation
• Guided In-App User Training for Change Management Acceleration
• Faster and Cheaper Implementation timeframe with SAP Embedded Launch Activities
• 3-Tier Environment Provides Solution for Testing, Development and Productive Use
• Transparent Roadmap and Upgrade Cycle Published on SAP.com

£22 to £367 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

703754701363888

Contact

David Dinsdale
+44 870 608 4000
UKPublicSector@sap.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: S/4HANA Cloud ERP is implemented according to clean ERP principles. This means utilising the best practices available within the solution as Fit to Standard. Where backlog items are found to be necessary, extension capabilities through the SAP Business technology Platform (extensibility tools) and configuring outside best practices are possible. ; In order to support the clean ERP principles, there are 5 Golden Rules for implementing:; 1. Foster Cloud Mindset enforcing fit-to-standard and agile deployment methodology - Activate; 2. Use Pre-configured solutions with predefined processes; 3. Use of modern Integration technologies; 4. Use of modern Extensibility technologies; 5. Transparency of deviations
• System requirements: Solution Is Fully Web Based (Browser To Support URL)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Different ticket priorities have different response times, but the maximum response time for a Priority 1 ticket is 4 hours.; Overall SLA's will align and be triaged with the support organisation (in-house or through a third party).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: In terms of support, the SAP Service Marketplace is the default go-to anchor point for interacting with SAP. Our progressive extensibility options with bot/AI and access methods mean that add-on's or extensions can offer far more opportunity than can be explained in this response, however for ensure consistency across all SAP solutions the SAP Marketplace is the default access point. SAP's Generative AI solution (Joule) is currently in early adopter care mode (as of February 2024) and will be generally available and embedded in SAP S/4HANA Cloud, Public Edition in 2024. SAP Joule provides users with proactive guidance on how to carry out business transactions and provides contextual guidance to business users to make better informed decisions. It also assists users by generating content such as emails in response to a particular piece of correspondence from a supplier on a PO, for example. This is in addition to the navigational patterns that the SAP co-pilot currently provides.
• Onsite support: Yes, at extra cost
• Support levels: 1. Very High - A support message is priority one if the problem has very serious consequences; for normal business transactions and prevents urgent,; business-critical work from being performed. The message requires; immediate processing because the malfunction can cause serious; losses.; 2. High - A support message is priority two if normal business transactions in a production system are seriously affected and prevent necessary tasks from being performed.; 3. Medium; A case should be categorized with the priority "medium" if normal business processes are affected. The problem is caused by incorrect or inoperable functions in the SAP service.; 4. Low; A case should be categorized with the priority "low" if the problem has little or no effect on normal business processes. The problem is caused by incorrect or inoperable functions in the SAP service that are not required daily or are rarely used.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: SAP provides comprehensive online user guides, test scripts and set up documentation in publicly available online documentation.; ; The solution contains embedded help functionality which has links to online documentation which is context relevant to help users understand the transaction and the context.; ; License subscription price includes Enterprise Support, Cloud Infrastructure and Services and Pro-active managed Services with a dedicated SAP Customer Success Manager.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We complete a HANA database Copy or a Full Environment Copy as well as providing data extraction capability to download customer data. This is available on customer demand. The SAP customer data retention policy is outlined in the Data Processing Agreement for Cloud Services (https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?search=Data%20Processing&sort=latest_desc&pdf-asset=de317a32-4c7e-0010-bca6-c68f7e60039b&page=1) which calls out section 5.2 of the SAP Data Processing Agreement for Cloud Services which states; Before the Subscription Term expires, Customer may use SAP’s self-service export tools (as available) to; perform a final export of Personal Data from the Cloud Service (which shall constitute a "return" of Personal Data). At the end of the Subscription Term, Customer hereby instructs SAP to delete the Personal Data remaining on servers hosting the Cloud Service within a reasonable time period in line with Data Protection Law (not to exceed 6 months) unless applicable law requires retention (https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?search=Data%20Processing&sort=latest_desc&pdf-asset=de317a32-4c7e-0010-bca6-c68f7e60039b&page=3)
• End-of-contract process: The database is terminated and deleted with witness documentation. More details can be found in the SAP Data Processing Agreement for Cloud Services (https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?search=Data%20Processing&sort=latest_desc&pdf-asset=de317a32-4c7e-0010-bca6-c68f7e60039b&page=3).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The S/4HANA Application is designed to be dynamic, identifying the device being used and scaling screen real estate to suit, providing consistency within the User Experience. SAP Mobile Start supported as the mobile App user experience for iPhone, Androids and other mobile operating systems.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: SAP S/4HANA Public Cloud service interface offers a web-based UI with customizable dashboards, RESTful APIs for integration, and data services for import/export and synchronization. It provides pre-built connectors for third-party apps, robust security features, and advanced analytics tools. Admin tools include configuration wizards and monitoring options. Support includes documentation, community forums, and technical assistance. Overall, it delivers a streamlined user experience, enabling businesses to efficiently leverage SAP's ERP capabilities in the cloud.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Disability Discrimination Act (DDA) compliant.
• API: Yes
• What users can and can't do using the API: Privileged users can set up the service through the API; Available API's are published on the SAP Business Accelerator Hub (https://api.sap.com/).; API's can be used to set up point-to-point connections, or by leveraging middleware such as SAP Cloud Platform Integration (CPI), otherwise known as SAP Integration Suite.; Privileged users can make changes through the API; Limitations will apply to how users can set up or make changes through the API; Dependent on the API, Digital Access rights may be incurred pending the API usage rights
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There are a number of ways in which the solution can be customised:; 1. In-app extensibility which allows for creation of the reports, applications, custom fields and more in a way which does not prevent future upgrades. This includes configuration of output forms.; 2. Side-by-side extensibility which allows for the creation of custom applications on the SAP Cloud Platform using multiple programming languages which does not prevent upgrades; 3. Classic extensibility options such as ABAP programming, BADIS, BAPIS and customer user-exits, can be leveraged via the embedded ABAP environment on the SAP S/4HANA Cloud Stack, however this mandates that extensions built in this environment be interfaced to the solutions core best practice capabilities using available whitelisted API's published on the SAP Business Accelerator Hub (https://api.sap.com/).

Scaling

• Independence of resources: Additional consumption units for VCPU and Memory can be purchased to scale up the Cloud based instance.

Analytics

• Service usage metrics: Yes
• Metrics types: Yes - this is part of standard content
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported using Smart Data Integration to multiple database vendors. The exportation of data is described in the SAP Data Processing Agreement for Cloud Services (https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?search=Data%20Processing&sort=latest_desc&pdf-asset=de317a32-4c7e-0010-bca6-c68f7e60039b&page=3). Data can be exported typically in CSV format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • TXT
  • EDI
  • CDS (Custom Data Services)
• Data import formats:
  • CSV
  • Other
• Other data import formats: Most Database Vendors

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The SLA is 99.7 system availability monthly with planned outages at weekends for maintenance and upgrades. The upgrade and maintenance schedule can be found here: https://www.sap.com/documents/2021/09/58ffa59e-f97d-0010-bca6-c68f7e60039b.html; ; The SLA for SAP cloud services can be found here:; https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?sort=latest_desc&search=Service%20Level%20Agreement&pdf-asset=9ea9161b-947e-0010-bca6-c68f7e60039b&page=1
• Approach to resilience: We have a written policy for Business Continuity Management. At SAP, Business Continuity Management is implemented with the SAP Management Frameworks for Business Continuity and Operational Resilience which is governed by the Global Security Standard for Business Continuity and Operational Resilience. This Global Standard is an internal document and not shared with any third party.; A publicly available whitepaper on SAP Business Continuity & Operational Resilience Framework can be obtained from: https://www.sap.com/uk/about/trust-center.html
• Outage reporting: SAP provides service outage reports using all three methods:; 1. A public dashboard is available online showing all datacentre availability as well as customer specific information, ; 2. API acknowledgement, and ; 3. email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: SAP’s comprehensive administrative user access management follows the principles of minimal authorization (the need-to-know principle) and segregation of duties. Administrative access to data processing systems in SAP STE is subject to strict requirements for personnel and is managed by an access management tool for cloud services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: International Standards Agency
• ISO/IEC 27001 accreditation date: 30/6/2015
• What the ISO/IEC 27001 doesn’t cover: All components are covered.
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: International Standards Organisation
• ISO 28000:2007 accreditation date: 30/6/2015
• What the ISO 28000:2007 doesn’t cover: All components covered.
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: SAP’s security framework focuses on the three cornerstones of secure products, operations, and the company. Secure products put the focus on delivering software to our customers that meets the highest levels of security standards with continuous vigilance regarding vulnerabilities and rapid action to remediate issues. Secure operations add another layer to protect data at the level of internal networks, infrastructure, and ecosystem and prevent security lapses within SAP’s internal operations. Secure company facilitates a culture of security at SAP, where employees and associates understand their role in helping secure SAP and its customers for success in the digital economy. To understand more about SAP security policies and practices, visit: https://www.sap.com/uk/about/trust-center.html

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: SAP mandates security messaging in its internal tracking system for all vulnerabilities that are effective in shipped products. Internal finders are required to create security messages, the support organization creates security messages from the customer ticket, and SAP's Product Security Response Team (PSRT) creates security messages for vulnerabilities that are reported by security researchers. Tracking for internally found vulnerabilities is in the responsibility of the corresponding development organization, while externally found ones are tracked by the PSRT. Various reports and monitors support tracking of changes to the service.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: SAP S/4HANA keeps a variety of logs for system administration, monitoring, problem solving, and auditing purposes. Audits and logs are important for monitoring the security of your system and to track events in case of problems. For details see: https://help.sap.com/viewer/56bf1265a92e4b4d9a72448c579887af/1709%20000/en-US. ; SAP’s security-patch management process mitigates threats and vulnerabilities. SAP’s security team rates security patches based; on the Common Vulnerability Scoring System standard for operating systems, databases, and virtualization in cloud services. Platforms are patched on a priority basis normally on a weekly basis during the weekend.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Securing Cloud services undertakes sophisticated monitoring for malware protection and monitoring. Therefore, SAP has defined and implemented a malware management process with which we consistently and continuously ensure secure service delivery free of viruses, spam, spyware, and other malicious software. It comprises antimalware agent deployment, regular scans, and malware reporting processes.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management process that is aligned with the International; Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27035:2011 information security principles.; Security incidents are monitored and tracked by security specialists in cooperation with defined communication channels until resolved. security breaches involve the accidental or unlawful destruction, loss, alteration, or disclosure of customer personal data or confidential data. Or it may refer to a similar incident involving personal data for which a data processor is required under applicable law to provide notice to the data controller.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  Equip your CFO and finance teams with advanced capabilities, including group reporting, cash and receivables management, supplier collaboration, and advanced financial planning.

Pricing

• Price: £22 to £367 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 14 day free trial with limited access to the cloud service. It provides users with the ability to test core features of the cloud service but access to add-on features is limited. It is a single tier standalone environment.
• Link to free trial: https://www.sap.com/products/erp/s4hana/trial.html

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.