SAP UK Ltd

SAP Customer Data Cloud

SAP Customer Data Cloud builds trust with businesses, partners, and customers through seamless engagements and personalised digital experiences, turning anonymous visitors into loyal customers.

Features

• Registration & Authentication
• Social Login
• Progressive and Conditional Profiling
• Single Sign-On (SSO) & Federation
• Communication Preferences & Opt-In Management
• Consent Management
• Self-Service Preference Centre
• Data Transformation & Unification
• Orchestration & Governance
• Profile, Preference, & Consent data storage

Benefits

• Increase e-commerce revenue
• Standardize security best practices
• Drive better outcomes from your connected systems
• Build trust with customers by enabling more transparency
• Centralize consent and preference management
• Address evolving requirements of regulations
• Integrate partners earlier through self-service onboarding
• Reduce costs by minimizing administrative overhead
• Provide seamless omnichannel experiences
• Manage security and access requirements proactively

£22,534 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

768943917404518

Contact

Rich Gwyther
+44 7557 605477
UKPublicSector@sap.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: SAP Customer Data Cloud is a full SaaS solution with no planned maintenance arrangements or specific hardware requirements. Due to the service being API based SAP does have an Acceptable Usage policy - for more information please see:; https://developers.gigya.com/display/GD/Acceptable+Use+Policy
• System requirements: Browser based client from supported list

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Different ticket priorities have different response times, but the maximum response time for a Priority 1 ticket is 4 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Through the support.sap.com website
• Web chat accessibility testing: Unknown
• Onsite support: Yes, at extra cost
• Support levels: 1. Very High - A support message is priority one if the problem has very serious consequences for normal business transactions and prevents urgent, business-critical work from being performed. The message requires immediate processing because the malfunction can cause serious losses. 2. High - A support message is priority two if normal business transactions in a production system are seriously affected and prevent necessary tasks from being performed. 3. Medium 4. Low; ; Detailed information can be found here: https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?sort=latest_desc&search=Support&tag=language:english&pdf-asset=54f6e6c2-3d7d-0010-87a3-c30de2ffd8ff&page=1
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a wealth of online information, demos and product documentation to help you get started with SAP Customer Data Cloud.; ; https://www.sap.com/products/crm/customer-data-management.html; ; Onboarding guide & core documentation: https://developers.gigya.com/
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The IdentitySync tool within SAP Customer Data Cloud enables you to export customer data to a location of your choice (SFTP, Azure, AWS S3, etc). The tool allows for SQL-like querying of the database to extract as many or as few profiles as required, as well as extracting subsets of each customer's profiles. The tool also allows scheduled batch jobs to be configured as well as the frequency (up to 5 minutes intervals), should delta extracts be required.
• End-of-contract process: SAP work with you to ensure all required data is offloaded at the end of contract. Once this has been confirmed your data would be permanently removed from our system. There are no additional costs at the end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The SAP Customer Data Cloud’s Admin Console is a complete GUI from which users can enable, configure, and manage virtually every aspect of their implementation of SAP Customer Data. The Admin Console was designed to facilitate SAP Customer Data’s functionality without the need for significant coding experience for most operations.; ; Admin Console capabilities include:; - Authorize & Provision Admin Accounts; - Build Registration, Login, and Account Management Flows; - Security Policy Setup; - Customize Email Templates; - Configure Integrations; - Query User Data & Perform Administrative Tasks; - Access Essential Reporting & Analytics Tools; - Monitor SAP Customer Data's Performance
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: SAP Customer Data Cloud's console meets WCAG 2.1 level AA accessibility standards throughout.; ; However, the accessibility design of customer-facing screens is the responsibility of the site’s content owner. The UI Builder supports creating forms and screens adjusted for the needs of disabled users (e.g. high-contrast colors).
• API: Yes
• What users can and can't do using the API: The SAP Customer Data solution is based on a robust and secure REST API that underlies most of SAP’s services. This API can be utilised directly for server-to-server operations (e.g. exporting batches of users’ data).; ; Full documentation of the REST API can be found here: http://developers.gigya.com/display/GD/REST+API; ; Some of the core 'account' level functionality for end-user self-service include:; ; • Register – accounts.register; ; • Get Account Info – accounts.getAccountInfo; ; • Set Account Info – accounts.setAccountInfo; ; • Delete Profile – accounts.deleteAccount; ; • Reset Password – accounts.resetPassword; ; As well as providing all profile management via the REST API, SAP developed a set of SDKs for most common programming languages (Java, .NET, JS, PHP, Python) and three SDKs for mobile development (iOS, Android, and Cordova). Thus, in most cases you will not need to use the REST API directly.; ; More information on SAP SAP Customer Data's server-side SDKs can be found here: https://developers.gigya.com/display/GD/Server+Side+SDKs; ; More information on SAP SAP Customer Data's mobile SDKs can be found here: https://developers.gigya.com/display/GD/Mobile+SDKs; ; SAP also offers a Web SDK (JavaScript), which enables client side interaction with our service: http://developers.gigya.com/display/GD/Web+SDK
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution is designed so that much of a typical implementation can be customised via configuration, utilising a variety of web-based tools offered through our Admin Console.; ; The security policies, for example, can be enabled and configured via the Admin Console’s Policies UI, allowing administrators to set up specific password management policies, two-factor authentication, email verification (along with email template management), CAPTCHA, and more, with no coding required. SAP also provides UIs for configuring SAML and OIDC integrations, Identity Sync (ETL) data flows, and more.; ; Additionally, our UI Builder offers users a way to customise out-of-the-box registration, login, and profile management screens using a simple drag-and-drop interface with no coding required. This includes such capabilities as adding CAPTCHA, text format verification, password strength meters, and more. Customising the appearance and style of the screens, as well as adding a client’s own branding, only requires knowledge of CSS, and the screens can be deployed to your websites or mobile apps with just a few lines of code (making use of our SDKs). Should more advanced customisation be required, the UI Builder also offers a JavaScript editor, injecting code directly into SAP’s screens.

Scaling

• Independence of resources: SAP is responsible for the application and can scale horizontally and vertically, as appropriate. SAP guarantee's performance within the SLA.

Analytics

• Service usage metrics: Yes
• Metrics types: Server Time: Duration for the server tenant to process a request from the client. Includes the time to parse the request, execute business logic and provide a response.; ; Network Time: Duration for a client's request to reach the server tenant. Includes SSL time, TCP Connect time, Latency.; ; End to End Response Time: The time a page is rendered and available to the end user again. This includes the Server time, Network time and Rendering time.; ; Count: The number of interactions in a given group or window. For example, the number of interactions in a 10-minute window,; ; User Interactions: User-initiated Transactions
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The IdentitySync tool within SAP Customer Data Cloud enables you to export customer data to a location of your choice (SFTP, Azure, AWS S3, etc). The tool allows for SQL-like querying of the database to extract as many or as few profiles as required, as well as extracting subsets of each customer's profiles. The tool also allows scheduled batch jobs be configured as well as the frequency (up to 5 minutes intervals), should delta extracts be required.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • GZIP
  • ZIP
  • LZO
  • PGP
  • GPG
  • AAM (text file formatted for the AAM platform)
  • Krux (text file formatted for the Krux platform)
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • GZIP
  • LZO
  • ZIP
  • PGP
  • GPG
  • Any text based file (using custom parsing script)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: SAP Customer Data Cloud uses a secure channel (TLS) when transferring sensitive data to and from its servers. In addition, REST API calls that perform critical operations, such as deleting users, are only permitted as server-to-server signed requests.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% System Availability Percentage during each Month for the production version of the Cloud Service.; ; Service credit of 2% of Monthly Subscription Fees for each 1% below System Availability SLA, not to exceed 100% of Monthly Subscription Fees.; ; More info here: https://www.sap.com/uk/about/trust-center/agreements/cloud.html
• Approach to resilience: SAP leverages Amazon Web Services Availability Zones which are unique physical locations with independent power, network and cooling. Each Availability Zone is comprised of one or more data centres and houses infrastructure to support highly available, mission-critical apps. Availability Zones are tolerant to data centre failures through redundancy and logical isolation of services.; We alsouse Azure segmented into two different availability zones, with geo-replication of data
• Outage reporting: All three: a public dashboard,an API and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The Admin Console provides a robust Roles & Permissions functionality that controls which features users can access. An administrator can create user groups and assign access on a very granular level, including by site/app ID, specific service, API, and more. Roles & Permissions can be configured via an easy to use UI or via API and can even control access to specific data fields in the user profile. These permissions apply to any consumer of the APIs, including applications.; ; You can also maintain your existing security policies by federating your Admin users to the Console (using SAML 2.0).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAkkS
• ISO/IEC 27001 accreditation date: 05/11/2021
• What the ISO/IEC 27001 doesn’t cover: All components are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: All components are covered
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO/IEC 27018:2014
  • SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27001:2017, ISO 27018:2019 and SOC 2 Type II.
• Information security policies and processes: SAP’s security framework focuses on the three cornerstones of secure products, operations, and the company. Secure products put the focus on delivering software to our customers that meets the highest levels of security standards with continuous vigilance regarding vulnerabilities and rapid action to remediate issues. Secure operations add another layer to protect data at the level of internal networks, infrastructure, and ecosystem and prevent security lapses within SAP’s internal operations. Secure company facilitates a culture of security at SAP, where employees and associates understand their role in helping secure SAP and its customers for success in the digital economy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SaaS Model so all configuration and updates are controlled by SAP.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: SAP’s security-patch management process mitigates threats and vulnerabilities. SAP’s security team rates security patches based on the Common Vulnerability Scoring System standard for operating systems, databases,and virtualization in cloud services. Critical security vulnerabilities that might endanger SAP’s service delivery capabilities. Platform are patched on a priority basis normally on a weekly basis during the weekend.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Securing Cloud services undertakes sophisticated monitoring for malware protection and monitoring. Therefore, SAP has defined and implemented a malware management process with which we consistently and continuously ensure secure service delivery free of viruses, spam, spyware, and other malicious software. It comprises antimalware agent deployment, regular scans, and malware reporting processes.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management process that is aligned with the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27035:2011 information security principles. Security incidents are monitored and tracked by security specialists in cooperation with defined communication channels until resolved. A security breach involves the accidental or unlawful destruction, loss, alteration, or disclosure of customer personal data or confidential data. Or it may refer to a similar incident involving personal data for which a data processor is required under applicable law to provide notice to the data controller.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  SAP is committed to a future sustainable world and acts as both an exemplar and enabler of sustainability. In 2021, for the 15th consecutive year, SAP was named the Software Industry Leader in the Dow Jones Sustainability Index - https://news.sap.com/2020/11/dow-jones-sustainability-indices-sap-again-leads/. SAP is committed to fighting climate change by reducing carbon and other emissions. SAP is on track to be Carbon Neutral by 2023 and Net Zero by 2030. In line with UK Public Sector guidance SAP has published a Carbon Reduction Plan at: https://www.sap.com/uk/documents/2021/12/561cff41-0a7e-0010-bca6-c68f7e60039b.html On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed and the plan will be refreshed annually. For fighting climate change, we expect that this plan will include: • ensure renewable energy is used in the data centres providing the services and that all services will be 100% carbon neutral from the first day of service. • offer a workshop to the buyer’s team on the sustainability features of the product that has been purchased and / or the wider SAP suite of sustainability offerings such as the Sustainability Control Tower. • Work with the buyer’s team to promote the free, high-quality learning about sustainability that is available and free to any member of the public on the Open SAP learning portal at https://open.sap.com.
• Covid-19 recovery:

  Covid-19 recovery

  On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed and the plan will be refreshed annually. To help local communities to manage and recover from the impact of COVID-19, SAP is able to support buyers in several areas. As part of the Social Value Action plan, SAP will: • To support re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the Open SAP learning portal at https://open.sap.com. Currently available courses include topics like Circular Economies, Opportunities from a Digitally Transformed Economy and New Work and Purpose. • SAP offers buyers support in key areas for social value relating to COVID 19 Recovery – new ways of working to deliver services; support for the physical and mental health of people affected by COVID-19 and improved workplace conditions such as remote working and sustainable travel solutions. As part of the Social Value Action plan we will offer a workshop to explain the support we can offer and add tasks to the plan where appropriate.
• Tackling economic inequality:

  Tackling economic inequality

  There are two themes outlined in the guidance relating to this area of social value - Create new businesses, new jobs and new skills; and increase supply chain resilience and capacity. With respect to skills, as part of the annual Social Value Action plan: • SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the Open SAP learning portal at https://open.sap.com. Currently courses cover a range of in demand skills in the IT industry such as Artificial Intelligence, Analytics and Application Development. For these courses, where relevant, SAP will also provide access to technical platforms at no charge so that students may complete the practical learning components of each course. With respect to increasing supply chain resilience and capacity, as part of the annual Social Value Action plan: • SAP will offer to brief the buyer’s procurement and finance teams on the opportunities relating to the SAP Ariba Procurement offering. This could include on-boarding the buyer’s suppliers to the Ariba Network, a €3.2TN marketplace for suppliers where they can grow their businesses. SAP Ariba Procurement also offers capabilities around supplier risk management to ensure that the buyer’s supply chain achieves the desired level of resilience. The guided buying capabilities of SAP Ariba Procurement also allow the buyer to make it easy for staff to support and comply with organisational social objectives, for example spending with sustainable enterprises or local small businesses. SAP will also share our learnings from 5 by 5 in ’25, an initiative designed to encourage organizations across industries to direct more of their addressable spend toward certified social-enterprise and diverse-business suppliers. https://news.sap.com/2020/10/sap-launches-55by25-purposeful-procurement/
• Equal opportunity:

  Equal opportunity

  SAP is committed to being one of the most diverse and inclusive software companies in the world. We proactively promote diversity, inclusion, and social justice and work to ensure that our workforce reflects the gender parity and demographics of all the regions where we have employees. We make every effort to ensure that all stages of the employee lifecycle are inclusive to enable employee success. As part of the Social Value Action plan, SAP will: • Propose a Social Innovation Workshop to explore areas of equal opportunity and look at how we approach diversity and inclusion to see how a shared approach with the buyer could help the buyer’s staff and communities that the buyer serves. For example SAP supports the following organisations and initiatives: • Pro-bono for economic equity – through this economic equity programme, SAP aims to support Black-owned businesses and social enterprises by leveraging corporate talent to help them to build capacity and address systemic and business challenges; • Generation Success - SAP partners with Generation Success, a Social Mobility focused Not for Profit to remove barriers to employment for individuals from diverse backgrounds; • Enactus UK – SAP is the Platinum technology partner for Enactus UK, giving access to one of the UK’s largest innovation and entrepreneur networks in the UK. Enactus allows teams of students all over the country to work together to find innovative solutions to social issues within their local and international communities; • SAP Autism at Work programme - launched in 2013, this programme leverages the unique abilities and perspectives of people with autism to foster innovation as we help customers become intelligent enterprises. The program taps into an underutilized talent source, reducing barriers of entry so qualified individuals can fully develop their potential.
• Wellbeing:

  Wellbeing

  As part of the Social Innovation Workshop described in the Equal Opportunity section, SAP will include the theme of ‘Wellbeing’ to review optional initiatives that can be added to the Social Value Action plan. For example: • Innovation – SAP offers clients the ability to run innovation workshops on themes that are important to clients. This is often in collaboration with users and communities who can codesign and create a proof of concept of solutions that would address specific challenges and opportunities. We will also offer free training on innovation topics via our Open SAP learning portal - https://open.sap.com. Current courses include Intrapreneurship – Employee-driven Innovation. • Employee and community pulse – SAP is a leading provider of solutions relating to personal wellbeing. We offer to share our learnings of what works well for different challenges and situations that clients wish to explore. We can share examples of how organisations have supported the physical and mental health of their workforce. A current example would be around working practices and return to work in a post COVID pandemic world. • Self-service and a great user experience are key principles of SAP services. We will share insights learned from working with many public service organisations and also the world’s most recognised brands on how digital services can bring people and communities together. These insights may then trigger actions that can be added to the Social Value Action plan.

Pricing

• Price: £22,534 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We are happy to offer a Proof of Concept

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.