RISE Shared Responsibility Model
Understanding exactly what SAP manages versus what you still own is critical to operational success in RISE. This guide breaks it down domain by domain.
The Core Principle
RISE is infrastructure-as-a-service, not application-managed-services.
SAP manages the infrastructure layer (compute, storage, database, OS patching, backups). You still own the SAP application layer (configuration, custom code, security, monitoring, interfaces, licensing). Think of it like renting a house: SAP maintains the structure and utilities, but you furnish it and live in it.
Domain-by-Domain Breakdown
1. Infrastructure & Platform
SAP Manages
- • Data center facilities and physical security
- • Compute and storage provisioning
- • OS installation and patching
- • Database software (HANA) management
- • Network infrastructure within cloud
- • Backup execution and retention
- • Disaster recovery infrastructure
You Own
- • Sizing requirements and change requests
- • Network connectivity (ExpressRoute, VPN)
- • Backup testing and restore validation
- • DR plan and testing coordination
- • Third-party software installation (if allowed)
2. SAP Application Management
SAP Manages
- • SAP software installation
- • SAP Kernel patching (coordinated with you)
- • SAP Support Pack application (you approve)
- • System clones/copies (on request)
- • Basic system monitoring (up/down status)
You Own
- • All SAP configuration and customizing
- • Custom ABAP code and enhancements
- • Transport management and promotion
- • Pre/post system copy configuration
- • Application performance monitoring
- • Business process monitoring and alerting
- • Functional testing of patches/updates
3. Security & Access Control
SAP Manages
- • Physical security of data centers
- • Network perimeter security
- • OS-level security patching
- • Database encryption at rest
- • Cloud infrastructure IAM
You Own
- • All SAP user provisioning and de-provisioning
- • Role design and authorization management
- • Segregation of Duties (SoD) compliance
- • Security audit logging and review
- • Password policies and MFA configuration
- • Sensitive data masking and redaction
- • Compliance reporting (SOX, GDPR, etc.)
- • Security incident response (app layer)
4. Monitoring & Operations
SAP Manages
- • Infrastructure availability monitoring
- • Database health checks
- • OS resource monitoring
- • Cloud platform alerting
- • SAP system start/stop coordination
You Own
- • Batch job monitoring and failure handling
- • Interface monitoring and error resolution
- • Application performance monitoring (ST03, ST06)
- • Business process monitoring (order-to-cash, etc.)
- • Custom alerting and escalation
- • Capacity planning and sizing requests
- • Application-level incident triage
5. Data Management
SAP Manages
- • Database backups (execution)
- • Database restores (on request)
- • Storage management and expansion
You Own
- • Data quality and master data governance
- • Data archiving strategy and execution
- • Data retention policies
- • Data migration and conversion (for S/4)
- • Backup validation and testing
- • Legal hold and e-discovery
- • Data privacy compliance (GDPR, CCPA)
6. Licensing & Compliance
SAP Manages
- • License entitlement tracking (via contract)
- • RISE subscription billing
You Own
- • User type assignments (Professional vs Limited)
- • Named user measurement and reporting
- • Indirect access analysis and management
- • License optimization (right-sizing user types)
- • SAM (Software Asset Management) tool usage
- • License audit responses
7. Support & Incident Management
SAP Manages
- • Infrastructure incident response
- • Database performance issues (infrastructure)
- • OS and kernel-level defects
- • SAP standard code defects (via OSS notes)
You Own
- • Initial incident triage and categorization
- • User-reported issues and helpdesk
- • Custom code defects and fixes
- • Configuration errors
- • Business process issues
- • Performance tuning (SQL, transactions)
- • Workaround implementation
- • End-user training and support
8. Integrations & Interfaces
SAP Manages
- • Network connectivity (within cloud)
- • BTP integration infrastructure (if included)
You Own
- • All interface design and development
- • Middleware configuration and management
- • API development and testing
- • Interface monitoring and error handling
- • Third-party system integration
- • EDI/IDoc configuration
- • File transfer automation
Common Misconceptions
"SAP monitors our batch jobs"
No. SAP monitors infrastructure. You need to monitor batch job completion, failures, and business impact.
"SAP handles our security audits"
No. SAP provides infrastructure compliance (SOC2, ISO). You handle SAP application-level audits (SOX, authorization reviews).
"SAP manages our licensing compliance"
No. You assign user types, measure usage, and respond to audits. SAP just tracks entitlements.
"SAP will fix our performance issues"
Depends. Infrastructure bottlenecks yes. SQL tuning, custom code optimization, configuration fixes? That's you.
How to Get Clear on Responsibilities
- 1
Request RACI Matrix from SAP
Ask your SAP account team for the detailed RACI (Responsible, Accountable, Consulted, Informed) matrix for your specific RISE contract variant.
- 2
Map Current Operations
Document who currently handles each operational task. Identify gaps where no one is clearly responsible.
- 3
Test Assumptions with Real Incidents
Open tickets to SAP for edge cases. Document what they will vs won't handle. Build internal runbooks for the rest.
- 4
Fill Gaps Proactively
Consider managed services partners, automation tools, or internal staffing for tasks SAP doesn't cover.