RISE with SAP for aerospace and defence primes operating across export controlled and classified workloads.

Why aerospace and defence buyers cannot use the default RISE hyperscaler stack.

Aerospace and defence primes operate ERP environments that touch technical data subject to export control. Production schedules for a fighter aircraft, supplier specifications for a missile component, or pricing for a national security programme are not commercially sensitive in the usual sense. They are export controlled, sometimes classified, and the rules governing where they can be stored and who can administer the underlying infrastructure are set by national governments rather than negotiated between buyer and supplier.

Standard RISE with SAP runs on AWS, Microsoft Azure, or Google Cloud Platform commercial regions. None of those regions satisfy ITAR in their default configuration. AWS GovCloud, Azure Government, and Google Distributed Cloud Hosted offer pathways, but RISE on those regions is not automatic. It must be negotiated specifically, often with the hyperscaler in the room, and the SAP commercial terms shift materially in the process. Sovereign cloud options in France, Germany, and the United Kingdom add further complexity. Each adds cost, narrows the choice of hyperscaler, and changes the SAP support model.

Beyond hyperscaler selection, the contract itself must reflect prime contractor flow down obligations. If the buyer holds a US Department of Defense prime contract, every material technology supplier must accept CMMC obligations, supply chain risk management requirements, and audit rights for the prime, the customer, and the customer regulator. The default RISE master agreement accepts none of these by default. They must be added as bespoke schedules, and SAP will negotiate them but only when the buyer brings the framework already built.

The five constraints that shape every aerospace and defence RISE contract.

Each constraint moves the RISE contract in specific ways. ITAR forces US person only administration, which restricts SAP support to US based teams and rules out follow the sun support across foreign SAP operations centres. CMMC adds an annual attestation requirement and a flow down obligation that SAP must accept in writing. UK SECRET workloads cannot run on standard RISE hyperscaler regions at all and must be hosted on UK sovereign infrastructure with bespoke SAP support arrangements.

Ten RISE clauses we rewrite in every aerospace and defence engagement.

1. US person administration covenant. Where ITAR applies, SAP must commit in writing that only US persons will administer the infrastructure and access the data.
2. Sovereign region pinning. Explicit region selection with no substitution right, including disaster recovery and backup.
3. Cleared personnel commitment. Where classified workloads are in scope, SAP commits to cleared personnel for all administrative access.
4. Sub processor security attestation. Every sub processor must hold the relevant clearance and certification, with notice and objection rights for any addition or change.
5. CMMC flow down. SAP accepts CMMC obligations as a material supplier and provides annual attestation.
6. Export classification. Data classification framework agreed in writing, with SAP cooperation on data flow tracking and reporting.
7. Prime audit rights. The buyer prime customer has audit rights on the relevant infrastructure, separately from the buyer own audit rights.
8. Incident reporting to regulator. SAP commits to direct notification of relevant regulators within defined windows on any incident affecting controlled data.
9. Continuity of supply. SAP commits to continued service during periods of political or trade restriction, with defined exceptions narrowly drawn.
10. Termination for national security. The buyer can terminate without penalty if a national security authority determines the arrangement is no longer acceptable.

How an aerospace and defence RISE engagement runs.

The first phase is classification mapping. We work with the buyer security, export control, and contracts teams to document the classification profile of every data category that will touch the SAP environment. This produces a single data flow map that drives every hyperscaler, region, and contract decision that follows.

The second phase is hyperscaler architecture. With the classification map in hand, we work with SAP and the candidate hyperscalers to select the right combination of regions, sovereign offerings, and support models. The third phase is contract negotiation, which proceeds from the standard RISE redline plus the sector specific clause set above. The fourth phase is accreditation support, where we help the buyer assemble the contract package for security accreditation, prime customer flow down, and regulator review.

What aerospace and defence buyers walk away with.

The average aerospace and defence RISE engagement closes at a 61 percent reduction against the initial SAP proposal, with a contract package that passes export control review and prime customer flow down without rework. Across 42 plus engagements, the firm has delivered $38M in client savings, supported six primes through CMMC attestation involving their RISE infrastructure, and secured sovereign region commitments from SAP in the United Kingdom, France, and Germany.