Trust | Compliance

Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Certifications, Standards and Regulations

ASIP Santé HDS

ASIP Santé HDS

Enables certified companies to host French personal health data

ASP/SaaS

ASP/SaaS

Information Disclosure Certification System for organizations in Japan

C5 (ISAE 3000)

C5 (ISAE 3000)

ISAE 3000 Report on the Cloud Computing Compliance Controls Catalogue (C5)

CS Gold Mark

CS Gold Mark

CS Gold Mark certifies our security level to be equivalent to the ISO/IEC 27017 standard

DoD IL2

DoD IL2

Cloud computing security requirements for the US Department of Defense for Impact Level 2

DoD IL4

DoD IL4

Cloud computing security requirements for the US Department of Defense for Impact Level 4

FedRAMP

FedRAMP

U.S. government program providing a standard approach to security, authorization and monitoring

GDPR

GDPR

How salesforce helps support our customers on their GDPR compliance journeys

HIPAA

HIPAA

U.S. Privacy requirements for personal health information held by covered entities

HITRUST

HITRUST

Comprehensive, flexible and efficient approach to regulatory compliance and risk management

IRAP

IRAP

Security assessment for Australian government customers

ISO 27001

ISO 27001

Compliance with specific information security and risk management requirements

ISO 27017

ISO 27017

Adherence with ISO/IEC 27002 Code of Practice controls for cloud services

ISO 27018

ISO 27018

Adherence with Code of Practice controls for protection of personal information

NEN 7510

NEN 7510

Protecting health information for organizations in the Netherlands

NIST SP 800-171

NIST SP 800-171

U.S. Gov. security requirements for the transmission, storage, and processing of information

PCI DSS

PCI DSS

Validation of controls around cardholder data to reduce credit card fraud

PrivacyMark

PrivacyMark

Privacy-centric certification for organizations in Japan

Privacy Shield

Privacy Shield

A framework for complying with EU General Data Protection Regulation (GDPR) requirements

Salesforce BCRs

Salesforce BCRs

Binding Corporate Rules for the Processing of European Personal Data

SOC 1

SOC 1

Type II report covering internal controls over financial reporting systems

SOC 2

SOC 2

Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy

Trailhead

© Copyright 2019 Salesforce.com, inc. All rights reserved.