Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Certifications, Standards and Regulations

ASIP Santé HDS

Enables certified companies to host French personal health data

ASP/SaaS

Information Disclosure Certification System for organizations in Japan

C5 (ISAE 3000)

ISAE 3000 Report on the Cloud Computing Compliance Controls Catalogue (C5)

CS Gold Mark

CS Gold Mark certifies our security level to be equivalent to the ISO/IEC 27017 standard

Disaster Recovery & BCP

Business Continuity and Disaster Recovery

DoD IL2

Cloud computing security requirements for the US Department of Defense for Impact Level 2

DoD IL4

Cloud computing security requirements for the US Department of Defense for Impact Level 4

External Security Assessments

Attestation of penetration tests and security assessments performed by third parties

FedRAMP

U.S. government program providing a standard approach to security, authorization and monitoring

Financial Services Compliance

How salesforce helps support financial service institutions with regulatory requirements

GDPR

How salesforce helps support our customers on their GDPR compliance journeys

HIPAA

U.S. Privacy requirements for personal health information held by covered entities

HITRUST

Comprehensive, flexible and efficient approach to regulatory compliance and risk management

IRAP

Security assessment for Australian government customers

ISO 27001

Compliance with specific information security and risk management requirements

ISO 27017

Adherence with ISO/IEC 27002 Code of Practice controls for cloud services

ISO 27018

Adherence with Code of Practice controls for protection of personal information

NEN 7510

Protecting health information for organizations in the Netherlands

NIST SP 800-171

U.S. Gov. security requirements for the transmission, storage, and processing of information

PCI DSS

Validation of controls around cardholder data to reduce credit card fraud

PrivacyMark

Privacy-centric certification for organizations in Japan

Privacy Shield

A framework for complying with EU General Data Protection Regulation (GDPR) requirements

Salesforce BCRs

Binding Corporate Rules for the Processing of European Personal Data

SOC 1

Type II report covering internal controls over financial reporting systems

SOC 2

Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy

Standard Questionnaires, FAQ's and Whitepapers

Standardised questionnaires from industry groups, answers to common questions and white papers

TRUSTe Certified Privacy Seal

Responsible data collection and processing practices consistent with regulatory expectations

UK Cyber Essentials Plus

UK government information security assurance scheme

Additional Information

Trailhead

Security Basics Educate your users, protect your Salesforce org, and encourage a culture of security.
European Union Privacy Law Basics Learn about the General Data Protection Regulation (GDPR) and how to comply.
Security Specialist Flex your security muscles by locking down permissions and tracking changes.
Develop Secure Web Apps Detect and prevent common vulnerabilities in your code and strengthen your web apps.

© Copyright 2019 Salesforce.com, inc. All rights reserved.

Select your language