Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Categories

APEC Certification for Processors and Controllers

Asia-Pacific Economic Cooperation Privacy Recognition for Processors Certification

ISAE 3000 Report on the Cloud Computing Compliance Controls Catalogue (C5)

CCCS Assessment

Canadian Centre for Cyber Security (CCCS) Assessment

Establishes and enforces rigorous security standards to protect sensitive criminal justice information

Registry of security and privacy controls for cloud computing offerings

CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment

Digital Operational Resilience Act (DORA)

European Union's Digital Operational Resilience Act (DORA), addressing digital operational risk for the financial sector

Cloud computing security requirements for the US Department of Defense for Impact Level 2

Cloud computing security requirements for the US Department of Defense for Impact Level 4

Cloud computing security requirements for the US Department of Defense for Impact Level 5

EU Cloud Code of Conduct

Adherence with EU Cloud Code of Conduct, Verification-ID: 2022LVL02SCOPE3110 and 2022LVL02SCOPE3111

External Security Assessments

Attestation of penetration tests and security assessments performed by third parties

FAQ's and White Papers

Answers to common questions and white papers

U.S. government program providing a standard approach to security, authorization and monitoring

FedRAMP Moderate

U.S. government program providing a standard approach to security, authorization and monitoring

Financial Services Compliance

How Salesforce helps support financial service institutions with regulatory requirements

How Salesforce helps support our customers on their GDPR compliance journeys

U.S. Privacy requirements for personal health information held by covered entities

Comprehensive, flexible and efficient approach to regulatory compliance and risk management

Security assessment for Australian government customers

Japanese government program to assess and register cloud services that meet government security requirements

Compliance with specific information security and risk management requirements

Adherence with ISO/IEC 27002 Code of Practice controls for cloud services

Adherence with Code of Practice controls for protection of personal information

Protecting health information for organizations in the Netherlands

NIST SP 800-171

U.S. security requirements for protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Other Reports and Certificates

Various reports and certificates not applicable to other categories

Validation of controls around cardholder data to reduce credit card fraud

Resilience, BCP & DR

Business Continuity and Disaster Recovery

Salesforce BCRs

Binding Corporate Rules for the Processing of European Personal Data

Type II report covering internal controls over financial reporting systems

Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy

Public report of Security, Availability, Integrity, Confidentiality, and Privacy controls

Spain Esquema Nacional de Seguridad (ENS)

Set of security standards applied to service providers for servicing the Spanish Public Sector and government agencies

A European information security assessment (ISA) for the automotive industry.

Texas Risk and Authorization Management Program provides a stand approach for security assessment and authorization

U.S. Data Privacy Framework (DPF)

A framework for complying with EU, UK and Swiss privacy requirements

WCAG defines how to make web content more accessible to people with disabilities