Trust | Compliance

Trust | Compliance

CertificationsServicesDocuments
Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Certifications, Standards and Regulations

APEC Certification for Processors and Controllers

APEC Certification for Processors and Controllers

Asia-Pacific Economic Cooperation Privacy Recognition for Processors Certification
ASIP Santé HDS

ASIP Santé HDS

Enables certified companies to host French personal health data
ASP/SaaS

ASP/SaaS

Information Disclosure Certification System for organizations in Japan
C5 (ISAE 3000)

C5 (ISAE 3000)

ISAE 3000 Report on the Cloud Computing Compliance Controls Catalogue (C5)
CCCS Assessment

CCCS Assessment

Canadian Centre for Cyber Security (CCCS) Assessment
CSA STAR

CSA STAR

Registry of security and privacy controls for cloud computing offerings
CS Gold Mark

CS Gold Mark

CS Gold Mark certifies our security level to be equivalent to the ISO/IEC 27017 standard
CyberGRX

CyberGRX

CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment
Disaster Recovery & BCP

Disaster Recovery & BCP

Business Continuity and Disaster Recovery
DoD IL2

DoD IL2

Cloud computing security requirements for the US Department of Defense for Impact Level 2
DoD IL4

DoD IL4

Cloud computing security requirements for the US Department of Defense for Impact Level 4
EU Cloud Code of Conduct

EU Cloud Code of Conduct

Adherence with EU Cloud Code of Conduct
External Security Assessments

External Security Assessments

Attestation of penetration tests and security assessments performed by third parties
FedRAMP High

FedRAMP High

U.S. government program providing a standard approach to security, authorization and monitoring
FedRAMP Moderate

FedRAMP Moderate

U.S. government program providing a standard approach to security, authorization and monitoring
Financial Services Compliance

Financial Services Compliance

How Salesforce helps support financial service institutions with regulatory requirements
GDPR

GDPR

How Salesforce helps support our customers on their GDPR compliance journeys
HIPAA

HIPAA

U.S. Privacy requirements for personal health information held by covered entities
HITRUST

HITRUST

Comprehensive, flexible and efficient approach to regulatory compliance and risk management
IRAP

IRAP

Security assessment for Australian government customers
IRS 1075

IRS 1075

U.S. government program providing guidance to protect the confidentiality of Federal Tax Information (FTI)
ISMAP

ISMAP

Japanese government program to assess and register cloud services that meet government security requirements
ISO 27001

ISO 27001

Compliance with specific information security and risk management requirements
ISO 27017

ISO 27017

Adherence with ISO/IEC 27002 Code of Practice controls for cloud services
ISO 27018

ISO 27018

Adherence with Code of Practice controls for protection of personal information
NEN 7510

NEN 7510

Protecting health information for organizations in the Netherlands
NHS DSPT

NHS DSPT

Online self-assessment tool for UK organizations
NIST SP 800-171

NIST SP 800-171

U.S. security requirements for protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
PCI DSS

PCI DSS

Validation of controls around cardholder data to reduce credit card fraud
PrivacyMark

PrivacyMark

Privacy-centric certification for organizations in Japan
Privacy Shield

Privacy Shield

A framework for complying with EU General Data Protection Regulation (GDPR) requirements
Salesforce BCRs

Salesforce BCRs

Binding Corporate Rules for the Processing of European Personal Data
SOC 1

SOC 1

Type II report covering internal controls over financial reporting systems
SOC 2

SOC 2

Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy
SOC 3

SOC 3

Public report of Security, Availability, Integrity, Confidentiality, and Privacy controls
Spain Esquema Nacional de Seguridad (ENS)

Spain Esquema Nacional de Seguridad (ENS)

Set of security standards applied to service providers for servicing the Spanish Public Sector and government agencies
Standard Questionnaires, FAQ's and Whitepapers

Standard Questionnaires, FAQ's and Whitepapers

Standardised questionnaires from industry groups, answers to common questions and white papers
TISAX

TISAX

A European information security assessment (ISA) for the automotive industry.
TRUSTe Privacy Verified Seal

TRUSTe Privacy Verified Seal

Responsible data collection and processing practices consistent with regulatory expectations
UK Cyber Essentials Plus

UK Cyber Essentials Plus

UK government information security assurance scheme
WCAG 2.1 AA

WCAG 2.1 AA

WCAG defines how to make web content more accessible to people with disabilities

Additional Information

Trailhead

© Copyright 2023 Salesforce, Inc. All rights reserved.