Salesforce ComplianceSalesforce / Trust
Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Categories

APEC Certification for Processors and Controllers
APEC Certification for Processors and Controllers
Asia-Pacific Economic Cooperation Privacy Recognition for Processors Certification
ASP/SaaS
ASP/SaaS
Information Disclosure Certification System for organizations in Japan
C5 (ISAE 3000)
C5 (ISAE 3000)
ISAE 3000 Report on the Cloud Computing Compliance Controls Catalogue (C5)
CCCS Assessment
CCCS Assessment
Canadian Centre for Cyber Security (CCCS) Assessment
CJIS
CJIS
Establishes and enforces rigorous security standards to protect sensitive criminal justice information
CSA STAR
CSA STAR
Registry of security and privacy controls for cloud computing offerings
CS Gold Mark
CS Gold Mark
CS Gold Mark certifies our security level to be equivalent to the ISO/IEC 27017 standard
CyberGRX
CyberGRX
CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment
Disaster Recovery & BCP
Disaster Recovery & BCP
Business Continuity and Disaster Recovery
DoD IL2
DoD IL2
Cloud computing security requirements for the US Department of Defense for Impact Level 2
DoD IL4
DoD IL4
Cloud computing security requirements for the US Department of Defense for Impact Level 4
DoD IL5
DoD IL5
Cloud computing security requirements for the US Department of Defense for Impact Level 5
EU Cloud Code of Conduct
EU Cloud Code of Conduct
Adherence with EU Cloud Code of Conduct, Verification-ID: 2022LVL02SCOPE3110 and 2022LVL02SCOPE3111
External Security Assessments
External Security Assessments
Attestation of penetration tests and security assessments performed by third parties
FAQ's and White Papers
FAQ's and White Papers
Answers to common questions and white papers
FedRAMP High
FedRAMP High
U.S. government program providing a standard approach to security, authorization and monitoring
FedRAMP Moderate
FedRAMP Moderate
U.S. government program providing a standard approach to security, authorization and monitoring
Financial Services Compliance
Financial Services Compliance
How Salesforce helps support financial service institutions with regulatory requirements
GDPR
GDPR
How Salesforce helps support our customers on their GDPR compliance journeys
HDS
HDS
Enables certified companies to host French personal health data
HIPAA
HIPAA
U.S. Privacy requirements for personal health information held by covered entities
HITRUST
HITRUST
Comprehensive, flexible and efficient approach to regulatory compliance and risk management
IRAP
IRAP
Security assessment for Australian government customers
IRS 1075
IRS 1075
U.S. government program providing guidance to protect the confidentiality of Federal Tax Information (FTI)
ISMAP
ISMAP
Japanese government program to assess and register cloud services that meet government security requirements
ISO 27001
ISO 27001
Compliance with specific information security and risk management requirements
ISO 27017
ISO 27017
Adherence with ISO/IEC 27002 Code of Practice controls for cloud services
ISO 27018
ISO 27018
Adherence with Code of Practice controls for protection of personal information
NEN 7510
NEN 7510
Protecting health information for organizations in the Netherlands
NHS DSPT
NHS DSPT
Online self-assessment tool for UK organizations
NIST SP 800-171
NIST SP 800-171
U.S. security requirements for protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
PCI DSS
PCI DSS
Validation of controls around cardholder data to reduce credit card fraud
PrivacyMark
PrivacyMark
Privacy-centric certification for organizations in Japan
Privacy Verified Seal
Privacy Verified Seal
Responsible data collection and processing practices consistent with regulatory expectations
Salesforce BCRs
Salesforce BCRs
Binding Corporate Rules for the Processing of European Personal Data
SOC 1
SOC 1
Type II report covering internal controls over financial reporting systems
SOC 2
SOC 2
Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy
SOC 3
SOC 3
Public report of Security, Availability, Integrity, Confidentiality, and Privacy controls
Spain Esquema Nacional de Seguridad (ENS)
Spain Esquema Nacional de Seguridad (ENS)
Set of security standards applied to service providers for servicing the Spanish Public Sector and government agencies
TISAX
TISAX
A European information security assessment (ISA) for the automotive industry.
TX-RAMP
TX-RAMP
Texas Risk and Authorization Management Program provides a stand approach for security assessment and authorization
UK Cyber Essentials Plus
UK Cyber Essentials Plus
UK government information security assurance scheme
U.S. Data Privacy Framework (DPF)
U.S. Data Privacy Framework (DPF)
A framework for complying with EU, UK and Swiss privacy requirements
WCAG 2.1 AA
WCAG 2.1 AA
WCAG defines how to make web content more accessible to people with disabilities