SalesforceSalesforce / Trust

Categories

Explore our document categories organized by certification type. Each category contains essential compliance documentation to help you meet industry standards and regulatory requirements.

APEC Certification for Processors and Controllers

APEC Certification for Processors and Controllers

Asia-Pacific Economic Cooperation Privacy Recognition for Processors Certification

C5 (ISAE 3000)

C5 (ISAE 3000)

ISAE 3000 Report on the Cloud Computing Compliance Controls Catalogue (C5)

CCCS Assessment

CCCS Assessment

Canadian Centre for Cyber Security (CCCS) Assessment

CJIS

CJIS

Establishes and enforces rigorous security standards to protect sensitive criminal justice information

CSA STAR

CSA STAR

Registry of security and privacy controls for cloud computing offerings

Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA)

European Union's Digital Operational Resilience Act (DORA), addressing digital operational risk for the financial sector

DoD IL2

DoD IL2

Cloud computing security requirements for the US Department of Defense for Impact Level 2

DoD IL4

DoD IL4

Cloud computing security requirements for the US Department of Defense for Impact Level 4

DoD IL5

DoD IL5

Cloud computing security requirements for the US Department of Defense for Impact Level 5

EU Cloud Code of Conduct

EU Cloud Code of Conduct

Adherence with EU Cloud Code of Conduct, Verification-ID: 2022LVL02SCOPE3110 and 2022LVL02SCOPE3111

External Security Assessments

External Security Assessments

Attestation of penetration tests and security assessments performed by third parties

FAQ's and White Papers

FAQ's and White Papers

Answers to common questions and white papers

FedRAMP High

FedRAMP High

U.S. government program providing a standard approach to security, authorization and monitoring

FedRAMP Moderate

FedRAMP Moderate

U.S. government program providing a standard approach to security, authorization and monitoring

Financial Services Compliance

Financial Services Compliance

How Salesforce helps support financial service institutions with regulatory requirements

GDPR

GDPR

How Salesforce helps support our customers on their GDPR compliance journeys

General Compliance Related Documents

General Compliance Related Documents

Documents referenced from the Main Subscription Agreement (MSA).

HIPAA

HIPAA

U.S. Privacy requirements for personal health information held by covered entities

HITRUST

HITRUST

Comprehensive, flexible and efficient approach to regulatory compliance and risk management

IRAP

IRAP

Security assessment for Australian government customers

ISMAP

ISMAP

Japanese government program to assess and register cloud services that meet government security requirements

ISO 27001

ISO 27001

Compliance with specific information security and risk management requirements

ISO 27017

ISO 27017

Adherence with ISO/IEC 27002 Code of Practice controls for cloud services

ISO 27018

ISO 27018

Adherence with Code of Practice controls for protection of personal information

ISO 9001:2015

ISO 9001:2015

ISO 9001 is a global standard for quality management systems to ensure consistent quality.

NEN 7510

NEN 7510

Protecting health information for organizations in the Netherlands

NIST SP 800-171

NIST SP 800-171

U.S. security requirements for protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Other Reports and Certificates

Other Reports and Certificates

Various reports and certificates not applicable to other categories

PCI DSS

PCI DSS

Validation of controls around cardholder data to reduce credit card fraud

PrivacyMark

PrivacyMark

Privacy-centric certification for organizations in Japan

Resilience, BCP & DR

Resilience, BCP & DR

Business Continuity and Disaster Recovery

Salesforce BCRs

Salesforce BCRs

Binding Corporate Rules for the Processing of European Personal Data

SOC 1

SOC 1

Type II report covering internal controls over financial reporting systems

SOC 2

SOC 2

Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy

SOC 3

SOC 3

Public report of Security, Availability, Integrity, Confidentiality, and Privacy controls

Spain Esquema Nacional de Seguridad (ENS)

Spain Esquema Nacional de Seguridad (ENS)

Set of security standards applied to service providers for servicing the Spanish Public Sector and government agencies

TISAX

TISAX

A European information security assessment (ISA) for the automotive industry.

TX-RAMP

TX-RAMP

Texas Risk and Authorization Management Program provides a stand approach for security assessment and authorization

U.S. Data Privacy Framework (DPF)

U.S. Data Privacy Framework (DPF)

A framework for complying with EU, UK and Swiss privacy requirements

WCAG 2.2 AA

WCAG 2.2 AA

WCAG defines how to make web content more accessible to people with disabilities