Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Documents

Sort by: Document	Sort by: Last Updated	Sort by: Certification	Service
Vulnerability/Penetration Report Summary - Quip	2021-01-12	External Security Assessments	Quip
SOC 1 Bridge (Gap) Letter - Corporate & Salesforce Services	2021-01-11	SOC 1	Einstein Analytics Government Cloud Government Cloud Plus myTrailhead Salesforce Services Vlocity
SOC 1 Bridge (Gap) Letter - Heroku	2021-01-11	SOC 1	Heroku
DR Summary - Heroku	2021-01-07	Disaster Recovery & BCP	Heroku
SOC 1 Report - Salesforce Services	2021-01-07	SOC 1	Einstein Analytics Einstein Platform Government Cloud Salesforce Services
SOC 2 Report - Salesforce Services	2021-01-07	SOC 2	Einstein Analytics Einstein Platform Government Cloud Salesforce Services
SOC 3 Report - Salesforce Services	2021-01-07	SOC 3	Salesforce Services
HITRUST Certificate - ExactTarget	2021-01-06	HITRUST	Marketing Cloud
HITRUST Certificate - Salesforce Services	2021-01-06	HITRUST	Einstein Analytics Government Cloud Salesforce Services
SOC 1 Report - Heroku	2021-01-05	SOC 1	Heroku
SOC 2 Report - Heroku	2021-01-05	SOC 2	Heroku
SOC 3 Report - Heroku	2021-01-05	SOC 3	Heroku
Vulnerability/Penetration Report Summary - Salesforce Services	2020-12-22	External Security Assessments	Government Cloud Salesforce Services
Vulnerability/Penetration Report Summary - Salesforce Mobile (Andr./iOS)	2020-12-21	External Security Assessments	Salesforce Services
Network Vulnerability Assessment	2020-12-20	PCI DSS	B2B Commerce Einstein Analytics Salesforce Services
SOC 2 Report - Field Service	2020-12-18	SOC 2	Salesforce Services
SOC 2 Report - Vlocity Digital Commerce Gateway & Order Management Plus	2020-12-18	SOC 2	Vlocity
SOC 2 Report - Vlocity Managed Packages	2020-12-18	SOC 2	Vlocity
SOC 1 Report - Corporate Services	2020-12-15	SOC 1	Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Desk.com Einstein Analytics Einstein Platform Government Cloud Government Cloud Plus Heroku IoT Cloud Marketing Cloud Messaging and LiveMessage MuleSoft myTrailhead Pardot Quip Salesforce IQ Salesforce Services Vlocity
SOC 2 Report - Audience Studio	2020-12-15	SOC 2	Audience Studio and Data Studio
SOC 2 Report - Corporate Services	2020-12-15	SOC 2	Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Data.com Desk.com Einstein Analytics Einstein Platform Government Cloud Government Cloud Plus Heroku IoT Cloud Marketing Cloud Messaging and LiveMessage MuleSoft myTrailhead Pardot Quip Salesforce IQ Salesforce Services Vlocity
SOC 2 Report - Einstein Bots	2020-12-15	SOC 2	Einstein Platform
SOC 2 Report - ExactTarget and Advertising Studio	2020-12-15	SOC 2	Marketing Cloud
SOC 2 Report - Pardot	2020-12-15	SOC 2	Pardot
Vulnerability/Penetration Report Summary - ExactTarget	2020-12-15	External Security Assessments	Marketing Cloud
BCP Summary	2020-12-08	Disaster Recovery & BCP	Audience Studio and Data Studio B2C Commerce / Commerce Cloud Einstein Analytics Marketing Cloud MuleSoft Pardot Salesforce Services
Network Vulnerability Assessment - Heroku	2020-12-03	PCI DSS	Heroku
SOC 3 Report - Datorama	2020-11-10	SOC 3	Marketing Cloud
SOC 3 Report - Einstein.AI	2020-11-10	SOC 3	Einstein Platform
SOC 3 Report - Einstein Platform	2020-11-10	SOC 3	Einstein Platform
SOC 3 Report - Quip	2020-11-10	SOC 3	Quip
CSA CAIQ - Tableau	2020-10-23	Standard Questionnaires, FAQ's and Whitepapers	Tableau
PCI Responsibility Matrix - Heroku	2020-10-14	PCI DSS	Heroku
DR Summary - Social Studio	2020-10-12	Disaster Recovery & BCP	Marketing Cloud
DR Summary - Pardot	2020-10-09	Disaster Recovery & BCP	Marketing Cloud Pardot
Vulnerability/Penetration Report Summary - myTrailhead	2020-10-06	External Security Assessments	myTrailhead
Vulnerability Response Plan Summary	2020-10-06	Standard Questionnaires, FAQ's and Whitepapers	Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Customer 360 Data Manager Data.com Desk.com Einstein Analytics Einstein Platform Government Cloud Government Cloud Plus Heroku IoT Cloud Marketing Cloud Messaging and LiveMessage MuleSoft MuleSoft Government Cloud myTrailhead Pardot Quip Salesforce IQ Salesforce.org Elevate Salesforce Services Tableau
Vulnerability/Penetration Report Summary - Salesforce Services Data Mask Add-on	2020-10-05	External Security Assessments	Salesforce Services
CSA CAIQ - Salesforce Services	2020-09-24	Standard Questionnaires, FAQ's and Whitepapers	Einstein Analytics Government Cloud Salesforce Services
SOC 1 Report - Mulesoft	2020-09-21	SOC 1	MuleSoft
SOC 2 Report - Mulesoft	2020-09-21	SOC 2	MuleSoft
CSA CAIQ - Mulesoft (EN)	2020-09-17	Standard Questionnaires, FAQ's and Whitepapers	MuleSoft
SOC 1 Bridge (Gap) Letter - Commerce Cloud	2020-09-15	SOC 1	B2C Commerce / Commerce Cloud
DR Summary - Audience Studio	2020-09-09	Disaster Recovery & BCP	Audience Studio and Data Studio Marketing Cloud
DR Summary - Datorama	2020-09-09	Disaster Recovery & BCP	Marketing Cloud
DR Testing (Site Switching) Summary	2020-09-02	Disaster Recovery & BCP	Einstein Analytics Salesforce Services
Vulnerability/Penetration Report Summary - Einstein Analytics	2020-08-26	External Security Assessments	Einstein Analytics Government Cloud Salesforce Services
PCI Attestation of Compliance (AoC) - Salesforce.org Elevate	2020-08-13	PCI DSS	Salesforce.org Elevate
SOC 2 Report - ClickSoftware	2020-08-13	SOC 2	ClickSoftware
PCI Attestation of Compliance (AoC) - Commerce Cloud	2020-08-07	PCI DSS	B2C Commerce / Commerce Cloud
IRAP Assessment letter [Official]	2020-08-04	IRAP	Salesforce Services
IRAP Customer Configuration User Guide Health Check [Official]	2020-08-04	IRAP	Salesforce Services
IRAP Customer Configuration User Guide [Official]	2020-08-04	IRAP	Salesforce Services
Salesforce ASD Essential Eight Maturity report	2020-08-04	IRAP	Salesforce Services
Salesforce Services IRAP Assessment Report [Official]	2020-08-04	IRAP	Salesforce Services
Security and Compliance Best Practices and FAQ - Work.com	2020-07-30	Standard Questionnaires, FAQ's and Whitepapers	Salesforce Services
International Transfers of EU Personal Data to Salesforce's Services FAQ	2020-07-29	Privacy Shield
Vulnerability/Penetration Report Summary - Pardot	2020-07-24	External Security Assessments	Pardot
UK Cyber Essentials Plus Certificate	2020-07-17	UK Cyber Essentials Plus
PCI Attestation of Compliance (AoC) - Salesforce Services	2020-07-15	PCI DSS	B2B Commerce Einstein Analytics Government Cloud Salesforce Services
PCI Responsibility Matrix - Salesforce Services	2020-07-15	PCI DSS	B2B Commerce Einstein Analytics Government Cloud Salesforce Services
SOC 2 Report - Datorama	2020-07-15	SOC 2	Marketing Cloud
TRUSTe APEC Processor Seal	2020-07-10	TRUSTe APEC Processor Seal	Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Customer 360 Data Manager Desk.com Einstein Analytics Einstein Platform Heroku IoT Cloud Marketing Cloud Messaging and LiveMessage MuleSoft myTrailhead Pardot Quip Salesforce Services
PCI Attestation of Compliance (AoC) - Heroku	2020-07-08	PCI DSS	Heroku
SOC 2 Report - Einstein.AI	2020-07-07	SOC 2	Einstein Platform
SOC 2 Report - Einstein Platform	2020-07-07	SOC 2	Einstein Platform
SOC 2 Report - Predictive Intelligence	2020-07-06	SOC 2	Marketing Cloud
SOC 2 Report - Social Studio	2020-07-06	SOC 2	Marketing Cloud
SOC 2 Report - Quip	2020-07-01	SOC 2	Quip
FedRAMP Government Cloud Plus	2020-06-17	FedRAMP High	Government Cloud Plus
DoD IL2 Government Cloud	2020-06-11	DoD IL2	Government Cloud
DoD IL2 Government Cloud Plus	2020-06-11	DoD IL2	Government Cloud Plus
DoD IL4	2020-06-11	DoD IL4	Government Cloud
FedRAMP Government Cloud	2020-06-10	FedRAMP Moderate	Government Cloud
SOC 2 Report - Tableau	2020-06-05	SOC 2	Tableau
SOC 3 Report - Tableau	2020-06-05	SOC 3	Tableau
Vulnerability/Penetration Report Summary - Social Studio	2020-05-14	External Security Assessments	Marketing Cloud
ASP/SaaS Certificate (Japan)	2020-05-13	ASP/SaaS	Einstein Analytics Salesforce Services
PrivacyMark Certificate (Japan)	2020-05-12	PrivacyMark
Vulnerability/Penetration Report Summary - Advertising Studio	2020-05-12	External Security Assessments	Marketing Cloud
SOC 1 Report - Government Cloud Plus	2020-04-30	SOC 1	Government Cloud Plus
SOC 2 Report - Government Cloud Plus	2020-04-30	SOC 2	Government Cloud Plus
SOC 2 Report - Salesforce Maps	2020-04-30	SOC 2	Salesforce Services
SOC 2 Report - Salesforce.org Elevate	2020-04-30	SOC 2	Salesforce.org Elevate
Salesforce Vulnerability Management Overview (EN)	2020-04-23	Standard Questionnaires, FAQ's and Whitepapers	Salesforce Services
Salesforce Vulnerability Management Overview (JP)	2020-04-23	Standard Questionnaires, FAQ's and Whitepapers	Salesforce Services
DR/BCP Summary - Commerce Cloud	2020-04-13	Disaster Recovery & BCP	B2C Commerce / Commerce Cloud
Vulnerability/Penetration Report Summary - Predictive Intelligence	2020-04-13	External Security Assessments	Marketing Cloud
Vulnerability/Penetration Report Summary - Datorama	2020-03-31	External Security Assessments	Marketing Cloud
ASIP Santé HDS Certificate	2020-03-12	ASIP Santé HDS	Audience Studio and Data Studio B2C Commerce / Commerce Cloud Einstein Analytics Einstein Platform Heroku Marketing Cloud MuleSoft Pardot Quip Salesforce Services
C5 (ISAE 3000) Report - Salesforce Services	2020-03-04	C5 (ISAE 3000)	Einstein Analytics Salesforce Services
CSA CAIQ - Heroku	2020-02-28	Standard Questionnaires, FAQ's and Whitepapers	Heroku
Vulnerability/Penetration Report Summary - Marketing Cloud Mobile (Andr./iOS)	2020-02-25	External Security Assessments	Marketing Cloud
Vulnerability/Penetration Report Summary - Salesforce Events Mobile (Andr./iOS)	2020-02-18	External Security Assessments	Salesforce Services
Vulnerability/Penetration Report Summary - Einstein Analytics Mobile (Andr./iOS)	2020-02-05	External Security Assessments	Einstein Analytics Government Cloud Salesforce Services
Report on compliance with NEN7510 requirements	2020-01-30	NEN 7510	Marketing Cloud Salesforce Services
BCP Summary - Mulesoft	2020-01-29	Disaster Recovery & BCP	MuleSoft
SOC 2 Report - DMP and Data Studio	2020-01-24	SOC 2	Audience Studio and Data Studio
ISO 27017 Certificate	2020-01-22	ISO 27017	Audience Studio and Data Studio B2C Commerce / Commerce Cloud Einstein Analytics Einstein Platform Government Cloud Government Cloud Plus Heroku Marketing Cloud Messaging and LiveMessage MuleSoft Pardot Quip Salesforce IQ Salesforce Services
ISO 27018 Certificate	2020-01-22	ISO 27018	Audience Studio and Data Studio B2C Commerce / Commerce Cloud Einstein Analytics Government Cloud Government Cloud Plus Heroku Marketing Cloud Messaging and LiveMessage MuleSoft Pardot Quip Salesforce IQ Salesforce Services
ISO 27001 Certificate	2020-01-21	ISO 27001	Audience Studio and Data Studio B2C Commerce / Commerce Cloud Einstein Analytics Einstein Platform Government Cloud Government Cloud Plus Heroku Marketing Cloud Messaging and LiveMessage MuleSoft Pardot Quip Salesforce IQ Salesforce Services
SOC 2 Report - Commerce Cloud Digital	2020-01-21	SOC 2	B2C Commerce / Commerce Cloud
SOC 2 Report - Commerce Cloud Order Management	2020-01-21	SOC 2	B2C Commerce / Commerce Cloud
Vulnerability/Penetration Report Summary - Heroku	2020-01-21	External Security Assessments	Heroku
CSA CAIQ - ExactTarget (EN)	2020-01-17	Standard Questionnaires, FAQ's and Whitepapers	Marketing Cloud
CSA CAIQ - ExactTarget (JP)	2020-01-17	Standard Questionnaires, FAQ's and Whitepapers	Marketing Cloud
SOC 1 Report - Commerce Cloud	2020-01-17	SOC 1	B2C Commerce / Commerce Cloud
Vulnerability/Penetration Report Summary - Field Service Lightning (Andr./iOS)	2020-01-10	External Security Assessments	Salesforce Services
Vulnerability/Penetration Report Summary - MuleSoft	2020-01-09	External Security Assessments	MuleSoft
Vulnerability/Penetration Report Summary - DMP and Data Studio	2020-01-03	External Security Assessments	Audience Studio and Data Studio
Vulnerability/Penetration Report Summary - Salesforce Inbox Mobile (Andr./iOS)	2019-12-20	External Security Assessments	Einstein Platform
DR/BCP Summary - Marketing Cloud	2019-12-12	Disaster Recovery & BCP	Marketing Cloud
PCI Attestation of Compliance (AoC) - MuleSoft	2019-12-12	PCI DSS	MuleSoft
Vulnerability/Penetration Report Summary - Messaging and LiveMessage	2019-11-19	External Security Assessments	Government Cloud Messaging and LiveMessage Salesforce Services
Vulnerability/Penetration Report Summary - Salesforce Authenticator (Andr./iOS)	2019-11-19	External Security Assessments	Salesforce Services
Privacy Shield Registration	2019-11-18	Privacy Shield	Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Einstein Analytics Einstein Platform Heroku Marketing Cloud Messaging and LiveMessage MuleSoft Pardot Quip Salesforce Services
Salesforce Binding Corporate Rules	2019-11-18	Salesforce BCRs	Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Einstein Analytics Einstein Platform Government Cloud Heroku IoT Cloud Marketing Cloud Messaging and LiveMessage MuleSoft myTrailhead Pardot Quip Salesforce Services Tableau Vlocity
ISO Statement of Applicability	2019-11-04	ISO 27001	Audience Studio and Data Studio B2C Commerce / Commerce Cloud Einstein Analytics Einstein Platform Government Cloud Government Cloud Plus Heroku Marketing Cloud Messaging and LiveMessage MuleSoft Pardot Quip Salesforce IQ Salesforce Services
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	2019-11-01	HIPAA	Government Cloud Government Cloud Plus Salesforce Services
Vulnerability/Penetration Report Summary - Einstein Vision, Language & Voice	2019-10-30	External Security Assessments	Einstein Platform
Vulnerability/Penetration Report Summary - B2B Commerce	2019-10-14	External Security Assessments	B2B Commerce
DR/BCP Summary - Salesforce Services	2019-10-04	Disaster Recovery & BCP	Einstein Analytics Salesforce Services
PCI Responsibility Matrix - Commerce Cloud	2019-10-01	PCI DSS	B2C Commerce / Commerce Cloud
Incident Response Plan Summary	2019-09-16	Standard Questionnaires, FAQ's and Whitepapers	Audience Studio and Data Studio B2B Commerce B2C Commerce / Commerce Cloud Customer 360 Data Manager Data.com Desk.com Einstein Analytics Einstein Platform Government Cloud Government Cloud Plus Heroku IoT Cloud Marketing Cloud Messaging and LiveMessage MuleSoft MuleSoft Government Cloud myTrailhead Pardot Quip Salesforce IQ Salesforce.org Elevate Salesforce Services Tableau Vlocity
CSA CAIQ - Mulesoft (JP)	2019-09-10	Standard Questionnaires, FAQ's and Whitepapers	MuleSoft
NISC Security Standard (Japan)	2019-08-08	Standard Questionnaires, FAQ's and Whitepapers	Einstein Analytics Salesforce Services
CSA CAIQ - Pardot (EN)	2019-06-18	Standard Questionnaires, FAQ's and Whitepapers	Pardot
CSA CAIQ - Pardot (JP)	2019-06-18	Standard Questionnaires, FAQ's and Whitepapers	Pardot
CSA CAIQ - Quip	2019-06-18	Standard Questionnaires, FAQ's and Whitepapers	Quip
Vulnerability/Penetration Report Summary - Service Cloud Einstein	2019-05-29	External Security Assessments	Einstein Platform
CSA CAIQ - DMP and Data Studio	2019-05-01	Standard Questionnaires, FAQ's and Whitepapers	Audience Studio and Data Studio
Vulnerability/Penetration Report Summary - Sales Cloud Einstein	2019-04-23	External Security Assessments	Einstein Platform
FISC (Japan)	2019-02-26	Standard Questionnaires, FAQ's and Whitepapers	Einstein Analytics Salesforce Services
CS Gold Mark License (Japan)	2018-09-26	CS Gold Mark	Einstein Analytics Salesforce Services
Vulnerability/Penetration Report Summary - Einstein Discovery	2017-12-07	External Security Assessments	Government Cloud Salesforce Services
Financial Services Cloud Resources	N/A	Financial Services Compliance	Einstein Analytics Salesforce Services
GDPR - DPIA Commerce Cloud	N/A	GDPR	B2C Commerce / Commerce Cloud
GDPR - DPIA General Whitepaper	N/A	GDPR	B2C Commerce / Commerce Cloud Data.com Einstein Analytics Government Cloud Government Cloud Plus Marketing Cloud myTrailhead Salesforce Services Vlocity
GDPR - DPIA Marketing Cloud Services	N/A	GDPR	Marketing Cloud
GDPR - DPIA Salesforce Services	N/A	GDPR	Einstein Analytics Government Cloud Government Cloud Plus Salesforce Services
[Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	N/A	HIPAA	Government Cloud Government Cloud Plus Heroku Marketing Cloud MuleSoft Quip Salesforce Services

Trust | Compliance

Documents

Additional Information

Trailhead