SalesforceSalesforce / Trust
ISO/IEC 27017:2015 Certificate

ISO/IEC 27017:2015 Certificate

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers. The standard advises both cloud service customers and cloud service providers, with the primary guidance laid out side-by-side in each section.

Files

Available versions for download

Reporting Start DateReporting End DateNotesActions
2025-07-172027-01-27-
Login to download

Services covered

Services related to this document

Agentforce & Einstein Platform

Agentforce & Einstein Platform

Applicable to the services and features branded as: Agentforce (collectively, “Agentforce”) which

B2C Commerce / Commerce Cloud (Hyperforce)

B2C Commerce / Commerce Cloud (Hyperforce)

Applicable to the services branded as B2C Commerce/Commerce Cloud on Hyperforce

Data Cloud

Data Cloud

Applicable to the services branded as Data Cloud, Customer Data Cloud (aka Salesforce Data Cloud), o

General (not service specific)

General (not service specific)

Applicable to Salesforce as an entity without the context of a specific service (Corporate Services)

Heroku

Heroku

Applicable to the services branded as Heroku.

Marketing Cloud - Account Engagement

Marketing Cloud - Account Engagement

Applicable to the services branded as Marketing Cloud Account Engagement (formerly branded as Pardot

Marketing Cloud - Advertising

Marketing Cloud - Advertising

Applicable to the services branded as Marketing Cloud - Advertising

Marketing Cloud - Engagement (Hyperforce)

Marketing Cloud - Engagement (Hyperforce)

Applicable to the services branded as Marketing Cloud - Engagement

Marketing Cloud - Growth

Marketing Cloud - Growth

Applicable to the services branded as Marketing Cloud - Growth

Marketing Cloud - Intelligence

Marketing Cloud - Intelligence

Applicable to the services branded as Marketing Cloud - Intelligence

MuleSoft

MuleSoft

Applicable to the services branded as MuleSoft or the Anypoint Platform (MuleSoft Services).

Quip

Quip

Applicable to the services branded as Quip

Salesforce Government Cloud Plus

Salesforce Government Cloud Plus

Please note that some documents listed below are specific to FedRAMP-authorized environments and the

Salesforce Government Cloud Plus - Defense

Salesforce Government Cloud Plus - Defense

Applicable only to the environment branded and sold as Government Cloud Plus - Defense Government C

Salesforce Professional Services

Salesforce Professional Services

Applicable to professional services performed by SFDC, its Affiliates, or its or their respective pe

Salesforce Services (First Party)

Salesforce Services (First Party)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter,

Salesforce Services (Hyperforce)

Salesforce Services (Hyperforce)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter,

Tableau Cloud

Tableau Cloud

Applicable to the services branded as Tableau Cloud

Tableau Next

Tableau Next

Applicable to the services branded as Tableau Next, including the underlying Data Cloud, Tableau Sem