SalesforceSalesforce / Trust

ISO Statement of Applicability (EN)

The Statement of Applicability is a required document in the ISO 27001, ISO 27017, ISO 27018, NEN 7510, HDS, and ENS certification process. This document delineates the Annex A controls that our organization has identified as crucial for mitigating information security risks. Additionally, it explicitly states any Annex A controls that have been intentionally excluded.

Files

Available versions for download

Reporting Start DateReporting End DateNotesActions
2025-11-10--
Login to download

Services covered

Services related to this document

Agentforce & Einstein Platform

Agentforce & Einstein Platform

Applicable to the services and features branded as: Agentforce (collectively, “Agentforce”) which includes the following features: Agentforce Assistant, Agentforce Sales Coach, Agentforce SDR, Agent

B2C Commerce / Commerce Cloud (Hyperforce)

B2C Commerce / Commerce Cloud (Hyperforce)

Applicable to the services branded as B2C Commerce/Commerce Cloud on Hyperforce

Data Cloud

Data Cloud

Applicable to the services branded as Data Cloud, Customer Data Cloud (aka Salesforce Data Cloud), or Customer Data Platform (formerly branded as Salesforce CDP).

Heroku

Heroku

Applicable to the services branded as Heroku.

Marketing Cloud - Account Engagement

Marketing Cloud - Account Engagement

Applicable to the services branded as Marketing Cloud Account Engagement (formerly branded as Pardot).

Marketing Cloud - Advertising

Marketing Cloud - Advertising

Applicable to the services branded as Marketing Cloud - Advertising

Marketing Cloud - Engagement (First Party)

Marketing Cloud - Engagement (First Party)

Applicable to the services branded as Marketing Cloud - Engagement

Marketing Cloud - Engagement (Hyperforce)

Marketing Cloud - Engagement (Hyperforce)

Applicable to the services branded as Marketing Cloud - Engagement

Marketing Cloud - Growth

Marketing Cloud - Growth

Applicable to the services branded as Marketing Cloud - Growth

Marketing Cloud - Intelligence

Marketing Cloud - Intelligence

Applicable to the services branded as Marketing Cloud - Intelligence

Marketing Cloud - Personalization

Marketing Cloud - Personalization

Applicable to the services branded as Marketing Cloud - Personalization

MuleSoft

MuleSoft

Applicable to the services branded as MuleSoft or the Anypoint Platform (MuleSoft Services).

Quip

Quip

Applicable to the services branded as Quip

Salesforce Professional Services

Salesforce Professional Services

Applicable to professional services performed by SFDC, its Affiliates, or its or their respective permitted subcontractors under an SOW or Order Form, including the provision of any Deliverables speci

Salesforce Services (First Party)

Salesforce Services (First Party)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Rela

Salesforce Services (Hyperforce)

Salesforce Services (Hyperforce)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Rela

Tableau Cloud

Tableau Cloud

Applicable to the services branded as Tableau Cloud