Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

PCI DSS 4.0.1 Letter of Engagement - 6.4.2, 6.4.3, and 11.6.1

PCI DSS B2B Commerce B2C Commerce / Commerce Cloud Heroku Salesforce Services, Sales Cloud, Service Cloud and Industries

The PCI Responsibility Matrix outlines which parties (e.g., service providers like Salesforce and their customers) are accountable for specific PCI DSS controls required to protect payment card data. It serves as a guide for defining shared and individual responsibilities, ensuring that each party understands its role in maintaining compliance.

Latest version

Covers period 2025-03-28 through 2026-03-28

Last updated on 2025-03-28