Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

External Security Assessments

Attestation of penetration tests and security assessments performed by third parties. The document does not contain details of any vulnerabilities or findings and is intended only to provide information on the tests performed and scope of testing. As verified by external audits, vulnerabilities discovered during testing are tracked and resolved in accordance with corporate policy and industry best practice.

Applicable documents by service

Sort by: Document	Sort by: Last Updated	Infrastructure	Sort by: Service
Vulnerability/Penetration Report Summary - Advertising Studio	2022-05-12	First party	Marketing Cloud Marketing Cloud
Vulnerability/Penetration Report Summary - B2C Business Manager + OCAPI	2022-05-12	First party, AWS	B2C Commerce / Commerce Cloud B2C Commerce / Commerce Cloud
Vulnerability/Penetration Report Summary - Tableau Online (TOL)	2022-05-12	AWS	Tableau Tableau
Vulnerability/Penetration Report Summary - Tableau CRM Mobile (Andr./iOS)	2022-05-11	First party	Salesforce Services and Additional Services Salesforce Government Cloud Salesforce Services and Additional Services Salesforce Government Cloud
Vulnerability/Penetration Report Summary - Commerce Cloud Order Management	2022-05-05	First party	B2C Commerce / Commerce Cloud B2C Commerce / Commerce Cloud
Vulnerability/Penetration Report Summary - Vlocity Managed Packages	2022-05-03	First party	Vlocity Vlocity
Vulnerability/Penetration Report Summary - Philanthropy Cloud Mobile (Andr./iOS)	2022-04-27	AWS	LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Vulnerability/Penetration Report Summary - Sales Cloud Einstein	2022-04-27	AWS	Einstein Platform Einstein Platform
Vulnerability/Penetration Report Summary - Salesforce Maps	2022-04-26	First party, AWS	Salesforce Services and Additional Services Salesforce Services and Additional Services
Vulnerability/Penetration Report Summary - Salesforce Services	2022-04-26	First party, AWS, Hyperforce	Salesforce Services and Additional Services Salesforce Government Cloud Salesforce Services and Additional Services Salesforce Government Cloud
Vulnerability/Penetration Report Summary - Service Cloud Einstein	2022-04-26	AWS	Einstein Platform Einstein Platform
Vulnerability/Penetration Report Summary - Tableau Desktop Application	2022-04-26	First party	Tableau Tableau
Vulnerability/Penetration Report Summary - ExactTarget	2022-02-23	First party	Marketing Cloud Marketing Cloud
Vulnerability/Penetration Report Summary - Salesforce Mobile (Andr./iOS)	2022-02-15	First party	Salesforce Services and Additional Services Salesforce Services and Additional Services
Vulnerability/Penetration Report Summary - Salesforce Authenticator (Andr./iOS)	2022-02-14	First party	Salesforce Services and Additional Services Salesforce Services and Additional Services
Vulnerability/Penetration Report Summary - Field Service Lightning (Andr./iOS)	2022-02-01	First party	Salesforce Services and Additional Services Salesforce Services and Additional Services
Vulnerability/Penetration Report Summary - Marketing Cloud Mobile (Andr./iOS)	2022-02-01	First party	Marketing Cloud Marketing Cloud
Vulnerability/Penetration Report Summary - Social Studio	2022-02-01	First party	Marketing Cloud Marketing Cloud
Vulnerability/Penetration Report Summary - Tableau Mobile (iOS/Android/Intune)	2022-01-19	AWS	Tableau Tableau
Vulnerability/Penetration Report Summary - Interaction Studio	2022-01-13	AWS	Marketing Cloud Marketing Cloud
Vulnerability/Penetration Report Summary - myTrailhead	2022-01-05	AWS	LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Vulnerability/Penetration Report Summary - Tableau Server	2021-12-16	First party	Tableau Tableau
Vulnerability/Penetration Report Summary - Slack	2021-12-09	AWS	Slack Slack
Vulnerability/Penetration Report Summary - Quip	2021-12-08	AWS	LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Vulnerability/Penetration Report Summary - Heroku	2021-11-18	AWS	Heroku Heroku
Vulnerability/Penetration Report Summary - MuleSoft	2021-11-15	AWS	MuleSoft MuleSoft
Vulnerability/Penetration Report Summary - MacOS Tableau Desktop Application	2021-10-14	First party	Tableau Tableau
Vulnerability/Penetration Report Summary - Pardot	2021-10-08	AWS	Pardot Pardot
Vulnerability/Penetration Report Summary - Salesforce CDP	2021-10-08	Hyperforce	Salesforce CDP Salesforce CDP
Vulnerability/Penetration Report Summary - Salesforce Services Data Mask Add-on	2021-10-06	First party, AWS	Salesforce Services and Additional Services Salesforce Services and Additional Services
Vulnerability/Penetration Report Summary - Omni Channel Inventory	2021-09-01	AWS, Hyperforce	B2C Commerce / Commerce Cloud B2C Commerce / Commerce Cloud
Vulnerability/Penetration Report Summary - Tableau CRM & Einstein Discovery	2021-07-29	First party	Salesforce Services and Additional Services Salesforce Government Cloud Salesforce Services and Additional Services Salesforce Government Cloud
Vulnerability/Penetration Report Summary - Salesforce Inbox Mobile (Andr./iOS)	2021-05-25	First party	Einstein Platform Einstein Platform
Vulnerability/Penetration Report Summary - Salesforce Maps Mobile (Andr./iOS)	2021-05-25	First party, AWS	Salesforce Services and Additional Services Salesforce Services and Additional Services
Vulnerability/Penetration Report Summary - Datorama	2021-05-14	AWS	Marketing Cloud Marketing Cloud
Vulnerability/Penetration Report Summary - ClickSoftware FSE - WebApp & API	2021-02-23	AWS	ClickSoftware Field Service Edge (FSE) ClickSoftware Field Service Edge (FSE)
Vulnerability/Penetration Report Summary - Salesforce.org Philanthropy Cloud	2021-01-21	AWS	LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Vulnerability/Penetration Report Summary-Hyperforce/Unified Cloud Infrastructure	2021-01-13	Hyperforce	Salesforce Services and Additional Services Salesforce Services and Additional Services
Vulnerability/Penetration Report Summary - Audience Studio and Data Studio	2020-12-11	AWS	Audience Studio and Data Studio Audience Studio and Data Studio
Vulnerability/Penetration Report Summary - Marketing Cloud Einstein	2020-12-11	AWS	Marketing Cloud Marketing Cloud
Vulnerability/Penetration Report Summary - B2B Commerce	2020-09-09	First party	B2B Commerce B2B Commerce
Vulnerability/Penetration Report Summary - Messaging and LiveMessage	2020-08-07	AWS	Salesforce Services and Additional Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate Salesforce Services and Additional Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate Salesforce Government Cloud Show more
Vulnerability/Penetration Report Summary - Einstein Vision, Language & Voice	2020-08-03	AWS	Einstein Platform Einstein Platform

Trust | Compliance

External Security Assessments

Applicable documents by service

Additional Information

Trailhead