Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

PCI DSS

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC). Additional information can be found at https://www.pcisecuritystandards.org

Applicable services and documents

Document	Last Updated	Service	Actions
Network Vulnerability Assessment	2019-07-15	Commerce Cloud - B2B Commerce Community Cloud Einstein Analytics Einstein Analytics - Einstein Discovery Financial Services Cloud Health Cloud Other Lightning Platform Services Sales Cloud Sales Cloud - Salesforce CPQ and Billing Service Cloud	Info Download previous version
PCI Attestation of Compliance (AoC) - Commerce Cloud	2019-08-12	Commerce Cloud - B2C Commerce Commerce Cloud Order Management	Info Download previous version
PCI Attestation of Compliance (AoC) - Heroku	2018-07-20	Heroku	Info Download previous version
PCI Attestation of Compliance (AoC) - MuleSoft	2018-10-25	MuleSoft	Info Download previous version
PCI Attestation of Compliance (AoC) - Salesforce Services	2018-07-17	Commerce Cloud - B2B Commerce Community Cloud Einstein Analytics Financial Services Cloud Health Cloud Other Lightning Platform Services Sales Cloud Sales Cloud - Salesforce CPQ and Billing Service Cloud Service Cloud - Lightning LiveMessage	Info Download previous version
PCI Responsibility Matrix - Commerce Cloud	2019-10-01	Commerce Cloud - B2C Commerce Commerce Cloud Order Management	Info Download previous version