Trust | Compliance

CertificationsServicesDocuments
Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Services

Audience Studio and Data Studio

Audience Studio and Data Studio

Applicable to the services branded as Audience Studio and Data Studio (formerly branded as Krux). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
B2B Commerce

B2B Commerce

Applicable to the services branded as B2B Commerce (formerly branded as Cloud Craze). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
B2C Commerce / Commerce Cloud

B2C Commerce / Commerce Cloud

Applicable to the services branded as B2C Commerce/Commerce Cloud, Einstein Predictive Sort. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
ClickSoftware Field Service Edge (FSE)

ClickSoftware Field Service Edge (FSE)

Applicable to the services branded as ClickSoftware Field Service Edge (FSE) Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Customer 360 Data Manager

Customer 360 Data Manager

Applicable to the services branded as Customer 360 Data Manager. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Data.com

Data.com

Applicable to the services branded as Data.com. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Einstein Platform

Einstein Platform

Applicable to the services and features branded as Sales Cloud Einstein, Pardot Einstein, Salesforce Inbox, High Velocity Sales, Einstein Engagement Scoring, Einstein Copy Insights, Einstein Vision and Language Services, Einstein Bots, Service Cloud Einstein, Einstein Prediction Builder, Einstein Vision for Social Studio, and the Einstein Features (Activity Capture, Opportunity Scoring, Bots, Case Classification, Article Recommendations, Object Detection, and Prediction Builder). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Government Cloud

Government Cloud

Applicable only to the environment branded and sold as Government Cloud. Salesforce Government Cloud is a partitioned instance of Salesforce’s industry-leading Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), multi-tenant community cloud infrastructure specifically for use by U.S. federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). The Salesforce Government Cloud environment maintains the following U.S. Government authorizations: 1) Federal Risk and Authorization Management Program (FedRAMP) Moderate Authority to Operate (ATO) 2) Department of Defense (DoD) Impact Level 2 Provisional Authorization (PA) (based FedRAMP Moderate ATO) 3) Department of Defense (DoD) Impact Level 4 PA Additionally, the Salesforce Government Cloud has the following compliance certifications: SOC 1 & 2, PCI-DSS, ISO 27001, ISO 27017, ISO 27018, and HITRUST. Detailed compliance documentation related to the Salesforce Government Cloud’s U.S. Government authorizations may be obtained by U.S. Federal Government personnel via OMB MAX upon completing and submitting the Package Access Request Form available on the FedRAMP Marketplace (https://marketplace.fedramp.gov/#!/product/salesforce-government-cloud?sort=productName). Other organizations may request this documentation from their Salesforce account representative.
Government Cloud Plus

Government Cloud Plus

Applicable only to the environment branded and sold as Government Cloud Plus. Salesforce Government Cloud Plus is a partitioned instance of Salesforce’s industry-leading Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), multi-tenant community cloud infrastructure specifically for use by U.S. federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). In May 2020, the Salesforce Government Cloud Plus environment has received the following U.S. Government authorizations: 1) Federal Risk and Authorization Management Program (FedRAMP) High Authority to Operate (ATO) 2) Department of Defense (DoD) Impact Level 2 Provisional Authorization (PA) (based FedRAMP High ATO) Additionally, the Salesforce Government Cloud Plus has the following compliance certifications: SOC 1 & 2, ISO 27001, ISO 27017, and ISO 27018. Detailed compliance documentation related to the Salesforce Government Cloud’s U.S. Government authorization may be obtained by U.S. Federal Government personnel via submitting the Package Access Request Form available on the FedRAMP Marketplace (https://marketplace.fedramp.gov/#!/product/salesforce-government-cloud-plus?sort=productName). Other organizations may request this documentation and other compliance certification documents relating to Government Cloud Plus from their Salesforce account representative.
Heroku

Heroku

Applicable to the services branded as Heroku. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
IoT Cloud

IoT Cloud

Applicable to the services branded as IoT Cloud. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate

LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate

Applicable to the services branded as LiveMessage, myTrailhead, Salesforce Anywhere (including Quip), Salesforce.org Philanthropy Cloud and Elevate. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Marketing Cloud

Marketing Cloud

Applicable to the services branded or sold as (collectively, 'Marketing Cloud'): Advertising Studio (including Advertising Audiences and Social.com), Datorama, ExactTarget (including Email Studio, Journey Builder and Mobile Studio), Interaction Studio (Legacy), Interaction Studio, Marketing Cloud Einstein (formerly branded as Predictive Intelligence), Social Studio, and Evergage. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
MuleSoft

MuleSoft

Applicable to the services branded as MuleSoft or the Anypoint Platform ("MuleSoft Services"). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
MuleSoft Government Cloud

MuleSoft Government Cloud

Applicable only to the services branded as MuleSoft Government Cloud. The MuleSoft Government Cloud is a secure, FedRAMP-compliant deployment environment that enables U.S. Government agencies to use the Anypoint Platform in the cloud. The Mulesoft Government Cloud environment has been granted an agency-sponsored provisional Authority to Operate (ATO) of *Moderate* impact or below.
Pardot

Pardot

Applicable to the services branded as Pardot. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Salesforce CDP

Salesforce CDP

Applicable to the services branded as Salesforce CDP (formerly branded as Customer 360 Audiences). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Salesforce Services and Additional Services

Salesforce Services and Additional Services

Applicable to the services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Relationship Intelligence, Emergency Program Management, Employee Productivity, Experience Cloud (formerly Community Cloud), Financial Services Cloud, Health Cloud, IoT Explorer (including IoT Plus), Intelligent Form Reader, IT Service Center - IT Agent, Lightning Platform (including Force.com and Salesforce Connect), Loyalty Cloud, Manufacturing Cloud, Messaging, Privacy Center, Public Sector Solutions, Sales Cloud, Service Cloud (including Field Services managed package), Salesforce Private Connect, Salesforce CPQ and Salesforce Billing, Salesforce Maps, Salesforce Order Management, Service Cloud, Service Cloud Voice, Shift Management, Site.com, Sustainability Cloud, Tableau CRM (formerly Einstein Analytics) (including Einstein Discovery), WDC, Workplace Command Center. Also applicable to the Salesforce.org LLC ("Salesforce.org") services branded as Accounting Subledger, Admissions Connect, foundationConnect (provisioned on or after August 19, 2019), Grants Management, Nonprofit Cloud Case Management, Salesforce Advisor Link, Salesforce.org Insights Platform: Data Integrity, Student Success Hub. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Slack

Slack

Applicable to the services branded as Slack. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Tableau

Tableau

Applicable to the services branded as Tableau Online, Tableau Server and Tableau Mobile. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Vlocity

Vlocity

Applicable to the services branded as Vlocity Communications package, Vlocity Media and Entertainment package, Vlocity Energy & Utilities or Vlocity Commodity package, Vlocity Insurance package, Vlocity Health package, Vlocity Government package, Vlocity Digital Commerce Gateway, and Vlocity Order Management Plus. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Vlocity Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/

Additional Information

Trailhead

© Copyright 2021 Salesforce.com, inc. All rights reserved.