Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.
Applicable to the services branded as Audience Studio and Data Studio (formerly branded as Krux). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as B2B Commerce (formerly branded as Cloud Craze). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as B2C Commerce/Commerce Cloud (formerly branded as Demandware). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Customer 360 Data Manager. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Data.com. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Desk.com. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Einstein Analytics (including Einstein Discovery provisioned after October 16, 2018). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Einstein Discovery Classic (formerly known as BeyondCore). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services and features branded as Sales Cloud Einstein, Pardot Einstein, Salesforce Inbox, Einstein Engagement Scoring, Einstein Vision and Language Services, Einstein Bots, Service Cloud Einstein, Einstein Prediction Builder, and the Einstein Activity Capture feature ("Covered Services"). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable only to the environment branded and sold as Government Cloud. Salesforce Government Cloud is a partitioned instance of Salesforce’s industry-leading Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), multi-tenant community cloud infrastructure specifically for use by U.S. federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). Salesforce Government Cloud is comprised of the following Salesforce services: Lightning Platform, Sales, Service, Communities, Analytics, and Industry Solutions. The Salesforce Government Cloud instance meets requirements for processing, storing, and transmitting information at the security categorization of Moderate impact or below. More information on FedRAMP baselines and impact levels can be found here: https://www.fedramp.gov/understanding-baselines-and-impact-levels/ A list of current in-scope Salesforce products included in the authorization boundary is available at https://help.salesforce.com/articleView?id=000270080&language=en_US&type=1 Additional information is available at: http://pages.mail.salesforce.com/gettingstarted/government-cloud/ Please refer to the Salesforce Government Cloud listing for more information: https://marketplace.fedramp.gov/#/product/salesforce-government-cloud
Applicable only to the environment branded and sold as Government Cloud Plus. Salesforce Government Cloud is a partitioned instance of Salesforce’s industry-leading Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), multi-tenant community cloud infrastructure specifically for use by U.S. federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). Salesforce Government Cloud is comprised of the following Salesforce services: Lightning Platform, Sales, Service, Communities, Analytics, and Industry Solutions. The Salesforce Government Cloud instance meets requirements for processing, storing, and transmitting information at the security categorization of High impact or below. More information on FedRAMP baselines and impact levels can be found here: https://www.fedramp.gov/understanding-baselines-and-impact-levels/ A list of current in-scope Salesforce products included in the authorization boundary is available at https://help.salesforce.com/articleView?id=000270080&language=en_US&type=1 Additional information is available at: http://pages.mail.salesforce.com/gettingstarted/government-cloud/ Please refer to the Salesforce Government Cloud listing for more information: https://marketplace.fedramp.gov/#/product/salesforce-government-cloud
Applicable to the services branded as Heroku. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as IoT Cloud. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded or sold as (collectively, 'Marketing Cloud'): Advertising Studio (including Advertising Audiences, Advertising Campaigns and Social.com), Datorama, ExactTarget (including Email Studio, Journey Builder and Mobile Studio), Interaction Studio, Predictive Intelligence (including Predictive Email, Predictive Web, Web & Mobile Analytics, and Web Personalization), and Social Studio. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Salesforce LiveMessage (formerly branded as Heywire) and Messaging, together the "Messaging Services". Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as MuleSoft or the Anypoint Platform ("MuleSoft Services"). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as myTrailhead. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Pardot. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Quip. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as SalesforceIQ CRM (“SalesforceIQ”). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Applicable to the services branded as Sales Cloud, Service Cloud, Community Cloud, Chatter, Lightning Platform (including Force.com), IoT Explorer (including IoT Plus), Site.com, Database.com, Einstein Analytics (including Einstein Discovery), Work.com, Messaging, Financial Services Cloud, Health Cloud, Sustainability Cloud, Consumer Goods Cloud, Manufacturing Cloud, Salesforce CPQ and Salesforce Billing, Salesforce Maps, Salesforce Advisor Link, foundationConnect (provisioned on or after August 19, 2019). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/
Salesforce.com | Careers | Privacy Information
© Copyright 2020 Salesforce.com, inc. All rights reserved.