Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

B2C Commerce / Commerce Cloud

Applicable to the services branded as B2C Commerce/Commerce Cloud, Einstein Predictive Sort.

Please refer to the "Audits and Certifications" section of the service-specific Security, Privacy and Architecture documentation for details regarding the security and privacy related audits and certifications received.

Applicable documents by category

Filter this list

Sort by Updated On
Name Salesforce Vulnerability Management Program Overview (JP)	Updated On 2025-04-11	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name SOC 1 Bridge (Gap) Letter - Commerce Cloud	Updated On 2025-04-02	Infrastructure First party	Category SOC 1
Name Salesforce Enterprise Resilience/BCP Summary	Updated On 2025-04-01	Infrastructure First party, AWS, Hyperforce	Category Resilience, BCP & DR
Name Salesforce Ransomware Mitigation Summary (JP)	Updated On 2025-03-31	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name PCI DSS 4.0.1 Letter of Engagement - 6.4.2, 6.4.3, and 11.6.1	Updated On 2025-03-28	Infrastructure First party, Hyperforce	Category PCI DSS
Name Salesforce Vulnerability Management Program Overview (EN)	Updated On 2025-03-25	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce Ransomware Mitigation Summary (EN)	Updated On 2025-03-24	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Vuln/Pen Report Summary - B2B, D2C, SOM, GenAI and Einstein for Commerce	Updated On 2025-03-18	Infrastructure First party, Hyperforce	Category External Security Assessments
Name Salesforce Distributed Denial of Service (DDoS) Risk Mitigation Overview	Updated On 2025-03-11	Infrastructure First party, AWS	Category FAQ's and White Papers
Name Vulnerability/Penetration Report Summary - B2C Mobify	Updated On 2025-02-05	Infrastructure AWS	Category External Security Assessments
Name ISO 9001:2015 - Salesforce, Inc.	Updated On 2025-01-31	Infrastructure First party	Category Other Reports and Certificates
Name Salesforce Data Cloud Security White Paper (JP)	Updated On 2025-01-31	Infrastructure Hyperforce	Category FAQ's and White Papers
Name Digital Operational Resilience Act (DORA) Frequently Asked Questions	Updated On 2025-01-28	Infrastructure First party, AWS, Hyperforce	Category Digital Operational Resilience Act (DORA)
Name Digital Operational Resilience Act (‘DORA’) Mapping	Updated On 2025-01-28	Infrastructure First party, AWS, Hyperforce	Category Digital Operational Resilience Act (DORA)
Name ISO Statement of Applicability (English)	Updated On 2025-01-28	Infrastructure First party, AWS, Hyperforce	Category ISO 27001
Name ISO Statement of Applicability (French)	Updated On 2025-01-28	Infrastructure First party, AWS, Hyperforce	Category ISO 27001
Name Salesforce Agentforce & Einstein Generative AI Security White Paper (EN)	Updated On 2025-01-26	Infrastructure Hyperforce	Category FAQ's and White Papers
Name Spain ENS High - Corporate Services	Updated On 2025-01-21	Infrastructure First party	Category Spain Esquema Nacional de Seguridad (ENS)
Name Salesforce Third Party Risk Management Overview	Updated On 2025-01-02	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Vulnerability Management and Response Plan Summary	Updated On 2025-01-02	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name HDS Certificate	Updated On 2024-12-20	Infrastructure First party, AWS, Hyperforce	Category Other Reports and Certificates
Name ISO/IEC 27001:2022 Certificate	Updated On 2024-12-20	Infrastructure First party, AWS, Hyperforce	Category ISO 27001
Name ISO/IEC 27017:2015 Certificate	Updated On 2024-12-20	Infrastructure First party, AWS, Hyperforce	Category ISO 27017
Name ISO/IEC 27018:2019 Certificate	Updated On 2024-12-20	Infrastructure First party, AWS, Hyperforce	Category ISO 27018
Name NEN 7510-1:2017 Certificate	Updated On 2024-12-20	Infrastructure First party, AWS, Hyperforce	Category NEN 7510
Name SOC 1 Report - Commerce Cloud	Updated On 2024-12-13	Infrastructure First party	Category SOC 1
Name SOC 2 Report - Commerce Cloud	Updated On 2024-12-13	Infrastructure First party	Category SOC 2
Name SOC 3 Report - Commerce Cloud	Updated On 2024-12-13	Infrastructure First party	Category SOC 3
Name SOC 1 Report - Corporate Services	Updated On 2024-12-09	Infrastructure First party, AWS, Hyperforce	Category SOC 1
Name SOC 2 Report - Corporate Services	Updated On 2024-12-09	Infrastructure First party, AWS, Hyperforce	Category SOC 2
Name Salesforce Secure Development Lifecycle Overview	Updated On 2024-12-05	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce Data Cloud Security White Paper (EN)	Updated On 2024-11-30	Infrastructure Hyperforce	Category FAQ's and White Papers
Name [Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	Updated On 2024-11-19	Infrastructure First party, AWS, Hyperforce	Category HIPAA
Name PCI Attestation of Compliance (AoC) - Commerce Cloud on Hyperforce	Updated On 2024-09-09	Infrastructure Hyperforce	Category PCI DSS
Name PCI Responsibility Matrix - Commerce Cloud on Hyperforce	Updated On 2024-09-09	Infrastructure Hyperforce	Category PCI DSS
Name Salesforce Security (Incident) Response Plan	Updated On 2024-09-05	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name GDPR - Data Protection Impact Assessments & Salesforce Services	Updated On 2024-08-14	Infrastructure First party, AWS, Hyperforce	Category GDPR
Name HITRUST Certificate - Salesforce Services on Hyperforce	Updated On 2024-08-07	Infrastructure Hyperforce	Category HITRUST
Name Vulnerability/Penetration Report Summary - B2C Business Manager + OCAPI + SFRA	Updated On 2024-08-01	Infrastructure First party, AWS	Category External Security Assessments
Name UK Cyber Essentials Plus Certificate	Updated On 2024-07-24	Infrastructure First party, AWS, Hyperforce	Category Other Reports and Certificates
Name DR/BCP Summary - Commerce Cloud	Updated On 2024-07-23	Infrastructure First party	Category Resilience, BCP & DR
Name PCI Attestation of Compliance (AoC) - Commerce Cloud on 1P	Updated On 2024-07-16	Infrastructure First party	Category PCI DSS
Name PCI Responsibility Matrix - Commerce Cloud on 1P	Updated On 2024-07-16	Infrastructure First party	Category PCI DSS
Name Salesforce EU Processor Binding Corporate Rules	Updated On 2024-07-01	Infrastructure First party, AWS, Hyperforce	Category Salesforce BCRs
Name Salesforce UK Processor Binding Corporate Rules	Updated On 2024-07-01	Infrastructure First party, AWS, Hyperforce	Category Salesforce BCRs
Name Salesforce Health & Safety Policy	Updated On 2024-06-26	Infrastructure First party, AWS, Hyperforce, Azure, GCP	Category Resilience, BCP & DR
Name Vulnerability/Penetration Report Summary - B2C Einstein, Reports and Dashboard	Updated On 2024-06-24	Infrastructure First party	Category External Security Assessments
Name TX-RAMP - Commerce Cloud Digital, CC Einstein, Commerce Cloud Managed	Updated On 2024-06-20	Infrastructure AWS	Category TX-RAMP
Name Einstein GPT Security White Paper (JP)	Updated On 2023-09-29	Infrastructure Hyperforce	Category FAQ's and White Papers
Name Security Perspective on the Shared Responsibility Model	Updated On 2023-07-24	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Data Privacy Framework (DPF) Registration	Updated On 2023-07-17	Infrastructure First party, AWS, Hyperforce	Category U.S. Data Privacy Framework (DPF)
Name Salesforce Security (Incident) Response Plan (JP)	Updated On 2022-10-04	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Security Perspective on the Shared Responsibility Model (JP)	Updated On 2022-08-02	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Vulnerability/Penetration Report Summary - 1CB2C (One Commerce)	Updated On 2022-07-12	Infrastructure First party	Category External Security Assessments
Name SOC 2 Report - Mobify (Commerce Cloud Managed Runtime)	Updated On 2022-01-18	Infrastructure First party	Category SOC 2
Name Vulnerability/Penetration Report Summary - Omni Channel Inventory	Updated On 2021-09-01	Infrastructure AWS, Hyperforce	Category External Security Assessments
Name International Transfers of EU Personal Data to Salesforce's Services FAQ	Updated On 2020-07-16	Infrastructure First party, AWS, Hyperforce	Category U.S. Data Privacy Framework (DPF)
Name APEC Processor Seal - Salesforce	Updated On 2020-07-10	Infrastructure First party, Hyperforce	Category APEC Certification for Processors and Controllers