Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

B2C Commerce / Commerce Cloud

Applicable to the services branded as B2C Commerce/Commerce Cloud, Einstein Predictive Sort.

Applicable documents by category

NameUpdated OnInfrastructureCategory
Salesforce Ransomware Mitigation Summary 2025-02-10 First party, AWS, Hyperforce FAQ's and White Papers
Vulnerability/Penetration Report Summary - B2C Mobify 2025-02-05 AWS External Security Assessments
ISO 9001:2015 - Salesforce, Inc. 2025-01-31 First party Other Reports and Certificates
Salesforce Data Cloud Security White Paper (JP) 2025-01-31 Hyperforce FAQ's and White Papers
Salesforce Enterprise Resilience/BCP Summary 2025-01-29 First party, AWS, Hyperforce Resilience, BCP & DR
Digital Operational Resilience Act (DORA) Frequently Asked Questions 2025-01-28 First party, AWS, Hyperforce Digital Operational Resilience Act (DORA)
Digital Operational Resilience Act (‘DORA’) Mapping 2025-01-28 First party, AWS, Hyperforce Digital Operational Resilience Act (DORA)
ISO Statement of Applicability (English) 2025-01-28 First party, AWS, Hyperforce ISO 27001
ISO Statement of Applicability (French) 2025-01-28 First party, AWS, Hyperforce ISO 27001
Salesforce Agentforce & Einstein Generative AI Security White Paper (EN) 2025-01-26 Hyperforce FAQ's and White Papers
Spain ENS High - Corporate Services 2025-01-21 First party Spain Esquema Nacional de Seguridad (ENS)
SOC 1 Bridge (Gap) Letter - Commerce Cloud 2025-01-06 First party SOC 1
Salesforce Third Party Risk Management Overview 2025-01-02 First party, AWS, Hyperforce FAQ's and White Papers
Vulnerability Management and Response Plan Summary 2025-01-02 First party, AWS, Hyperforce FAQ's and White Papers
HDS Certificate 2024-12-20 First party, AWS, Hyperforce Other Reports and Certificates
ISO/IEC 27001:2022 Certificate 2024-12-20 First party, AWS, Hyperforce ISO 27001
ISO/IEC 27017:2015 Certificate 2024-12-20 First party, AWS, Hyperforce ISO 27017
ISO/IEC 27018:2019 Certificate 2024-12-20 First party, AWS, Hyperforce ISO 27018
NEN 7510-1:2017 Certificate 2024-12-20 First party, AWS, Hyperforce NEN 7510
SOC 1 Report - Commerce Cloud 2024-12-13 First party SOC 1
SOC 2 Report - Commerce Cloud 2024-12-13 First party SOC 2
SOC 3 Report - Commerce Cloud 2024-12-13 First party SOC 3
SOC 1 Report - Corporate Services 2024-12-09 First party, AWS, Hyperforce SOC 1
SOC 2 Report - Corporate Services 2024-12-09 First party, AWS, Hyperforce SOC 2
Salesforce Secure Development Lifecycle Overview 2024-12-05 First party, AWS, Hyperforce FAQ's and White Papers
Salesforce Data Cloud Security White Paper (EN) 2024-11-30 Hyperforce FAQ's and White Papers
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud 2024-11-19 First party, AWS, Hyperforce HIPAA
PCI Attestation of Compliance (AoC) - Commerce Cloud on Hyperforce 2024-09-09 Hyperforce PCI DSS
PCI Responsibility Matrix - Commerce Cloud on Hyperforce 2024-09-09 Hyperforce PCI DSS
Salesforce Security (Incident) Response Plan 2024-09-05 First party, AWS, Hyperforce FAQ's and White Papers
GDPR - Data Protection Impact Assessments & Salesforce Services 2024-08-14 First party, AWS, Hyperforce GDPR
HITRUST Certificate - Salesforce Services on Hyperforce 2024-08-07 Hyperforce HITRUST
Vulnerability/Penetration Report Summary - B2C Business Manager + OCAPI + SFRA 2024-08-01 First party, AWS External Security Assessments
UK Cyber Essentials Plus Certificate 2024-07-24 First party, AWS, Hyperforce Other Reports and Certificates
DR/BCP Summary - Commerce Cloud 2024-07-23 First party Resilience, BCP & DR
PCI Attestation of Compliance (AoC) - Commerce Cloud on 1P 2024-07-16 First party PCI DSS
PCI Responsibility Matrix - Commerce Cloud on 1P 2024-07-16 First party PCI DSS
Salesforce EU Processor Binding Corporate Rules 2024-07-01 First party, AWS, Hyperforce Salesforce BCRs
Salesforce UK Processor Binding Corporate Rules 2024-07-01 First party, AWS, Hyperforce Salesforce BCRs
Salesforce Health & Safety Policy 2024-06-26 First party, AWS, Hyperforce, Azure, GCP Resilience, BCP & DR
Vulnerability/Penetration Report Summary - B2C Einstein, Reports and Dashboard 2024-06-24 First party External Security Assessments
TX-RAMP - Commerce Cloud Digital, CC Einstein, Commerce Cloud Managed 2024-06-20 AWS TX-RAMP
Einstein GPT Security White Paper (JP) 2023-09-29 Hyperforce FAQ's and White Papers
Security Perspective on the Shared Responsibility Model 2023-07-24 First party, AWS, Hyperforce FAQ's and White Papers
Data Privacy Framework (DPF) Registration 2023-07-17 First party, AWS, Hyperforce U.S. Data Privacy Framework (DPF)
Salesforce Distributed Denial of Service (DDoS) Risk Mitigation Overview 2023-06-12 First party, AWS FAQ's and White Papers
Salesforce Vulnerability Management Program Overview 2022-12-12 First party, AWS, Hyperforce FAQ's and White Papers
Vulnerability/Penetration Report Summary - Commerce Cloud Order Management + OCI 2022-11-08 First party External Security Assessments
Salesforce Security (Incident) Response Plan (JP) 2022-10-04 First party, AWS, Hyperforce FAQ's and White Papers
Security Perspective on the Shared Responsibility Model (JP) 2022-08-02 First party, AWS, Hyperforce FAQ's and White Papers
Vulnerability/Penetration Report Summary - 1CB2C (One Commerce) 2022-07-12 First party External Security Assessments
SOC 2 Report - Mobify (Commerce Cloud Managed Runtime) 2022-01-18 First party SOC 2
Vulnerability/Penetration Report Summary - Omni Channel Inventory 2021-09-01 AWS, Hyperforce External Security Assessments
International Transfers of EU Personal Data to Salesforce's Services FAQ 2020-07-16 First party, AWS, Hyperforce U.S. Data Privacy Framework (DPF)
APEC Processor Seal - Salesforce 2020-07-10 First party, Hyperforce APEC Certification for Processors and Controllers