Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce Government Cloud Plus

Please note that some documents listed below are specific to FedRAMP-authorized environments and therefore cannot be downloaded directly from this site. If you click on the document links you will see that these documents are marked accordingly and are only accessible through our Public Sector Compliance Portal. See the instructions below for access to those documents. For Federal Agencies:
  1. Download and Complete the FedRAMP Package Access Request Form: Access the form here: https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf.
  2. Submit the Completed Form: Email the completed form to the email address, package-access@fedramp.gov, shown on the form. You must have a .gov or .mil email address to access a FedRAMP Security Package.
  3. Wait for Notification: Once the FedRAMP Program Management Office (PMO) reviews and processes your request, Salesforce will receive a notification.
  4. Granting Access: Upon receiving the notification from the FedRAMP PMO, Salesforce will grant you access to the Public Sector Document Portal.
For State, Local, Quasi-Governmental Agencies and Implementation Partners:
  1. Contact Your Account Executive: Reach out to your designated Account Executive to request access to the security documentation.
  2. Granting Access: Once your access is reviewed and approved, Salesforce will grant you access to the Public Sector Document Portal.

Applicable documents by category

NameUpdated OnInfrastructureCategory
SOC 1 Bridge (Gap) Letter - Salesforce Services & Corporate Services 2025-02-04 First party, AWS SOC 1
ISO 9001:2015 - Salesforce, Inc. 2025-01-31 First party Other Reports and Certificates
Salesforce Hyperforce Infrastructure and Platform Security White Paper (JP) 2025-01-31 Hyperforce FAQ's and White Papers
ISO Statement of Applicability (English) 2025-01-28 First party, AWS, Hyperforce ISO 27001
ISO Statement of Applicability (French) 2025-01-28 First party, AWS, Hyperforce ISO 27001
Vulnerability Management and Response Plan Summary 2025-01-02 First party, AWS, Hyperforce FAQ's and White Papers
ISO/IEC 27001:2022 Certificate 2024-12-20 First party, AWS, Hyperforce ISO 27001
ISO/IEC 27017:2015 Certificate 2024-12-20 First party, AWS, Hyperforce ISO 27017
ISO/IEC 27018:2019 Certificate 2024-12-20 First party, AWS, Hyperforce ISO 27018
Customer Guide for Incident Notification 2024-12-12 First party, AWS, Hyperforce FAQ's and White Papers
SOC 1 Report - Corporate Services 2024-12-09 First party, AWS, Hyperforce SOC 1
SOC 2 Report - Corporate Services 2024-12-09 First party, AWS, Hyperforce SOC 2
Salesforce Hyperforce Infrastructure and Platform Security White Paper (EN) 2024-11-30 Hyperforce FAQ's and White Papers
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud 2024-11-19 First party, AWS, Hyperforce HIPAA
Salesforce Security (Incident) Response Plan 2024-09-05 First party, AWS, Hyperforce FAQ's and White Papers
GDPR - Data Protection Impact Assessments & Salesforce Services 2024-08-14 First party, AWS, Hyperforce GDPR
DoD IL4 - Salesforce Government Cloud Plus (Hyperforce) 2024-08-08 Hyperforce DoD IL4
UK Cyber Essentials Plus Certificate 2024-07-24 First party, AWS, Hyperforce Other Reports and Certificates
Salesforce Health & Safety Policy 2024-06-26 First party, AWS, Hyperforce, Azure, GCP Resilience, BCP & DR
FedRAMP - Salesforce Government Cloud Plus (High) 2024-03-14 AWS FedRAMP High
US Dept. of Defense Cybersecurity Maturity Model (CMMC) & Salesforce Whitepaper 2024-03-14 First party, AWS FAQ's and White Papers
CJIS - Salesforce Government Cloud Plus 2023-11-17 AWS CJIS
TX-RAMP - Salesforce Government Cloud Plus 2023-11-17 AWS TX-RAMP
DoD IL2 - Salesforce Government Cloud Plus 2023-07-27 AWS DoD IL2
SOC 1 Report - Government Cloud Plus 2022-12-19 AWS SOC 1
SOC 2 Report - Government Cloud Plus 2022-12-19 AWS SOC 2
SOC 3 Report - Government Cloud Plus 2022-12-19 AWS SOC 3
HITRUST Certificate - Government Cloud Plus 2022-12-05 AWS HITRUST
Salesforce Security (Incident) Response Plan (JP) 2022-10-04 First party, AWS, Hyperforce FAQ's and White Papers
NIST SP 800-171 Attestation Letter - Government Cloud Plus 2022-05-17 AWS NIST SP 800-171
SOC 1 Bridge (Gap) Letter - Government Cloud Plus 2022-04-01 AWS SOC 1
IRS 1075 Attestation Letter - Government Cloud Plus 2021-02-02 AWS Other Reports and Certificates
PCI Attestation of Compliance (AoC) - Government Cloud Plus 2021-02-01 AWS, Hyperforce PCI DSS
International Transfers of EU Personal Data to Salesforce's Services FAQ 2020-07-16 First party, AWS, Hyperforce U.S. Data Privacy Framework (DPF)