Salesforce ComplianceSalesforce / Trust
Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce Government Cloud Plus

Please note that some documents listed below are specific to FedRAMP-authorized environments and therefore cannot be downloaded directly from this site. If you click on the document links you will see that these documents are marked accordingly and are only accessible through our Public Sector Compliance Portal. See the instructions below for access to those documents. For Federal Agencies:
  1. Download and Complete the FedRAMP Package Access Request Form: Access the form here: https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf.
  2. Submit the Completed Form: Email the completed form to the email address, package-access@fedramp.gov, shown on the form. You must have a .gov or .mil email address to access a FedRAMP Security Package.
  3. Wait for Notification: Once the FedRAMP Program Management Office (PMO) reviews and processes your request, Salesforce will receive a notification.
  4. Granting Access: Upon receiving the notification from the FedRAMP PMO, Salesforce will grant you access to the Public Sector Document Portal.
For State, Local, Quasi-Governmental Agencies and Implementation Partners:
  1. Contact Your Account Executive: Reach out to your designated Account Executive to request access to the security documentation.
  2. Granting Access: Once your access is reviewed and approved, Salesforce will grant you access to the Public Sector Document Portal.

Applicable documents by category

Name
SOC 1 Bridge (Gap) Letter - Salesforce Services & Corporate Services
Updated On
2024-10-01
Infrastructure
First party, AWS
Category
SOC 1
Name
Salesforce Security (Incident) Response Plan
Updated On
2024-09-05
Infrastructure
First party, AWS, Hyperforce
Category
FAQ's and White Papers
Name
GDPR - Data Protection Impact Assessments & Salesforce Services
Updated On
2024-08-14
Infrastructure
First party, AWS, Hyperforce
Category
GDPR
Name
ISO 27001:2013 Certificate
Updated On
2024-08-13
Infrastructure
First party, AWS, Hyperforce
Category
ISO 27001
Name
ISO 27017:2015 Certificate
Updated On
2024-08-13
Infrastructure
First party, AWS, Hyperforce
Category
ISO 27017
Name
ISO 27018:2019 Certificate
Updated On
2024-08-13
Infrastructure
First party, AWS, Hyperforce
Category
ISO 27018
Name
DoD IL4 - Salesforce Government Cloud Plus (Hyperforce)
Updated On
2024-08-08
Infrastructure
Hyperforce
Category
DoD IL4
Name
UK Cyber Essentials Plus Certificate
Updated On
2024-07-24
Infrastructure
First party, AWS, Hyperforce
Category
UK Cyber Essentials Plus
Name
Salesforce Health & Safety Policy
Updated On
2024-06-26
Infrastructure
First party, AWS, Hyperforce, Azure, GCP
Category
Disaster Recovery & BCP
Name
SOC 1 Report - Corporate Services
Updated On
2024-06-10
Infrastructure
First party, AWS, Hyperforce
Category
SOC 1
Name
SOC 2 Report - Corporate Services
Updated On
2024-06-10
Infrastructure
First party, AWS, Hyperforce
Category
SOC 2
Name
FedRAMP - Salesforce Government Cloud Plus (High)
Updated On
2024-03-14
Infrastructure
AWS
Category
FedRAMP High
Name
US Dept. of Defense Cybersecurity Maturity Model (CMMC) & Salesforce Whitepaper
Updated On
2024-03-14
Infrastructure
First party, AWS
Category
FAQ's and White Papers
Name
ISO Statement of Applicability - v3.4 (English)
Updated On
2024-02-15
Infrastructure
First party, AWS, Hyperforce
Category
ISO 27001
Name
ISO Statement of Applicability - v3.4 (French)
Updated On
2024-02-15
Infrastructure
First party, AWS, Hyperforce
Category
ISO 27001
Name
CJIS - Salesforce Government Cloud Plus
Updated On
2023-11-17
Infrastructure
AWS
Category
CJIS
Name
TX-RAMP - Salesforce Government Cloud Plus
Updated On
2023-11-17
Infrastructure
AWS
Category
TX-RAMP
Name
Salesforce Hyperforce Infrastructure and Platform Security White Paper
Updated On
2023-09-29
Infrastructure
Hyperforce
Category
FAQ's and White Papers
Name
DoD IL2 - Salesforce Government Cloud Plus
Updated On
2023-07-27
Infrastructure
AWS
Category
DoD IL2
Name
SOC 1 Report - Government Cloud Plus
Updated On
2022-12-19
Infrastructure
AWS
Category
SOC 1
Name
SOC 2 Report - Government Cloud Plus
Updated On
2022-12-19
Infrastructure
AWS
Category
SOC 2
Name
SOC 3 Report - Government Cloud Plus
Updated On
2022-12-19
Infrastructure
AWS
Category
SOC 3
Name
HITRUST Certificate - Government Cloud Plus
Updated On
2022-12-05
Infrastructure
AWS
Category
HITRUST
Name
Customer Guide for Incident Notification
Updated On
2022-10-07
Infrastructure
First party, AWS
Category
FAQ's and White Papers
Name
Salesforce Security (Incident) Response Plan (JP)
Updated On
2022-10-04
Infrastructure
First party, AWS, Hyperforce
Category
FAQ's and White Papers
Name
NIST SP 800-171 Attestation Letter - Government Cloud Plus
Updated On
2022-05-17
Infrastructure
AWS
Category
NIST SP 800-171
Name
SOC 1 Bridge (Gap) Letter - Government Cloud Plus
Updated On
2022-04-01
Infrastructure
AWS
Category
SOC 1
Name
Vulnerability Management and Response Plan Summary
Updated On
2021-09-27
Infrastructure
First party, AWS, Hyperforce
Category
FAQ's and White Papers
Name
IRS 1075 Attestation Letter - Government Cloud Plus
Updated On
2021-02-02
Infrastructure
AWS
Category
IRS 1075
Name
PCI Attestation of Compliance (AoC) - Government Cloud Plus
Updated On
2021-02-01
Infrastructure
AWS, Hyperforce
Category
PCI DSS
Name
International Transfers of EU Personal Data to Salesforce's Services FAQ
Updated On
2020-07-16
Infrastructure
First party, AWS, Hyperforce
Category
U.S. Data Privacy Framework (DPF)
Name
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud
Updated On
2019-11-01
Infrastructure
First party, AWS, Hyperforce
Category
HIPAA
Name
[Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud
Updated On
2019-01-16
Infrastructure
First party, AWS, Hyperforce
Category
HIPAA