Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Heroku

Applicable to the services branded as Heroku.

Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations.

Applicable documents by certification

Sort by: Document	Sort by: Last Updated	Infrastructure	Sort by: Certification
Salesforce Binding Corporate Rules	2023-03-14	First party, AWS, Hyperforce	Salesforce BCRs
ISO Statement of Applicability - v3.2 (English)	2023-02-07	First party, AWS, Hyperforce	ISO 27001
ISO Statement of Applicability - V3.2 (French)	2023-02-07	First party, AWS, Hyperforce	ISO 27001
ASIP Santé HDS Certificate	2023-02-06	First party, AWS, Hyperforce	ASIP Santé HDS
ISO 27001:2013 Certificate	2023-02-06	First party, AWS, Hyperforce	ISO 27001
ISO 27017:2015 Certificate	2023-02-06	First party, AWS, Hyperforce	ISO 27017
ISO 27018:2019 Certificate	2023-02-06	First party, AWS, Hyperforce	ISO 27018
NEN 7510-1:2017 Certificate	2023-02-06	First party, AWS, Hyperforce	NEN 7510
SOC 2 Report - Amazon Web Services (AWS)	2023-01-20	AWS, Hyperforce	SOC 2
SOC 1 Bridge (Gap) Letter - Heroku	2023-01-06	AWS	SOC 1
SOC 1 Report - Heroku	2022-12-22	AWS	SOC 1
SOC 2 Report - Heroku	2022-12-22	AWS	SOC 2
SOC 3 Report - Heroku	2022-12-22	AWS	SOC 3
Salesforce Vulnerability Management Program Overview	2022-12-12	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
SOC 1 Report - Corporate Services	2022-12-05	First party, AWS, Hyperforce	SOC 1
SOC 2 Report - Corporate Services	2022-12-05	First party, AWS, Hyperforce	SOC 2
Salesforce Security (Incident) Response Plan	2022-11-01	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Vulnerability/Penetration Report Summary - Heroku	2022-11-01	AWS	External Security Assessments
Salesforce Security (Incident) Response Plan (Japanese)	2022-10-04	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Third Party Risk Management Overview	2022-09-29	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
UK Cyber Essentials Plus Certificate	2022-08-08	First party, AWS, Hyperforce	UK Cyber Essentials Plus
PCI Attestation of Compliance (AoC) - Heroku	2022-08-05	AWS	PCI DSS
PCI Responsibility Matrix - Heroku	2022-08-05	AWS	PCI DSS
CSA CAIQ - Heroku	2022-02-03	AWS	CSA STAR
PCI ASV Network Scan - Heroku	2022-01-11	AWS	PCI DSS
Vulnerability Management and Response Plan Summary	2021-09-27	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
ISMAP Cloud Service List (Heroku)	2021-06-02	AWS	ISMAP
Salesforce Secure Development Lifecycle Overview	2021-05-25	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
International Transfers of EU Personal Data to Salesforce's Services FAQ	2020-07-16	First party, AWS, Hyperforce	Privacy Shield
APEC Processor Seal - Salesforce	2020-07-10	First party, Hyperforce	APEC Certification for Processors and Controllers
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	2019-11-01	First party, AWS, Hyperforce	HIPAA
GDPR - Data Protection Impact Assessments & Salesforce Services	N/A	First party, AWS, Hyperforce	GDPR
[Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	N/A	First party, AWS, Hyperforce	HIPAA

Heroku

Applicable documents by certification

Additional Information

Trailhead

Trust | Compliance

Heroku

Applicable documents by certification

Additional Information

Trailhead