Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce Services and Additional Services

Applicable to the services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Relationship Intelligence, Emergency Program Management, Employee Productivity, Experience Cloud (formerly Community Cloud), Financial Services Cloud, Health Cloud, IoT Explorer (including IoT Plus), Intelligent Form Reader, IT Service Center - IT Agent, Lightning Platform (including Force.com and Salesforce Connect), Loyalty Cloud, Manufacturing Cloud, Messaging, Privacy Center, Public Sector Solutions, Sales Cloud, Service Cloud (including Field Services managed package), Salesforce Private Connect, Salesforce CPQ and Salesforce Billing, Salesforce Maps, Salesforce Order Management, Service Cloud, Service Cloud Voice, Shift Management, Site.com, Sustainability Cloud, CRM Analytics (formerly Tableau CRM) (including Einstein Discovery and Salesforce Data Pipelines), WDC, Workplace Command Center. Also applicable to the Salesforce.org LLC ("Salesforce.org") services branded as Accounting Subledger, Admissions Connect, foundationConnect (provisioned on or after August 19, 2019), Grants Management, Nonprofit Cloud Case Management, Salesforce.org Insights Platform: Data Integrity, Student Success Hub (formerly Salesforce Advisor Link)

Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations.

Applicable documents by certification

Sort by: Document	Sort by: Last Updated	Infrastructure	Sort by: Certification
ASIP Santé HDS Certificate	2023-02-06	First party, AWS, Hyperforce	ASIP Santé HDS
ISO 27001:2013 Certificate	2023-02-06	First party, AWS, Hyperforce	ISO 27001
ISO 27017:2015 Certificate	2023-02-06	First party, AWS, Hyperforce	ISO 27017
ISO 27018:2019 Certificate	2023-02-06	First party, AWS, Hyperforce	ISO 27018
ISO Statement of Applicability - v3.2 (English)	2023-02-06	First party, AWS, Hyperforce	ISO 27001
ISO Statement of Applicability - V3.2 (French)	2023-02-06	First party, AWS, Hyperforce	ISO 27001
NEN 7510-1:2017 Certificate	2023-02-06	First party, AWS, Hyperforce	NEN 7510
Salesforce Services on Hyperforce ACSC Essential Eight Maturity report	2023-02-05	Hyperforce	IRAP
SOC 1 Bridge (Gap) Letter - Corporate & Salesforce Services	2023-01-31	First party, AWS	SOC 1
SOC 2 Report - Amazon Web Services (AWS)	2023-01-20	AWS, Hyperforce	SOC 2
SOC 1 Bridge (Gap) Letter - Salesforce Services on Hyperforce	2023-01-06	Hyperforce	SOC 1
C5 (ISAE 3000) Report - Salesforce Services	2022-12-22	First party, AWS	C5 (ISAE 3000)
HITRUST Certificate - Salesforce Services	2022-12-22	First party, AWS	HITRUST
ASP/SaaS Certificate (Japan)	2022-12-21	First party, Hyperforce	ASP/SaaS
Salesforce Binding Corporate Rules	2022-12-20	First party, AWS, Hyperforce	Salesforce BCRs
SOC 1 Report - Salesforce Services	2022-12-20	First party, AWS	SOC 1
SOC 2 Report - Salesforce Services	2022-12-20	First party, AWS	SOC 2
SOC 3 Report - Salesforce Services	2022-12-20	First party, AWS	SOC 3
HITRUST Certificate - Salesforce Services on Hyperforce	2022-12-15	Hyperforce	HITRUST
Salesforce Vulnerability Management Program Overview	2022-12-12	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Vulnerability/Penetration Report Summary - Field Service Lightning (Andr./iOS)	2022-12-07	First party	External Security Assessments
SOC 1 Report - Corporate Services	2022-12-05	First party, AWS, Hyperforce	SOC 1
SOC 2 Report - Corporate Services	2022-12-05	First party, AWS, Hyperforce	SOC 2
C5 (ISAE 3000) Report - Salesforce Services on Hyperforce	2022-12-01	Hyperforce	C5 (ISAE 3000)
Vulnerability/Penetration Report Summary - Mobile Shield (Andr./iOS)	2022-11-22	First party	External Security Assessments
SOC 1 Report - Salesforce Services on Hyperforce	2022-11-21	Hyperforce	SOC 1
SOC 2 Report - Salesforce Services on Hyperforce	2022-11-21	Hyperforce	SOC 2
SOC 3 Report - Salesforce Services on Hyperforce	2022-11-21	Hyperforce	SOC 3
Salesforce Services First Party Storage Encryption Summary	2022-11-14	First party	Standard Questionnaires, FAQ's and Whitepapers
IRAP Assessment Report - Salesforce Services on Hyperforce AU [PROTECTED]	2022-11-10	Hyperforce	IRAP
Salesforce Services AWS and Japan DC IRAP Addendum Letter June 2022	2022-11-10	First party, AWS	IRAP
Salesforce Services on Hyperforce IRAP Addendum Letter June 2022	2022-11-10	Hyperforce	IRAP
IRAP Assessment Report - Salesforce Services on AWS and Japan DC	2022-11-09	First party, AWS	IRAP
Network Vulnerability Assessment - Core	2022-11-07	First party, AWS	PCI DSS
DR/BCP Summary - Salesforce Services	2022-11-02	First party, AWS	Disaster Recovery & BCP
Network Vulnerability Assessment - Salesforce.org Payment Services	2022-11-01	AWS	PCI DSS
Salesforce Security (Incident) Response Plan	2022-11-01	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Network Vulnerability Assessment - Hyperforce AMER (Canada)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce AMER (US East 1)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce AMER (US West 1)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce APAC (North East - Japan)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce APAC (North East - S. Korea)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce APAC (South East - Australia)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce APAC (South East - Singapore)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce APAC (South - India)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce EMEA (France)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce EMEA (Germany)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce EMEA (UK)	2022-10-31	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce LACA (Brazil)	2022-10-31	Hyperforce	PCI DSS
Customer Guide for Incident Notification	2022-10-07	First party, AWS	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Enterprise Security Overview (Japanese)	2022-10-04	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Security (Incident) Response Plan (Japanese)	2022-10-04	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Third Party Risk Management Overview	2022-09-29	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Vulnerability/Penetration Report Summary - Salesforce Services	2022-09-27	First party, AWS, Hyperforce	External Security Assessments
Vulnerability/Penetration Report Summary - CRM Analytics (fka Tableau CRM)	2022-09-19	First party	External Security Assessments
Vulnerability/Penetration Report Summary - Messaging (LiveMessage)	2022-09-19	AWS	External Security Assessments
DR Testing (Site Switching) Summary	2022-08-31	First party, AWS	Disaster Recovery & BCP
ACSC Essential Eight Maturity Report - Salesforce Services on AWS and Japan DC	2022-08-17	First party, AWS	IRAP
IRAP Engagement Letter - Salesforce Services on AWS and Japan DC	2022-08-17	First party, AWS	IRAP
PCI Attestation of Compliance (AoC) - Salesforce.org Payment Services	2022-08-08	AWS	PCI DSS
PCI Responsibility Matrix - Salesforce.org Payment Services	2022-08-08	AWS	PCI DSS
UK Cyber Essentials Plus Certificate	2022-08-08	First party, AWS, Hyperforce	UK Cyber Essentials Plus
Security Perspective on the Shared Responsibility Model (Japanese)	2022-08-02	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
SOC 2 Report - Field Service	2022-07-29	AWS	SOC 2
SOC 3 Report - Field Service	2022-07-29	AWS	SOC 3
FISC Security Guidelines (Japan) - Salesforce Services	2022-07-21	First party	Standard Questionnaires, FAQ's and Whitepapers
EU Cloud Code of Conduct (Salesforce Services)	2022-07-20	First party	EU Cloud Code of Conduct
EU Cloud Code of Conduct (Salesforce Services on Hyperforce)	2022-07-20	Hyperforce	EU Cloud Code of Conduct
PCI Attestation of Compliance (AoC) - Salesforce Services	2022-07-20	First party, AWS	PCI DSS
PCI Responsibility Matrix - Salesforce Services	2022-07-20	First party, AWS	PCI DSS
SOC 2 Report - Salesforce Maps	2022-07-20	AWS	SOC 2
SOC 3 Report - Salesforce Maps	2022-07-20	AWS	SOC 3
ISMAP Cloud Service List (Salesforce Services on Hyperforce)	2022-07-12	Hyperforce	ISMAP
Salesforce Services IRAP Customer Configuration Guide [PROTECTED]	2022-06-05	Hyperforce	IRAP
TISAX Assessment Results	2022-05-30	First party, AWS, Hyperforce	TISAX
UK NHS Data Security and Protection Toolkit (DSPT)	2022-05-19	First party, Hyperforce	NHS DSPT
Vulnerability/Penetration Report Summary - Tableau CRM Mobile (Andr./iOS)	2022-05-11	First party	External Security Assessments
DR/BCP Summary - Salesforce Services on Hyperforce	2022-05-02	Hyperforce	Disaster Recovery & BCP
Vulnerability/Penetration Report Summary - Salesforce Maps	2022-04-26	First party, AWS	External Security Assessments
UK Cloud Security Principles	2022-04-19	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Enterprise Security Overview	2022-03-11	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Security Perspective on the Shared Responsibility Model	2022-03-10	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Meeting Belgium Government Security Requirements	2022-03-07	First party, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Spain Esquema Nacional de Seguridad (ENS) High (Hyperforce)	2022-03-03	Hyperforce	Spain Esquema Nacional de Seguridad (ENS)
PCI Responsibility Matrix - Salesforce Services on Hyperforce	2022-03-02	Hyperforce	PCI DSS
PCI Attestation of Compliance (AoC) - Salesforce Services on Hyperforce	2022-03-01	Hyperforce	PCI DSS
Vulnerability/Penetration Report Summary - Salesforce Mobile (Andr./iOS)	2022-02-15	First party	External Security Assessments
Vulnerability/Penetration Report Summary - Salesforce Authenticator (Andr./iOS)	2022-02-14	First party	External Security Assessments
CSA CAIQ - Salesforce Services	2022-01-10	First party, AWS	CSA STAR
Computerized System Validation Guideline (Japan)	2021-12-02	First party	Standard Questionnaires, FAQ's and Whitepapers
IRAP Engagement letter - Salesforce Services on Hyperforce AU [PROTECTED]	2021-11-09	Hyperforce	IRAP
Vulnerability/Penetration Report Summary - Salesforce Services Data Mask Add-on	2021-10-06	First party, AWS	External Security Assessments
Vulnerability Management and Response Plan Summary	2021-09-27	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Spain Esquema Nacional de Seguridad (ENS) High	2021-09-20	First party	Spain Esquema Nacional de Seguridad (ENS)
Salesforce Security Tips for Guest User Access Controls (Japan)	2021-09-16	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
CSA STAR Registry - Salesforce Services	2021-09-07	First party	CSA STAR
Medical Information System Security Management Guideline (Japan)	2021-08-05	First party	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Services SWIPO Data Portability Transparency Statement	2021-07-27	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Ransomware Mitigation Summary	2021-07-12	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Security Tips for Guest User Access Controls	2021-06-17	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
ISMAP Cloud Service List (Salesforce Services)	2021-06-02	First party	ISMAP
Salesforce Secure Development Lifecycle Overview	2021-05-25	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Vulnerability/Penetration Report Summary - Salesforce Maps Mobile (Andr./iOS)	2021-05-25	First party, AWS	External Security Assessments
SOC 2 Report (Type 1) - Workplace Command Center and Employee Wellness Check	2021-01-22	First party	SOC 2
BCP Summary	2020-12-08	First party, AWS, Hyperforce	Disaster Recovery & BCP
IRAP Customer Configuration User Guide Health Check [Official]	2020-08-04	First party, AWS	IRAP
IRAP Customer Configuration User Guide [Official]	2020-08-04	First party, AWS	IRAP
Security and Compliance Best Practices and FAQ - Work.com	2020-07-30	First party, AWS	Standard Questionnaires, FAQ's and Whitepapers
International Transfers of EU Personal Data to Salesforce's Services FAQ	2020-07-16	First party, AWS, Hyperforce	Privacy Shield
APEC Processor Seal - Salesforce	2020-07-10	First party, Hyperforce	APEC Certification for Processors and Controllers
SOC 2 Report (Type 1) - Salesforce.org	2020-04-30	First party, AWS	SOC 2
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	2019-11-01	First party, AWS, Hyperforce	HIPAA
NISC Common Standards for Government Agencies (Japan)	2019-08-08	First party	Standard Questionnaires, FAQ's and Whitepapers
Certified Statement of CS Gold Mark (Japan)	2018-09-26	First party	CS Gold Mark
Financial Services Cloud Resources	N/A	First party, AWS, Hyperforce	Financial Services Compliance
GDPR - Data Protection Impact Assessments & Salesforce Services	N/A	First party, AWS, Hyperforce	GDPR
[Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	N/A	First party, AWS, Hyperforce	HIPAA

Salesforce Services and Additional Services

Applicable documents by certification

Additional Information

Trailhead

Trust | Compliance

Salesforce Services and Additional Services

Applicable documents by certification

Additional Information

Trailhead