Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce Services and Additional Services

Applicable to the services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Relationship Intelligence, Emergency Program Management, Employee Productivity, Experience Cloud (formerly Community Cloud), Financial Services Cloud, Health Cloud, IoT Explorer (including IoT Plus), Intelligent Form Reader, IT Service Center - IT Agent, Lightning Platform (including Force.com and Salesforce Connect), Loyalty Cloud, Manufacturing Cloud, Messaging, Privacy Center, Public Sector Solutions, Sales Cloud, Service Cloud (including Field Services managed package), Salesforce Private Connect, Salesforce CPQ and Salesforce Billing, Salesforce Maps, Salesforce Order Management, Service Cloud, Service Cloud Voice, Shift Management, Site.com, Net Zero Cloud (formerly Sustainability Cloud), CRM Analytics (formerly Tableau CRM) (including Einstein Discovery and Salesforce Data Pipelines), WDC, Workplace Command Center. Also applicable to the Salesforce.org LLC ("Salesforce.org") services branded as Accounting Subledger, Admissions Connect, foundationConnect (provisioned on or after August 19, 2019), Grants Management, Nonprofit Cloud Case Management, Salesforce.org Insights Platform: Data Integrity, Student Success Hub (formerly Salesforce Advisor Link)

Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations.

Applicable documents by category

Filter this list

Sort by Updated On
Name DR Test Summary - Salesforce Services on Hyperforce	Updated On 2023-05-31	Infrastructure Hyperforce	Category Disaster Recovery & BCP
Name DR Testing (Site Switching) Summary	Updated On 2023-05-23	Infrastructure First party, AWS	Category Disaster Recovery & BCP
Name Salesforce Services Hyperforce Storage Encryption Summary	Updated On 2023-05-23	Infrastructure AWS, Hyperforce	Category FAQ's and White Papers
Name FISC Security Guidelines (Japan) - Salesforce Services	Updated On 2023-05-17	Infrastructure First party	Category FAQ's and White Papers
Name Salesforce Distributed Denial of Service (DDoS) Risk Mitigation Overview	Updated On 2023-05-17	Infrastructure First party, AWS	Category FAQ's and White Papers
Name Salesforce Services on Hyperforce IRAP Addendum Letter September 2022	Updated On 2023-05-03	Infrastructure Hyperforce	Category IRAP
Name Salesforce Services AWS and Japan DC IRAP Addendum Letter March 2023	Updated On 2023-04-16	Infrastructure First party, AWS	Category IRAP
Name Salesforce Ransomware Mitigation Summary	Updated On 2023-04-13	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce UK Processor Binding Corporate Rules	Updated On 2023-04-11	Infrastructure First party, AWS, Hyperforce	Category Salesforce BCRs
Name Vulnerability/Penetration Report Summary - Salesforce Services	Updated On 2023-04-11	Infrastructure First party, AWS, Hyperforce	Category External Security Assessments
Name SOC 1 Bridge (Gap) Letter - Corporate & Salesforce Services	Updated On 2023-03-31	Infrastructure First party, AWS	Category SOC 1
Name SOC 1 Bridge (Gap) Letter - Salesforce Services on Hyperforce	Updated On 2023-03-31	Infrastructure Hyperforce	Category SOC 1
Name C5 (ISAE 3000) Report - Salesforce Services on Hyperforce	Updated On 2023-03-30	Infrastructure Hyperforce	Category C5 (ISAE 3000)
Name SOC 1 Report - Salesforce Services on Hyperforce	Updated On 2023-03-23	Infrastructure Hyperforce	Category SOC 1
Name SOC 2 Report - Salesforce Services on Hyperforce	Updated On 2023-03-23	Infrastructure Hyperforce	Category SOC 2
Name SOC 3 Report - Salesforce Services on Hyperforce	Updated On 2023-03-23	Infrastructure Hyperforce	Category SOC 3
Name CyberGRX Assessment	Updated On 2023-03-16	Infrastructure First party	Category CyberGRX
Name Salesforce EU Processor Binding Corporate Rules	Updated On 2023-03-14	Infrastructure First party, AWS, Hyperforce	Category Salesforce BCRs
Name PCI ASV Network Scan - Hyperforce Canada (CA Central 1)	Updated On 2023-03-10	Infrastructure Hyperforce	Category PCI DSS
Name APEC Controller Certification - Salesforce	Updated On 2023-03-07	Infrastructure First party, Hyperforce	Category APEC Certification for Processors and Controllers
Name Vulnerability/Penetration Report Summary - Salesforce Mobile (Andr./iOS)	Updated On 2023-03-07	Infrastructure First party	Category External Security Assessments
Name PCI Attestation of Compliance (AoC) - Salesforce Services on Hyperforce	Updated On 2023-02-24	Infrastructure Hyperforce	Category PCI DSS
Name PCI Responsibility Matrix - Salesforce Services on Hyperforce	Updated On 2023-02-24	Infrastructure Hyperforce	Category PCI DSS
Name Canadian Center for CyberSecurity Summary Report - Hyperforce Services	Updated On 2023-02-17	Infrastructure Hyperforce	Category CCCS Assessment
Name Canadian Center for CyberSecurity Summary Report - Salesforce Services	Updated On 2023-02-17	Infrastructure AWS	Category CCCS Assessment
Name Salesforce Services 21 C.F.R. PART 11 FAQ Overview	Updated On 2023-02-17	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Vulnerability/Penetration Report Summary - Salesforce Maps	Updated On 2023-02-15	Infrastructure First party, AWS	Category External Security Assessments
Name Vulnerability/Penetration Report Summary - Salesforce Slack	Updated On 2023-02-13	Infrastructure AWS	Category External Security Assessments
Name ISO Statement of Applicability - v3.2 (English)	Updated On 2023-02-07	Infrastructure First party, AWS, Hyperforce	Category ISO 27001
Name ISO Statement of Applicability - V3.2 (French)	Updated On 2023-02-07	Infrastructure First party, AWS, Hyperforce	Category ISO 27001
Name PCI ASV Network Scan - Hyperforce AMER (US East 1)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce APAC (North East - S. Korea)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce APAC (South East - Australia)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce APAC (South East - Singapore)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce APAC (South - India)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce EMEA (France)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce EMEA (Germany)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce EMEA (UK)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce LACA (Brazil)	Updated On 2023-02-07	Infrastructure Hyperforce	Category PCI DSS
Name ASIP Santé HDS Certificate	Updated On 2023-02-06	Infrastructure First party, AWS, Hyperforce	Category ASIP Santé HDS
Name ISO 27001:2013 Certificate	Updated On 2023-02-06	Infrastructure First party, AWS, Hyperforce	Category ISO 27001
Name ISO 27017:2015 Certificate	Updated On 2023-02-06	Infrastructure First party, AWS, Hyperforce	Category ISO 27017
Name ISO 27018:2019 Certificate	Updated On 2023-02-06	Infrastructure First party, AWS, Hyperforce	Category ISO 27018
Name NEN 7510-1:2017 Certificate	Updated On 2023-02-06	Infrastructure First party, AWS, Hyperforce	Category NEN 7510
Name Salesforce Services on Hyperforce ACSC Essential Eight Maturity report	Updated On 2023-02-05	Infrastructure Hyperforce	Category IRAP
Name SOC 2 Report - Amazon Web Services (AWS)	Updated On 2023-01-20	Infrastructure AWS, Hyperforce	Category SOC 2
Name C5 (ISAE 3000) Report - Salesforce Services	Updated On 2022-12-22	Infrastructure First party, AWS	Category C5 (ISAE 3000)
Name HITRUST Certificate - Salesforce Services	Updated On 2022-12-22	Infrastructure First party, AWS	Category HITRUST
Name ASP/SaaS Certificate (Japan)	Updated On 2022-12-21	Infrastructure First party, Hyperforce	Category ASP/SaaS
Name SOC 1 Report - Salesforce Services	Updated On 2022-12-20	Infrastructure First party, AWS	Category SOC 1
Name SOC 2 Report - Salesforce Services	Updated On 2022-12-20	Infrastructure First party, AWS	Category SOC 2
Name SOC 3 Report - Salesforce Services	Updated On 2022-12-20	Infrastructure First party, AWS	Category SOC 3
Name HITRUST Certificate - Salesforce Services on Hyperforce	Updated On 2022-12-15	Infrastructure Hyperforce	Category HITRUST
Name Salesforce Vulnerability Management Program Overview	Updated On 2022-12-12	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Vulnerability/Penetration Report Summary - Field Service Lightning (Andr./iOS)	Updated On 2022-12-07	Infrastructure First party	Category External Security Assessments
Name SOC 1 Report - Corporate Services	Updated On 2022-12-05	Infrastructure First party, AWS, Hyperforce	Category SOC 1
Name SOC 2 Report - Corporate Services	Updated On 2022-12-05	Infrastructure First party, AWS, Hyperforce	Category SOC 2
Name Vulnerability/Penetration Report Summary - Mobile Shield (Andr./iOS)	Updated On 2022-11-22	Infrastructure First party	Category External Security Assessments
Name Salesforce Services First Party Storage Encryption Summary	Updated On 2022-11-14	Infrastructure First party	Category FAQ's and White Papers
Name IRAP Assessment Report - Salesforce Services on Hyperforce AU [PROTECTED]	Updated On 2022-11-10	Infrastructure Hyperforce	Category IRAP
Name IRAP Assessment Report - Salesforce Services on AWS and Japan DC	Updated On 2022-11-09	Infrastructure First party, AWS	Category IRAP
Name PCI ASV Network Scan - Core	Updated On 2022-11-07	Infrastructure First party, AWS	Category PCI DSS
Name DR/BCP Summary - Salesforce Services	Updated On 2022-11-02	Infrastructure First party, AWS	Category Disaster Recovery & BCP
Name PCI ASV Network Scan - Salesforce.org Payment Services	Updated On 2022-11-01	Infrastructure AWS	Category PCI DSS
Name Salesforce Security (Incident) Response Plan	Updated On 2022-11-01	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name PCI ASV Network Scan - Hyperforce AMER (US West 1)	Updated On 2022-10-31	Infrastructure Hyperforce	Category PCI DSS
Name PCI ASV Network Scan - Hyperforce APAC (North East - Japan)	Updated On 2022-10-31	Infrastructure Hyperforce	Category PCI DSS
Name Customer Guide for Incident Notification	Updated On 2022-10-07	Infrastructure First party, AWS	Category FAQ's and White Papers
Name Salesforce Enterprise Security Overview (Japanese)	Updated On 2022-10-04	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce Security (Incident) Response Plan (Japanese)	Updated On 2022-10-04	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce Third Party Risk Management Overview	Updated On 2022-09-29	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Vulnerability/Penetration Report Summary - CRM Analytics (fka Tableau CRM)	Updated On 2022-09-19	Infrastructure First party	Category External Security Assessments
Name Vulnerability/Penetration Report Summary - Messaging (LiveMessage)	Updated On 2022-09-19	Infrastructure AWS	Category External Security Assessments
Name ACSC Essential Eight Maturity Report - Salesforce Services on AWS and Japan DC	Updated On 2022-08-17	Infrastructure First party, AWS	Category IRAP
Name IRAP Engagement Letter - Salesforce Services on AWS and Japan DC	Updated On 2022-08-17	Infrastructure First party, AWS	Category IRAP
Name PCI Attestation of Compliance (AoC) - Salesforce.org Payment Services	Updated On 2022-08-08	Infrastructure AWS	Category PCI DSS
Name PCI Responsibility Matrix - Salesforce.org Payment Services	Updated On 2022-08-08	Infrastructure AWS	Category PCI DSS
Name UK Cyber Essentials Plus Certificate	Updated On 2022-08-08	Infrastructure First party, AWS, Hyperforce	Category UK Cyber Essentials Plus
Name Security Perspective on the Shared Responsibility Model (Japanese)	Updated On 2022-08-02	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name SOC 2 Report - Field Service	Updated On 2022-07-29	Infrastructure AWS	Category SOC 2
Name SOC 3 Report - Field Service	Updated On 2022-07-29	Infrastructure AWS	Category SOC 3
Name EU Cloud Code of Conduct (Salesforce Services)	Updated On 2022-07-20	Infrastructure First party	Category EU Cloud Code of Conduct
Name EU Cloud Code of Conduct (Salesforce Services on Hyperforce)	Updated On 2022-07-20	Infrastructure Hyperforce	Category EU Cloud Code of Conduct
Name PCI Attestation of Compliance (AoC) - Salesforce Services	Updated On 2022-07-20	Infrastructure First party, AWS	Category PCI DSS
Name PCI Responsibility Matrix - Salesforce Services	Updated On 2022-07-20	Infrastructure First party, AWS	Category PCI DSS
Name SOC 2 Report - Salesforce Maps	Updated On 2022-07-20	Infrastructure AWS	Category SOC 2
Name SOC 3 Report - Salesforce Maps	Updated On 2022-07-20	Infrastructure AWS	Category SOC 3
Name ISMAP Cloud Service List (Salesforce Services on Hyperforce)	Updated On 2022-07-12	Infrastructure Hyperforce	Category ISMAP
Name Salesforce Services IRAP Customer Configuration Guide [PROTECTED]	Updated On 2022-06-05	Infrastructure Hyperforce	Category IRAP
Name TISAX Assessment Results	Updated On 2022-05-30	Infrastructure First party, AWS, Hyperforce	Category TISAX
Name UK NHS Data Security and Protection Toolkit (DSPT)	Updated On 2022-05-19	Infrastructure First party, Hyperforce	Category NHS DSPT
Name Vulnerability/Penetration Report Summary - Tableau CRM Mobile (Andr./iOS)	Updated On 2022-05-11	Infrastructure First party	Category External Security Assessments
Name DR/BCP Summary - Salesforce Services on Hyperforce	Updated On 2022-05-02	Infrastructure Hyperforce	Category Disaster Recovery & BCP
Name UK Cloud Security Principles	Updated On 2022-04-19	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce Enterprise Security Overview	Updated On 2022-03-11	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Security Perspective on the Shared Responsibility Model	Updated On 2022-03-10	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce Meeting Belgium Government Security Requirements	Updated On 2022-03-07	Infrastructure First party, Hyperforce	Category FAQ's and White Papers
Name Spain Esquema Nacional de Seguridad (ENS) High (Hyperforce)	Updated On 2022-03-03	Infrastructure Hyperforce	Category Spain Esquema Nacional de Seguridad (ENS)
Name Vulnerability/Penetration Report Summary - Salesforce Authenticator (Andr./iOS)	Updated On 2022-02-14	Infrastructure First party	Category External Security Assessments
Name CSA CAIQ - Salesforce Services	Updated On 2022-01-10	Infrastructure First party, AWS	Category CSA STAR
Name Computerized System Validation Guideline (Japan)	Updated On 2021-12-02	Infrastructure First party	Category FAQ's and White Papers
Name IRAP Engagement letter - Salesforce Services on Hyperforce AU [PROTECTED]	Updated On 2021-11-09	Infrastructure Hyperforce	Category IRAP
Name Vulnerability/Penetration Report Summary - Salesforce Services Data Mask Add-on	Updated On 2021-10-06	Infrastructure First party, AWS	Category External Security Assessments
Name Vulnerability Management and Response Plan Summary	Updated On 2021-09-27	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Spain Esquema Nacional de Seguridad (ENS) High	Updated On 2021-09-20	Infrastructure First party	Category Spain Esquema Nacional de Seguridad (ENS)
Name Salesforce Security Tips for Guest User Access Controls (Japan)	Updated On 2021-09-16	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name CSA STAR Registry - Salesforce Services	Updated On 2021-09-07	Infrastructure First party	Category CSA STAR
Name Medical Information System Security Management Guideline (Japan)	Updated On 2021-08-05	Infrastructure First party	Category FAQ's and White Papers
Name Salesforce Services SWIPO Data Portability Transparency Statement	Updated On 2021-07-27	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Salesforce Security Tips for Guest User Access Controls	Updated On 2021-06-17	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name ISMAP Cloud Service List (Salesforce Services)	Updated On 2021-06-02	Infrastructure First party	Category ISMAP
Name Salesforce Secure Development Lifecycle Overview	Updated On 2021-05-25	Infrastructure First party, AWS, Hyperforce	Category FAQ's and White Papers
Name Vulnerability/Penetration Report Summary - Salesforce Maps Mobile (Andr./iOS)	Updated On 2021-05-25	Infrastructure First party, AWS	Category External Security Assessments
Name SOC 2 Report (Type 1) - Workplace Command Center and Employee Wellness Check	Updated On 2021-01-22	Infrastructure First party	Category SOC 2
Name BCP Summary	Updated On 2020-12-08	Infrastructure First party, AWS, Hyperforce	Category Disaster Recovery & BCP
Name IRAP Customer Configuration User Guide Health Check [Official]	Updated On 2020-08-04	Infrastructure First party, AWS	Category IRAP
Name IRAP Customer Configuration User Guide [Official]	Updated On 2020-08-04	Infrastructure First party, AWS	Category IRAP
Name Security and Compliance Best Practices and FAQ - Work.com	Updated On 2020-07-30	Infrastructure First party, AWS	Category FAQ's and White Papers
Name International Transfers of EU Personal Data to Salesforce's Services FAQ	Updated On 2020-07-16	Infrastructure First party, AWS, Hyperforce	Category Privacy Shield
Name APEC Processor Seal - Salesforce	Updated On 2020-07-10	Infrastructure First party, Hyperforce	Category APEC Certification for Processors and Controllers
Name SOC 2 Report (Type 1) - Salesforce.org	Updated On 2020-04-30	Infrastructure First party, AWS	Category SOC 2
Name [Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	Updated On 2019-11-01	Infrastructure First party, AWS, Hyperforce	Category HIPAA
Name NISC Common Standards for Government Agencies (Japan)	Updated On 2019-08-08	Infrastructure First party	Category FAQ's and White Papers
Name [Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	Updated On 2019-01-16	Infrastructure First party, AWS, Hyperforce	Category HIPAA
Name Certified Statement of CS Gold Mark (Japan)	Updated On 2018-09-26	Infrastructure First party	Category CS Gold Mark
Name Financial Services Cloud Resources	Updated On N/A	Infrastructure First party, AWS, Hyperforce	Category Financial Services Compliance
Name GDPR - Data Protection Impact Assessments & Salesforce Services	Updated On N/A	Infrastructure First party, AWS, Hyperforce	Category GDPR