Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce Services

Applicable to the services branded as Sales Cloud, Service Cloud, Community Cloud, Chatter, Lightning Platform (including Force.com), IoT Explorer (including IoT Plus), Site.com, Database.com, Einstein Analytics (including Einstein Discovery), Work.com, Messaging, Financial Services Cloud, Health Cloud, Sustainability Cloud, Consumer Goods Cloud, Manufacturing Cloud, Salesforce CPQ and Salesforce Billing, Salesforce Maps, Salesforce Advisor Link, foundationConnect (provisioned on or after August 19, 2019). Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/

Applicable certifications and documents

Sort by: Document	Sort by: Last Updated	Sort by: Certification
HITRUST Certificate	2020-05-28	HITRUST
ASP/SaaS Certificate (Japan)	2020-05-13	ASP/SaaS
Salesforce Vulnerability Management Overview (EN)	2020-04-23	Standard Questionnaires, FAQ's and Whitepapers
Salesforce Vulnerability Management Overview (JP)	2020-04-23	Standard Questionnaires, FAQ's and Whitepapers
Vulnerability/Penetration Report Summary - Salesforce Services	2020-04-20	External Security Assessments
SOC 1 Bridge (Gap) Letter - Corporate & Salesforce Services	2020-04-07	SOC 1
ASIP Santé HDS Certificate	2020-03-12	ASIP Santé HDS
C5 (ISAE 3000) Report - Salesforce Services	2020-03-04	C5 (ISAE 3000)
DR Testing (Site Switching) Summary	2020-02-25	Disaster Recovery & BCP
Report on compliance with NEN7510 requirements	2020-01-30	NEN 7510
SOC 2 Report - Salesforce Services	2020-01-28	SOC 2
Network Vulnerability Assessment	2020-01-24	PCI DSS
ISO 27017 Certificate	2020-01-22	ISO 27017
ISO 27018 Certificate	2020-01-22	ISO 27018
ISO 27001 Certificate	2020-01-21	ISO 27001
SOC 2 Report - Corporate Services	2020-01-17	SOC 2
SOC 1 Report - Salesforce Services	2020-01-14	SOC 1
SOC 1 Report - Corporate Services	2020-01-07	SOC 1
Vulnerability/Penetration Report Summary - Einstein Analytics	2020-01-03	External Security Assessments
Vulnerability/Penetration Report Summary - Messaging and LiveMessage	2019-11-19	External Security Assessments
Privacy Shield Registration	2019-11-18	Privacy Shield
Salesforce Binding Corporate Rules	2019-11-18	Salesforce BCRs
ISO Statement of Applicability	2019-11-04	ISO 27001
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	2019-11-01	HIPAA
PCI Attestation of Compliance (AoC) - Salesforce Services	2019-10-29	PCI DSS
DR/BCP Summary - Salesforce Services	2019-10-04	Disaster Recovery & BCP
Incident Response Plan Summary	2019-09-16	Standard Questionnaires, FAQ's and Whitepapers
NISC Security Standard (Japan)	2019-08-08	Standard Questionnaires, FAQ's and Whitepapers
FISC (Japan)	2019-02-26	Standard Questionnaires, FAQ's and Whitepapers
ASD iRAP Statement of Compliance (Australia)	2018-10-19	IRAP
CS Gold Mark License (Japan)	2018-09-26	CS Gold Mark
CSA CAIQ - Salesforce Services	2018-03-29	Standard Questionnaires, FAQ's and Whitepapers
Vulnerability/Penetration Report Summary - Einstein Discovery	2017-12-07	External Security Assessments
Financial Services Cloud Recources	N/A	Financial Services Compliance
GDPR - DPIA General Whitepaper	N/A	GDPR
GDPR - DPIA Salesforce Services	N/A	GDPR
[Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	N/A	HIPAA