Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce Services

Applicable to the services branded as Sales Cloud, Service Cloud, Community Cloud, Chatter, Lightning Platform including Force.com, Salesforce Private Connect, IoT Explorer including IoT Plus, Site.com, Database.com, Einstein Analytics including Einstein Discovery, WDC, Messaging, Financial Services Cloud, Health Cloud, Sustainability Cloud, Consumer Goods Cloud, Manufacturing Cloud, Emergency Program Management, Service Cloud Voice, Salesforce CPQ and Salesforce Billing, Salesforce Maps, Salesforce Order Management, B2B Commerce on Lightning Experience, Workplace Command Center, Shift Management, and the Salesforce.org LLC "Salesforce.org" services branded as Salesforce Advisor Link, foundationConnect provisioned on or after August 19, 2019, Accounting Subledger, Salesforce.org Insights Platform: Data Integrity, and Nonprofit Cloud Case Management. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/

Applicable documents by certification

Sort by: Document	Sort by: Last Updated	Sort by: Certification
UK Cloud Security Principles	2021-02-11	Standard Questionnaires, FAQ's and Whitepapers
ASIP Santé HDS Certificate	2021-02-02	ASIP Santé HDS
ISO 27001:2013 Certificate	2021-02-02	ISO 27001
ISO 27017:2015 Certificate	2021-02-02	ISO 27017
ISO 27018:2019 Certificate	2021-02-02	ISO 27018
NEN 7510-1:2017 Certificate	2021-02-02	NEN 7510
C5 (ISAE 3000) Report - Salesforce Services	2021-01-29	C5 (ISAE 3000)
SOC 2 Report (Type 1) - Workplace Command Center and Employee Wellness Check	2021-01-22	SOC 2
Vulnerability/Penetration Report Summary-Hyperforce/Unified Cloud Infrastructure	2021-01-13	External Security Assessments
SOC 1 Bridge (Gap) Letter - Corporate & Salesforce Services	2021-01-11	SOC 1
SOC 1 Report - Salesforce Services	2021-01-07	SOC 1
SOC 2 Report - Salesforce Services	2021-01-07	SOC 2
SOC 3 Report - Salesforce Services	2021-01-07	SOC 3
HITRUST Certificate - Salesforce Services	2021-01-06	HITRUST
Salesforce Binding Corporate Rules	2021-01-01	Salesforce BCRs
Vulnerability/Penetration Report Summary - Einstein Analytics Mobile (Andr./iOS)	2020-12-22	External Security Assessments
Vulnerability/Penetration Report Summary - Salesforce Services	2020-12-22	External Security Assessments
Vulnerability/Penetration Report Summary - Field Service Lightning (Andr./iOS)	2020-12-21	External Security Assessments
Vulnerability/Penetration Report Summary - Salesforce Mobile (Andr./iOS)	2020-12-21	External Security Assessments
Network Vulnerability Assessment	2020-12-20	PCI DSS
SOC 2 Report (Type 1) - Field Service	2020-12-18	SOC 2
Vulnerability/Penetration Report Summary - Salesforce Authenticator (Andr./iOS)	2020-12-18	External Security Assessments
SOC 1 Report - Corporate Services	2020-12-15	SOC 1
SOC 2 Report - Corporate Services	2020-12-15	SOC 2
BCP Summary	2020-12-08	Disaster Recovery & BCP
ISO Statement of Applicability - V2.8 (English)	2020-11-13	ISO 27001
ISO Statement of Applicability - V2.8 (French)	2020-11-13	ISO 27001
Vulnerability/Penetration Report Summary - Salesforce Services Data Mask Add-on	2020-10-05	External Security Assessments
CSA CAIQ - Salesforce Services	2020-09-24	Standard Questionnaires, FAQ's and Whitepapers
DR Testing (Site Switching) Summary	2020-09-02	Disaster Recovery & BCP
Vulnerability/Penetration Report Summary - Einstein Analytics	2020-08-26	External Security Assessments
Vulnerability/Penetration Report Summary - Messaging and LiveMessage	2020-08-07	External Security Assessments
IRAP Assessment letter [Official]	2020-08-04	IRAP
IRAP Customer Configuration User Guide Health Check [Official]	2020-08-04	IRAP
IRAP Customer Configuration User Guide [Official]	2020-08-04	IRAP
Salesforce ASD Essential Eight Maturity report	2020-08-04	IRAP
Salesforce Services IRAP Assessment Report [Official]	2020-08-04	IRAP
Security and Compliance Best Practices and FAQ - Work.com	2020-07-30	Standard Questionnaires, FAQ's and Whitepapers
International Transfers of EU Personal Data to Salesforce's Services FAQ	2020-07-16	Privacy Shield
PCI Attestation of Compliance (AoC) - Salesforce Services	2020-07-15	PCI DSS
PCI Responsibility Matrix - Salesforce Services	2020-07-15	PCI DSS
TRUSTe APEC Processor Seal	2020-07-10	TRUSTe APEC Processor Seal
Vulnerability Response Plan Summary	2020-05-31	Standard Questionnaires, FAQ's and Whitepapers
ASP/SaaS Certificate (Japan)	2020-05-16	ASP/SaaS
SOC 2 Report (Type 1) - Salesforce Maps	2020-04-30	SOC 2
SOC 2 Report (Type 1) - Salesforce.org	2020-04-30	SOC 2
Vulnerability/Penetration Report Summary - Salesforce Events Mobile (Andr./iOS)	2020-02-18	External Security Assessments
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	2019-11-01	HIPAA
DR/BCP Summary - Salesforce Services	2019-10-04	Disaster Recovery & BCP
Incident Response Plan Summary	2019-09-16	Standard Questionnaires, FAQ's and Whitepapers
NISC Security Standard (Japan)	2019-08-08	Standard Questionnaires, FAQ's and Whitepapers
FISC (Japan)	2019-02-26	Standard Questionnaires, FAQ's and Whitepapers
CS Gold Mark License (Japan)	2018-09-26	CS Gold Mark
Vulnerability/Penetration Report Summary - Einstein Discovery	2017-12-07	External Security Assessments
Financial Services Cloud Resources	N/A	Financial Services Compliance
GDPR - Data Protection Impact Assessments & Salesforce Services	N/A	GDPR
[Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	N/A	HIPAA

Salesforce Services

Applicable documents by certification

Additional Information

Trailhead

Trust | Compliance

Salesforce Services

Applicable documents by certification

Additional Information

Trailhead