Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce Services and Additional Services

Applicable to the services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Relationship Intelligence, Emergency Program Management, Employee Productivity, Experience Cloud (formerly Community Cloud), Financial Services Cloud, Health Cloud, IoT Explorer (including IoT Plus), Intelligent Form Reader, IT Service Center - IT Agent, Lightning Platform (including Force.com and Salesforce Connect), Loyalty Cloud, Manufacturing Cloud, Messaging, Privacy Center, Public Sector Solutions, Sales Cloud, Service Cloud (including Field Services managed package), Salesforce Private Connect, Salesforce CPQ and Salesforce Billing, Salesforce Maps, Salesforce Order Management, Service Cloud, Service Cloud Voice, Shift Management, Site.com, Sustainability Cloud, Tableau CRM (formerly Einstein Analytics) (including Einstein Discovery), WDC, Workplace Command Center. Also applicable to the Salesforce.org LLC ("Salesforce.org") services branded as Accounting Subledger, Admissions Connect, foundationConnect (provisioned on or after August 19, 2019), Grants Management, Nonprofit Cloud Case Management, Salesforce Advisor Link, Salesforce.org Insights Platform: Data Integrity, Student Success Hub. Some specific certifications and reports may not apply to all services in the above list. Please refer to the "Audits and Certifications" section of the "Salesforce Security, Privacy and Architecture" document for any limitations — https://trust.salesforce.com/en/trust-and-compliance-documentation/

Applicable documents by certification

Sort by: Document	Sort by: Last Updated	Infrastructure	Sort by: Certification
ISO Statement of Applicability - v3.0 (English)	2021-11-12	First party, AWS, Hyperforce	ISO 27001
IRAP Assessment Report - Salesforce Services on Hyperforce AU [PROTECTED]	2021-11-09	Hyperforce	IRAP
IRAP Engagement letter - Salesforce Services on Hyperforce AU [PROTECTED]	2021-11-09	Hyperforce	IRAP
Network Vulnerability Assessment	2021-11-03	First party, AWS	PCI DSS
Salesforce Binding Corporate Rules	2021-11-01	First party, AWS, Hyperforce	Salesforce BCRs
ISO 27001:2013 Certificate	2021-10-28	First party, AWS, Hyperforce	ISO 27001
ISO 27017:2015 Certificate	2021-10-28	First party, AWS, Hyperforce	ISO 27017
ISO 27018:2019 Certificate	2021-10-28	First party, AWS, Hyperforce	ISO 27018
NEN 7510-1:2017 Certificate	2021-10-28	First party, AWS, Hyperforce	NEN 7510
FISC (Japan)	2021-10-27	First party	Standard Questionnaires, FAQ's and Whitepapers
Vulnerability/Penetration Report Summary - Salesforce Services Data Mask Add-on	2021-10-06	First party, AWS	External Security Assessments
PCI Attestation of Compliance (AoC) - Salesforce Services	2021-10-01	First party, AWS	PCI DSS
Vulnerability Management and Response Plan Summary	2021-09-27	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
Salesforce ACSC Essential Eight Maturity report	2021-09-21	Hyperforce	IRAP
Spain Esquema Nacional de Seguridad (ENS) High	2021-09-20	First party	Spain Esquema Nacional de Seguridad (ENS)
Spain Esquema Nacional de Seguridad (ENS) High (Hyperforce)	2021-09-20	Hyperforce	Spain Esquema Nacional de Seguridad (ENS)
Salesforce Security Tips for Guest User Access Controls (Japan)	2021-09-16	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
SOC 1 Bridge (Gap) Letter - Corporate & Salesforce Services	2021-09-16	First party, AWS	SOC 1
SOC 1 Bridge (Gap) Letter - Salesforce Services on Hyperforce	2021-09-16	Hyperforce	SOC 1
Vulnerability/Penetration Report Summary - Salesforce Services	2021-09-16	First party, AWS	External Security Assessments
CSA STAR Registry - Salesforce Services	2021-09-07	First party	CSA STAR
DR Testing (Site Switching) Summary	2021-08-30	First party, AWS	Disaster Recovery & BCP
SOC 1 Report - Salesforce Services on Hyperforce	2021-08-26	Hyperforce	SOC 1
SOC 2 Report - Salesforce Services on Hyperforce	2021-08-26	Hyperforce	SOC 2
SOC 3 Report - Salesforce Services on Hyperforce	2021-08-26	Hyperforce	SOC 3
C5 (ISAE 3000) Report - Salesforce Services	2021-08-18	First party, AWS	C5 (ISAE 3000)
PCI Attestation of Compliance (AoC) - Salesforce.org Payment Services	2021-08-13	AWS	PCI DSS
PCI Responsibility Matrix - Salesforce.org Payment Services	2021-08-13	AWS	PCI DSS
SOC 2 Report - Salesforce Maps	2021-08-13	AWS	SOC 2
SOC 3 Report - Salesforce Maps	2021-08-13	AWS	SOC 3
Medical Information System Security Management Guideline (Japan)	2021-08-05	First party	Standard Questionnaires, FAQ's and Whitepapers
UK Cyber Essentials Plus Certificate	2021-07-29	First party, AWS, Hyperforce	UK Cyber Essentials Plus
Vulnerability/Penetration Report Summary - Tableau CRM & Einstein Discovery	2021-07-29	First party	External Security Assessments
Salesforce Services SWIPO Data Portability Transparency Statement	2021-07-27	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
PCI Responsibility Matrix - Salesforce Services	2021-07-15	First party, AWS	PCI DSS
Salesforce Ransomware Mitigation Summary	2021-07-12	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
SOC 1 Report - Salesforce Services	2021-07-01	First party, AWS	SOC 1
SOC 2 Report - Salesforce Services	2021-07-01	First party, AWS	SOC 2
SOC 3 Report - Salesforce Services	2021-07-01	First party, AWS	SOC 3
SOC 2 Report - Field Service	2021-06-29	AWS	SOC 2
SOC 3 Report - Field Service	2021-06-29	AWS	SOC 3
SOC 1 Report - Corporate Services	2021-06-23	First party, AWS, Hyperforce	SOC 1
SOC 2 Report - Corporate Services	2021-06-23	First party, AWS, Hyperforce	SOC 2
Salesforce Security Tips for Guest User Access Controls	2021-06-17	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
UK NHS Data Security and Protection Toolkit (DSPT)	2021-06-09	First party	NHS DSPT
Network Vulnerability Assessment - Hyperforce APAC (South East - Australia)	2021-06-03	Hyperforce	PCI DSS
ISMAP Cloud Service List	2021-06-02	First party	ISMAP
Network Vulnerability Assessment - Hyperforce AMER (East)	2021-05-27	Hyperforce	PCI DSS
Network Vulnerability Assessment - Hyperforce APAC (South - India)	2021-05-27	Hyperforce	PCI DSS
Salesforce Secure Development Lifecycle Overview	2021-05-25	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
IRAP Assessment letter [Official]	2021-05-17	First party, AWS	IRAP
Salesforce Security (Incident) Response Plan	2021-05-07	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
PCI Attestation of Compliance (AoC) - Salesforce Services on Hyperforce	2021-04-01	Hyperforce	PCI DSS
PCI Responsibility Matrix - Salesforce Services on Hyperforce	2021-04-01	Hyperforce	PCI DSS
ASIP Santé HDS Certificate	2021-03-29	First party, AWS, Hyperforce	ASIP Santé HDS
ISO Statement of Applicability - V2.9 (French)	2021-03-15	First party, AWS, Hyperforce	ISO 27001
DR/BCP Summary - Salesforce Services	2021-03-04	First party, AWS	Disaster Recovery & BCP
UK Cloud Security Principles	2021-02-11	First party, AWS, Hyperforce	Standard Questionnaires, FAQ's and Whitepapers
SOC 2 Report (Type 1) - Workplace Command Center and Employee Wellness Check	2021-01-22	First party	SOC 2
Vulnerability/Penetration Report Summary-Hyperforce/Unified Cloud Infrastructure	2021-01-13	Hyperforce	External Security Assessments
HITRUST Certificate - Salesforce Services	2021-01-06	First party, AWS	HITRUST
Vulnerability/Penetration Report Summary - Tableau CRM Mobile (Andr./iOS)	2020-12-22	First party	External Security Assessments
Vulnerability/Penetration Report Summary - Field Service Lightning (Andr./iOS)	2020-12-21	First party	External Security Assessments
Vulnerability/Penetration Report Summary - Salesforce Mobile (Andr./iOS)	2020-12-21	First party	External Security Assessments
Vulnerability/Penetration Report Summary - Salesforce Authenticator (Andr./iOS)	2020-12-18	First party	External Security Assessments
BCP Summary	2020-12-08	First party, AWS, Hyperforce	Disaster Recovery & BCP
CSA CAIQ - Salesforce Services	2020-09-24	First party, AWS	CSA STAR
Vulnerability/Penetration Report Summary - Messaging and LiveMessage	2020-08-07	AWS	External Security Assessments
IRAP Customer Configuration User Guide Health Check [Official]	2020-08-04	First party, AWS	IRAP
IRAP Customer Configuration User Guide [Official]	2020-08-04	First party, AWS	IRAP
Salesforce ASD Essential Eight Maturity report	2020-08-04	First party, AWS	IRAP
Security and Compliance Best Practices and FAQ - Work.com	2020-07-30	First party, AWS	Standard Questionnaires, FAQ's and Whitepapers
International Transfers of EU Personal Data to Salesforce's Services FAQ	2020-07-16	First party, AWS, Hyperforce	Privacy Shield
APEC Processor Seal - Salesforce	2020-07-10	First party	APEC Certification for Processors and Controllers
Salesforce Services IRAP Assessment Report [Official]	2020-06-01	First party, AWS	IRAP
ASP/SaaS Certificate (Japan)	2020-05-16	First party	ASP/SaaS
SOC 2 Report (Type 1) - Salesforce.org	2020-04-30	First party, AWS	SOC 2
[Whitepaper] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	2019-11-01	First party, AWS, Hyperforce	HIPAA
NISC Security Standard (Japan)	2019-08-08	First party	Standard Questionnaires, FAQ's and Whitepapers
CS Gold Mark License (Japan)	2018-09-26	First party	CS Gold Mark
Financial Services Cloud Resources	N/A	First party, AWS, Hyperforce	Financial Services Compliance
GDPR - Data Protection Impact Assessments & Salesforce Services	N/A	First party, AWS, Hyperforce	GDPR
[Video] Salesforce And The HIPAA Security Rule: Securing EPHI In The Cloud	N/A	First party, AWS, Hyperforce	HIPAA

Salesforce Services and Additional Services

Applicable documents by certification

Additional Information

Trailhead

Trust | Compliance

Salesforce Services and Additional Services

Applicable documents by certification

Additional Information

Trailhead