Adobe Compliance Certifications, Standards, and Regulations
- Assessed by KY3P (Know Your Third Party)
- Registered, Trusted Information Security Assessment Exchange (TISAX) [5] [6]
- Cybersecurity Maturity Model Certification (CMMC) Level 1
- WCAG 2.1 level AA
- European Accessibility Act
- EN 301 549 V3.2.1 (2021-03) (Harmonized European Accessibility Standard)
- Section 508 of the Rehabilitation Act of 1973 (United States only)
- ISO 32000-2:2020 (PDF Standard)
- ISO 14289-1:2014 (PDF/UA) (PDF standard enhancement for accessibility)
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- C5 Certified (Germany)
- FedRAMP Tailored
- IRAP Assessed [8] (Australia)
- ISMAP Registered (Japan)
- HIPAA ready [1]*
- FDA 21 CFR Part 11 ready [1]
- EudraLex Volume 4 Annex 11 ready [1]
- PCI DSS 4.0 Compliant Service Provider
- Qualified Trust Service Provider (QTSP) for time stamps
- GLBA ready [1]
- FERPA ready [1]
- CSA Star Level 2
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- C5 Certified (Germany) [10]
- FedRAMP Tailored
- ISMAP Registered (Japan) [10]
- GLBA ready [1]
- FERPA ready [1]
- CSA Star Level 2
- FedRAMP Moderate
- HIPAA ready [1]*
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- FedRAMP Tailored [3]
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- HIPAA ready [1]*
- IRAP Assessed [7] (Australia)
- GLBA ready [1]
- FERPA ready [1]
- TrustArc GDPR Privacy Practices Management Compliance Validation
- TrustArc APEC Privacy Recognition for Processors (PRP) Certification
- CSA Star Level 2
- FedRAMP Moderate [9]
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- Esquema Nacional de Seguridad (ENS) High (Spain) [4]
- PCI DSS 4.0 Compliant Service Provider [8]
- IRAP Assessed [7] (Australia)
- HIPAA ready [1]*
- GLBA ready [1]
- FERPA ready [1]
- CSA Star Level 2
- SOC 2–Type 2 (Security + HIPAA)
- PCI DSS 4.0 compliant service provider
- HIPAA ready [1]*
- Trusted Partner Network (TPN) Gold Shield
* For more information about HIPAA-ready/Health Data-ready Adobe solutions, please refer to the "HIPAA/Health Data Services" information page.
** For more information about available attestations for Adobe products and services as part of Cybersecurity Infrastructure & Security Agency (CISA) Secure Software Development Framework (SSDF) requirements, please refer to the "SSDF and Adobe Products and Services" information page.
[1] An Adobe service that is GLBA ready, FERPA ready, FDA 21 CFR Part 11 ready, EudraLex Volume 4 Annex 11 ready, or HIPAA ready means that the service can be used in a way that enables the customer to help meet its legal obligations related to the use of service providers. Ultimately, the customer is responsible for ensuring compliance with legal obligations, that the Adobe service meets its compliance needs, and that the service is secured appropriately. Under FERPA guidelines, Adobe can contractually agree to act as a “school official” when it comes to handling regulated student data and therefore enable our education customers to comply with FERPA requirements.
[2] Adobe Experience Cloud includes Adobe Advertising Cloud, Adobe Analytics, Adobe Audience Manager, Adobe Campaign, Adobe Commerce on Cloud Data Services, Adobe Commerce on Cloud Other Services, Adobe Commerce as a Cloud Service, Adobe Commerce Optimizer, Adobe Connect, Adobe Core Services, Adobe Customer Journey Analytics, Adobe Experience Manager as a Cloud Service, Adobe Experience Manager, Adobe Experience Platform, Adobe GenStudio for Performance Marketing, Adobe Journey Optimizer, Adobe Learning Manager, Adobe Marketo (Engage and Measure), Adobe MixModeler, Adobe Pass, Adobe Real-Time Customer Data Platform, Adobe Target, and Adobe Workfront.
[3] Applies to Adobe Analytics and Adobe Campaign only.
[4] Applies to Adobe Experience Manager Managed Services offering only.
[5] Does not apply to Adobe Acrobat Sign for Government.
[6] Applies to Adobe’s San Jose and Dublin office locations only.
[7] Applies to Customer Journey Analytics (CJA) Australia at Protected Level, Adobe Acrobat Sign Australia at Protected Level, and Adobe Experience Manager (AEM) Gov Cloud Australia at Protected Level.
[8] Applies to Adobe Experience Manager Managed Services for Enhanced Security Offering only.
[9] Applies Adobe Experience Manager (AEM) Gov Cloud and Adobe Connect Gov Cloud offerings only.
[10] Does not apply to Acrobat Studio.