The Adobe Common Controls Framework (CCF)


We believe that a sound compliance and risk management strategy is as important to the success of an organization as the company’s product strategy. Adobe demonstrates our commitment to security by implementing a range of important industry standards and complying with government regulations concerning the security and privacy of data. As new security standards and regulatory requirements are developed and adopted by the industry, Adobe reviews them and adopts those with relevance to our customers.


To support our ongoing compliance efforts, Adobe implemented an open, foundational framework of security processes and controls called the Common Controls Framework (CCF). CCF helps protect Adobe infrastructure, applications and services, as well as helps us comply with a number of industry-accepted best practices, standards, regulations and certifications. CCF is a set of security activities and compliance controls that are implemented within our product operations teams as well as in various parts of our infrastructure and application teams. In creating CCF, Adobe analyzed the criteria for the most common security certifications for cloud-based businesses and rationalized the more than 1,350 requirements down to Adobe-specific controls that map to approximately a dozen industry standards.

Our ongoing

Our Ongoing Efforts

Compliance is a continuous process that includes periodic internal audits, external assessments and on-going controls improvement. Adobe is subjected to regular third-party audits and periodic reviews to ensure we consistently meet commitments. Adobe has also invested in developing an enterprise-wide governance, risk, and compliance (GRC) automation platform to help maintain an effective governance model for the compliance program. 

Our ongoing

Open-source and Ready to Use

The Common Controls Framework (CCF) has been open sourced (now at version 4.0) to help the broader security and risk management community achieve their own compliance goals. We regularly update the framework as regulations evolve or new industry standards are integrated into our compliance regime. We invite you to use this framework to help accelerate and standardize your own ongoing compliance efforts. Download CCF today and we always welcome feedback on its development.