The Adobe Common Controls Framework (CCF)
We believe that a sound compliance and risk management strategy is as important to the success of an organization as the company’s product strategy. Adobe demonstrates our commitment to security by implementing a range of important industry standards and complying with government regulations concerning the security and privacy of data. As new security standards and regulatory requirements are developed and adopted by the industry, Adobe reviews them and adopts those with relevance to our customers.
To support our ongoing compliance efforts, Adobe implemented an open, foundational framework of security processes and controls called the Common Controls Framework (CCF). CCF helps protect Adobe infrastructure, applications and services, as well as helps us comply with a number of industry-accepted best practices, standards, regulations and certifications. CCF is a set of security activities and compliance controls that are implemented within our product operations teams as well as in various parts of our infrastructure and application teams. In creating CCF, Adobe analyzed the criteria for the most common security certifications for cloud-based businesses and rationalized the more than 1,350 requirements down to Adobe-specific controls that map to approximately a dozen industry standards.