[Last Updated: November 2025]
Adobe Service Offering
Completed certifications and attestations
Adobe-wide Security [7]**
- Assessed by TruSight
- Registered, Trusted Information Security Assessment Exchange (TISAX) [6] [7]
- Cybersecurity Maturity Model Certification (CMMC) Level 1
Adobe-wide Privacy
Adobe-wide Accessibility
- WCAG 2.1 level AA
- European Accessibility Act
- EN 301 549 V3.2.1 (2021-03) (Harmonized European Accessibility Standard)
- Section 508 of the Rehabilitation Act of 1973 (United States only)
- ISO 32000-2:2020 (PDF Standard)
- ISO 14289-1:2014 (PDF/UA) (PDF standard enhancement for accessibility)
Adobe Creative Cloud for enterprise
Adobe Document Cloud - Acrobat Sign Solutions for enterprise
- SOC 2– Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- C5 Certified (Germany)
- FedRAMP Tailored
- IRAP Assessed [8] (Australia)
- ISMAP Registered (Japan)
- HIPAA ready [1]*
- FDA 21 CFR Part 11 ready [1]
- EudraLex Volume 4 Annex 11 ready [1]
- PCI DSS 4.0 Compliant Service Provider [3]
- Qualified Trust Service Provider (QTSP) for time stamps
- GLBA ready [1]
- FERPA ready [1]
- CSA Star Level 2
Adobe Document Cloud - Acrobat Web, Acrobat Services (PDF Services API), Acrobat AI Assistant
Adobe Acrobat Sign for Government
- FedRAMP Moderate
- HIPAA ready [1]*
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
Adobe Experience Cloud [2]
- FedRAMP Tailored [4]
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- HIPAA ready [1]*
- IRAP Assessed[8] (Australia)
- GLBA ready [1]
- FERPA ready [1]
- TrustArc GDPR Privacy Practices Management Compliance Validation
- TrustArc APEC Privacy Recognition for Processors (PRP) Certification
- CSA Star Level 2
Adobe Managed Services (Connect and Adobe Experience Manager (AEM) only)
- FedRAMP Moderate [10]
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- Esquema Nacional de Seguridad (ENS) High (Spain) [5]
- PCI DSS 4.0 Compliant Service Provider [9]
- IRAP Assessed[8] (Australia)
- HIPAA ready [1]*
- GLBA ready [1]
- FERPA ready [1]
- CSA Star Level 2
Adobe Commerce on Cloud
- SOC 2-Type 2 (Security + HIPAA)
- PCI DSS 4.0 compliant service provider
- HIPAA ready [1]*
Adobe.com eCommerce
Adobe Learning Manager
Adobe Frame.io
- SOC 2–Type 2 (Security, Availability, & Confidentiality)
- SOC 3 (Security, Availability, & Confidentiality)
- ISO 9001:2015
- ISO 27001:2022
- ISO 27017:2015
- ISO 27018:2019
- ISO 22301:2019
- Trusted Partner Network (TPN) Gold Shield
- CSA Star Level 2
* For more information about HIPAA-ready/Health Data-ready Adobe solutions, please refer to our "HIPAA/Health Data Services" information page.
** For more information about available attestations for Adobe products and services as part of Cybersecurity Infrastructure & Security Agency (CISA) Secure Software Development Framework (SSDF) requirements, please refer to our "SSDF and Adobe Products and Services" information page.
[1] An Adobe service that is GLBA ready, FERPA ready, FDA 21 CFR Part 11 ready, EudraLex Volume 4 Annex 11 ready, or HIPAA ready means that the service can be used in a way that enables the customer to help meet its legal obligations related to the use of service providers. Ultimately, the customer is responsible for ensuring compliance with legal obligations, that the Adobe service meets its compliance needs, and that the service is secured appropriately. Under FERPA guidelines, Adobe can contractually agree to act as a “school official” when it comes to handling regulated student data and therefore enable our education customers to comply with FERPA requirements.
[2] Adobe Experience Cloud includes Adobe Advertising Cloud, Adobe Analytics, Adobe Audience Manager, Adobe Campaign, Adobe Commerce, Adobe Connect, Adobe Core Services, Adobe Customer Journey Analytics, Adobe Experience Manager as a Cloud Service, Adobe Experience Manager, Adobe Experience Platform, Adobe Journey Optimizer, Adobe Marketo (Engage and Measure), Adobe MixModeler, Adobe Real-Time Customer Data Platform, Adobe Target, and Adobe Workfront.
[3] PCI DSS compliance excludes Adobe Send & Track service.
[4] FedRAMP Tailored applies to Adobe Analytics and Adobe Campaign only.
[5] Applies to Adobe Experience Manager Managed Services only.
[6] Does not apply to Frame.io, Workfront, Commerce on Cloud, Adobe Acrobat Sign for Government.
[7] Adobe is TISAX certified for San Jose and Dublin office locations only.
[8] Applies to Customer Journey Analytics (CJA) Australia at Protected Level, Adobe Acrobat Sign Australia at Protected Level, and Adobe Experience Manager (AEM) Gov Cloud Australia at Protected Level.
[9] Applies to Adobe Experience Manager - Managed Services for Enhanced Security Offering only.
[10] FedRAMP Moderate is only applicable for Adobe Experience Manager (AEM) Gov Cloud and Adobe Connect Gov Cloud offerings.