Adobe Compliance Certifications, Standards, and Regulations
 


Adobe Service Offering

Completed certifications and attestations

Adobe-wide Security [7]**

Adobe-wide Privacy

Adobe-wide Accessibility

Adobe Creative Cloud for enterprise [7] [8]

 

Adobe Document Cloud - Acrobat Sign Solutions for enterprise and business

Adobe Document Cloud - Acrobat [6]

Adobe Document Cloud - Acrobat Services (APIs)

Adobe Experience Cloud [2]

Adobe Managed Services (Connect and Adobe Experience Manager (AEM) only)

Adobe Commerce Core

Adobe Commerce on Cloud

Adobe.com eCommerce

  • PCI DSS 3.2.1 compliant merchant

Adobe Learning Manager

Adobe Frame.io

 

* For more information about HIPAA-ready Adobe solutions, please refer to our "HIPAA and Adobe Products and Services" information page. 

** For more information about available attestations for Adobe products and services as part of Cybersecurity Infrastructure & Security Agency (CISA) Secure Software Development Framework (SSDF) requirements, please refer to our "SSDF and Adobe Products and Services" information page. 

[1] An Adobe service that is GLBA ready, FERPA ready, FDA 21 CFR Part 11 ready, EudraLex Volume 4 Annex 11 ready, or HIPAA ready means that the service can be used in a way that enables the customer to help meet its legal obligations related to the use of service providers. Ultimately, the customer is responsible for ensuring compliance with legal obligations, that the Adobe service meet its compliance needs, and that the customer secures the service appropriately. Under FERPA guidelines, Adobe can contractually agree to act as a “school official” when it comes to handling regulated student data and therefore enable our education customers to comply with FERPA requirements.

[2] Adobe Experience Cloud includes Adobe Advertising Cloud, Adobe Analytics, Adobe Audience Manager, Adobe Campaign, Adobe Marketo Engage & Measure, Adobe Workfront, Adobe Target, Adobe Real-Time Customer Data Platform (RTCDP), Adobe Journey Optimizer (AJO), Adobe Customer Journey Analytics (CJA), and Adobe Experience Manager Cloud Service (AEMCS).

[3] PCI DSS compliance excludes Adobe Send & Track service.

[4] FedRAMP Tailored applies to Adobe Analytics and Adobe Campaign only.

[5] Applies to Adobe Experience Manager (AEM) only.

[6] Acrobat enterprise offerings comprise of "PDF services," which are web-enabled PDF tools that modify electronic documents and are certified in this section, and include: "Adobe Acrobat Pro," "Adobe Acrobat Standard," and "Acrobat for web and mobile."

[7] Does not apply to Frame.io by Adobe. 

[8] Applies to both User Storage and Enterprise Storage configurations.

[9] Adobe is TISAX certified for select office locations.

[10] Applies to Customer Journey Analytics (CJA) Australia at Protected Level, Adobe Acrobat Sign Australia at Official Level (Official is same as Official Sensitive), and Adobe Experience Manager (AEM) Gov Cloud Australia at Protected Level.