Adobe Compliance Certifications, Standards, and Regulations
 

Adobe Service Offering

Completed certifications and attestations

Adobe-wide [7]

ISO 22301
Assessed by TruSight
Registered, Trusted Information Security Assessment Exchange (TISAX)
CSA STAR Level 1

Adobe Creative Cloud for enterprise [7] [8]

 

SOC 2–Type 2 (Security, Availability, & Confidentiality)
ISO 27001:2013
FedRAMP Tailored
GLBA ready [1]
FERPA ready [1]

Adobe Document Cloud - Acrobat Sign Solutions for enterprise

SOC 2–Type 2 (Security, Availability, & Confidentiality + HIPAA Security [1])
ISO 27001:2013
FedRAMP Moderate/FedRAMP Tailored
IRAP assessed at Official classification (Australia)
HIPAA ready [1]
FDA 21 CFR Part 11 ready [1]
PCI DSS V3.2.1 compliant merchant and service provider [3]
Qualified Trust Service Provider (QTSP) for time stamps
Microsoft 365 Certification
GLBA ready [1]
FERPA ready [1]

Adobe Document Cloud - Acrobat [6]

SOC 2–Type 2 (Security, Availability, & Confidentiality)
ISO 27001:2013
FedRAMP Tailored
GLBA ready [1]
FERPA ready [1]

Adobe Document Cloud - PDF Services API

Adobe Experience Cloud (all solutions, except as noted) [2]

Adobe Managed Services (Connect and Adobe Experience Manager (AEM) [2] only)

FedRAMP Moderate
SOC 2–Type 2 (Security, Availability, & Confidentiality + HIPAA Security [1]
ISO 27001:2013
Esquema Nacional de Seguridad (ENS) High (Spain) [5]
IRAP assessed at Official classification (Australia) [5]
HIPAA ready [1]
GLBA ready [1]
FERPA ready [1]

Adobe Commerce

Adobe Commerce Business Intelligence and Order Management

Adobe Marketo Engage and Bizible

SOC 2-Type 2 (Security, Availability, & Confidentiality + HIPAA Security [1])
ISO 27001:2013
HIPAA Ready (Adobe Marketo Engage only) [1]

Adobe Workfront

Adobe.com eCommerce

PCI DSS 3.2.1 compliant merchant

Adobe Captivate Prime

SOC 2–Type 2 (Security, Availability, & Confidentiality)
ISO 27001:2013
FedRAMP Tailored
GLBA ready [1]
FERPA ready [1]

Adobe Connect On-Demand

[1] An Adobe service that is GLBA ready, FERPA ready, FDA 21 CFR Part 11 ready, or HIPAA ready means that the service can be used in a way that enables the customer to help meet its legal obligations related to the use of service providers. Ultimately, the customer is responsible for ensuring compliance with legal obligations, that the Adobe service meet its compliance needs, and that the customer secures the service appropriately. Under FERPA guidelines, Adobe can contractually agree to act as a “school official” when it comes to handling regulated student data and therefore to enable our education customers to comply with FERPA requirements.

[2] Adobe Experience Cloud includes Adobe Advertising Cloud, Adobe Analytics, Audience Manager, Adobe Campaign, Adobe Experience Manager, Adobe Primetime, Adobe Target, Adobe Connect, and Adobe Experience Platform.

[3] PCI DSS compliance excludes Adobe Send & Track service.

[4] FedRAMP Tailored applies to Adobe Analytics and Adobe Campaign only.

[5] Applies to Adobe Experience Manager (AEM) only.

[6] Acrobat enterprise offerings comprise of "PDF services," which are web-enabled PDF tools that modify electronic documents and are certified in this section, and include: "Adobe Acrobat Pro DC," "Adobe Acrobat Standard DC," and "Acrobat for web and mobile."

[7] Does not apply to Frame.io by Adobe. 

[8] Applies to both User Storage and Enterprise Storage configurations.