Adobe Compliance Certifications, Standards, and Regulations
 

Adobe Service Offering

Completed certifications and attestations

Adobe-wide

ISO 22301
Assessed by TruSight
Registered, Trusted Information Security Assessment Exchange (TISAX)

Adobe Creative Cloud for enterprise

SOC 2–Type 2 (Security, Availability, & Confidentiality)
ISO 27001:2013
FedRAMP Tailored
GLBA-Ready [1]
FERPA-Ready [1]
CSA STAR Level 1

Adobe Document Cloud - Adobe Sign for Enterprise

SOC 2–Type 2 (Security, Availability, & Confidentiality + HIPAA Security)
ISO 27001:2013
FedRAMP Tailored/FedRAMP Moderate [in progress]
HIPAA-Ready [1]
GLBA-Ready [1]
FERPA-Ready [1]
FDA 21 CFR Part 11 compliant [1]
PCI DSS V3.2.1 compliant merchant and service provider [3]
Qualified Trust Service Provider (QTSP) offering eIDAS-compliant certificates
CSA Star Level 1
Microsoft 365 Certification

Adobe Document Cloud - PDF Services

SOC 2–Type 2 (Security, Availability, & Confidentiality) [7]
ISO 27001:2013 [7]
FedRAMP Tailored
GLBA-Ready [1]
FERPA-Ready [1]
CSA Star Level 1

Adobe Experience Cloud (all solutions) [2]

FedRAMP Tailored [5]
SOC 2–Type 2 (Security, Availability, & Confidentiality + HIPAA Security)
ISO 27001:2013
GLBA-Ready [1]
TrustArc GDPR Privacy Practices Management Compliance Validation [4]
CSA STAR Level 1

Adobe Managed Services (Connect and Adobe Experience Manager (AEM) [2] only)

FedRAMP Moderate
SOC 2–Type 2 (Security, Availability, & Confidentiality + HIPAA Security)
ISO 27001:2013
Esquema Nacional de Seguridad (ENS) High (Spain) [6]
IRAP assessed at Official classification (Australia) [6]
GLBA-Ready [1]
FERPA-Ready [1]
HIPAA-Ready [1]
CSA STAR Level 1

Adobe Magento Commerce Cloud

SOC 2-Type 2 (Security, Availability, & Confidentiality)
PCI DSS 3.2.1 compliant service provider

Adobe Magento Business Intelligence and Order Management

SOC 2-Type 2 (Security, Availability, & Confidentiality)
ISO 27001:2013
GLBA-Ready [1]
FERPA-Ready [1]
CSA STAR Level 1

Adobe Marketo Engage and Bizable

SOC 2-Type 2 (Security, Availability, & Confidentiality + HIPAA Security)
ISO 27001:2013
CSA STAR Level 1
HIPAA-Ready

Adobe.com eCommerce

PCI DSS 3.2.1 compliant merchant

Adobe Captivate Prime

SOC 2–Type 2 (Security, Availability, & Confidentiality)
ISO 27001:2013
GLBA-Ready [1]
FERPA-Ready [1]
CSA STAR Level 1

Adobe Connect On-Demand

SOC 2–Type 2 (Security, Availability, & Confidentiality)
ISO 27001:2013
GLBA-Ready [1]
CSA STAR Level 1

[1] An Adobe service that is GLBA–Ready, FERPA-Ready, FDA 21 CFR Part 11 compliant, or HIPAA-ready means that the service can be used in a way that enables the customer to help meet its legal obligations related to the use of service providers. Ultimately, the customer is responsible for ensuring compliance with legal obligations, that the Adobe service meet its compliance needs, and that the customer secures the service appropriately. Under FERPA guidelines, Adobe can contractually agree to act as a “school official” when it comes to handling regulated student data and therefore to enable our education customers to comply with FERPA requirements.

[2] Adobe Experience Cloud includes Adobe Advertising Cloud, Adobe Analytics, Audience Manager, Adobe Campaign, Adobe Experience Manager, Adobe Primetime, Adobe Target, Adobe Connect, and Adobe Experience Platform.

[3] PCI DSS compliance excludes Adobe Send & Track service.

[4] Please view the independent GDPR Privacy Practices Validation Findings Letter from TrustArc for more information.

[5] FedRAMP Tailored applies to Adobe Analytics and Adobe Campaign only.

[6] Applies to Adobe Experience Manager (AEM) only.

[7] PDF Tools API is included.

[8] Applies to Adobe Marketo Engage only.