The data compliance challenge

The headlines keep coming — with new hacks and data breaches seemingly increasing by the day. This is no doubt a part of why the Biden Administration just introduced an Executive Order to address the “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” It’s no surprise then that privacy and cybersecurity are top of mind for all our customers.

Whether located in the US or the EU, working in retail, financial services, or healthcare, each business will assess tools based on the level of risk they see and manage those risks while addressing privacy and cybersecurity laws.

As our customers are evaluating software tools, we understand that part of that involves privacy and cybersecurity vendor risk assessments, questionnaires, and impact analyses. This enables them to measure the risks associated with doing business with a new third-party and managing their supply chain. We do the same thing as part of our procurement processes.

How we can help

If you’re considering partnering with Sitecore, we want to make it easy for you to discover the information you need to make your risk assessment as quick and streamlined as possible.

  • Certifications
    Since January 2019, Sitecore has received certifications and attestations for ISO 27001, ISO 27017, ISO 27018, CSA Star and SOC2 (Type 2) for its Managed Cloud offering. Since January 2020, these have been extended to cover Content Hub too. Should you wish to see copies of our certifications or SOC2 report, please reach out to your usual Sitecore contact.
  • Trust Center
    The go-to section on our website for privacy and security matters. Explore our online privacy policy, detailing how we collect and handle data and address compliance with privacy and data-protection laws such as the CCPA and GDPR.
  • Privacy and security questionnaires
    Sitecore has a number of pre-filled security and privacy questionnaires that follow industry templates, including SIG, CAIQ and VSA. Should you require a copy, please reach out to [email protected]
  • White papers
    Sitecore’s products can all be configured to address compliance with GDPR and CCPA, and we have a number of white papers detailing how. If you would like a copy, please reach out to your usual Sitecore contact.
  • Customer contracts
    All SaaS and Cloud Customers are required to agree to Sitecore’s DPA to address local privacy and security compliance requirements. If you would like a PDF copy of our DPA, please reach out to your usual Sitecore contact.


Here are some additional online resources:

We know how important data compliance and security is — and believe it or not, we actually find this topic fascinating. If you have questions, concerns, or comments, please don’t hesitate to reach out to us so we can support you on your compliance journey.

A member of the Advisory Board of the International Association of Privacy Professionals (IAPP) and holding the Certified CIPP/US, CIPP/E, and CIPM credentials, Rachael Ormiston is the Chief Privacy and Cyber Compliance Officer at Sitecore, overseeing the internal privacy, information governance, and cyber compliance program. Follow her on LinkedIn.