Compliance programs and certifications
Adherence to internationally recognized standards
To demonstrate our commitment to protecting customer data, Sitecore maintains a number of compliance programs and certifications in accordance with strict regulatory and industry standards
Compliance with these standards, confirmed by an accredited auditor, demonstrates Sitecore’s continued adoption of these internationally recognized standards, workflows and best practices in Sitecore’s people, processes, and technologies that are used to provide cloud-based services to its customers.
Please refer to the current list of compliance programs for more information on the certifications that Sitecore maintains.
For further detail on the scope of each compliance program, please refer to the appropriate certificate in the table below.
|ISO 27001: 2013 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance and continuous improvement of the ISMS. This includes implementing steps to identify and maintain the assets, technologies, and processes needed to protect customer information and to help ensure the confidentiality, integrity, and availability of customer data and supporting services.
| ISO 27017: 2015 is a security standard that provides guidance on the information security aspects of cloud computing.
Sitecore uses this standard to supplement the ISO 27001:2013 standard with cloud-specific controls that are applied to its public cloud environment.
| ISO 27018: 2014 is a code of practice that focuses on protection of personally identifiable information (PII) in the public cloud.
By providing cloud services, Sitecore acts as a data processor to its customers. Sitecore uses ISO/IEC 27018:2014 standard in order to protect the PII that it processes for its customers.
|The CSA STAR Certification is a technology-neutral independent certification that leverages the requirements of ISO 27001: 2013 management standard together with CSA Cloud Controls Matrix (CCM) to ensure compliance with issues critical to cloud security in the CCM.
Sitecore uses CSA STAR standard to continually measure the maturity of its control practices against the CCM and applicable sections of ISO 27001:2013.
|SOC 2 reports contain an independent attestation of control environment relevant to system security, confidentiality and availability. SOC 2 audits are conducted against SSAE 18 attestation standards.
Sitecore uses the SOC 2 reports to demonstrate the operating effectiveness of its controls used to ensure security, confidentiality, and availability of its public cloud environment.
|Sitecore complies with the E.U.-U.S. Privacy Shield and Swiss–U.S. Privacy Shield Frameworks (together referred to as “Privacy Shield”) as set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal information from data subjects who reside in the EU and Switzerland, respectively. For more information on this certification, please see here.
For more information, please read the Sitecore Trust Center FAQ.