Skip to content

Security and data governance

Sitecore has implemented robust information security practices to be in alignment with industry-leading standards and exceed our customer expectations. Sitecore is in the process of complying with ISO 27001, ISO 27018 and SOC 2.

Sitecore has reinforced our information security risk management process, a formal software security assurance program and a disaster recovery strategy.

Understanding that employees are our first line of defense, Sitecore provides mandatory all-employee training on Security, to educate our company about preventing security risks and identifying vulnerability threats.


Download our white paper about data security measures in place at Sitecore and for Sitecore Managed Cloud hosting

Sitecore PCI DSS SAQ eligibility white paperSitecore engaged Coalfire, a respected Qualified Security Assessor (QSA) for the Payment Card Industry (PCI) and Payment Application Qualified Security Assessor (PA-QSA) company, to conduct an independent technical assessment of their cloud-based service offering for web platforms. Coalfire conducted assessment activities including review of i) technical documentation, ii) forensic and penetration testing, and (iii) compliance requirements.

In this paper, Coalfire will describe that Sitecore’s customers can meet the PCI Data Security Standard (PCI DSS) v3.2 requirements for a Self-Assessment Questionnaire version A (SAQ A) based on the documentation reviewed, evidence gathered during this assessment, and testing conducted on the Sitecore e-commerce platform. Download the white paper >