SITECORE TRUST CENTER

Trust Center Resources

WHITEPAPERS

GDPR

Sitecore has prepared 2 whitepapers to assist our customers with their ongoing GDPR compliance.

  • For customers who are on version 9.x of Sitecore software, more information can be found here.
  • For customers who are on earlier versions (6, 7 or 8), you can read more information here.

Learn more about Sitecore and the GDPR →

Managed Cloud Security Standards

You can download our white paper about security standards in place at Sitecore and for Sitecore Managed Cloud hosting here.

PCI DSS

Get the white paper by Coalfire, an accredited auditor, describing Sitecore’s ability to meet the PCI Data Security Standard (PCI DSS) v3.2 requirements for a Self-Assessment Questionnaire version A (SAQ A). Download PDF >

Sitecore’s Compliance Certifications

Download a current compliance listing of Sitecore's products and solutions. Download PDF >

FAQ

Does Sitecore adhere to the GDPR?

Like all globally engaged companies, Sitecore took a number of steps to implement the various requirements of the General Data Protection Regulation (GDPR) and evolving global privacy laws into Sitecore’s business. This meant building our privacy team and continuing to build our data strategy to ensure a robust data model for continuing adherence beyond the May 25th 2018 implementation date.

These steps included:

  • Building an accountable Privacy Team: With a Data Governance Committee comprised of Sitecore C-suite members from the Legal, HR, Finance, Marketing, Customer Operations, Product, and Sales teams, and supported by a Steering Group, Sitecore has implemented top-down awareness of our privacy and data governance framework to ensure accountability in all of our business processes.
  • Transparency, Notice and Choice: We have updated our Privacy Policy to ensure that those whose data we collect understand how it will be processed and can make informed choices about whether to share their data with us.
  • Organizational measures: We reviewed our internal processes to ensure that we have improved internal guidelines and thresholds on who we work with and engage as vendors, reviewing our contracts to ensure that appropriate contractual mechanisms are in place before sharing data, implementing structures that incorporate privacy by design in our product review cycles and establishing protocols for responding to data subject requests.
  • Technical measures: We have improved our internal security measures to ensure greater asset management and encryption on portable devices, as well as updating our internal security policies to deal with new legal requirements. Refer to the Trust Center security page for more information on Sitecore’s security framework.
  • Reviews: We have built into our business model reviews and audits to ensure that we continue to assess

Learn more about Sitecore and the GDPR →

 

Is Sitecore planning for CCPA compliance?

Yes. Sitecore’s Privacy team continuously reviews and monitors external global privacy laws, trends and developments so that changes required by applicable laws or which are appropriate to our business are made proactively. This includes planning for the upcoming California Consumer Protection Act.

What is an ISO certification?

The International Organization for Standardization (“ISO”) is an independent, non-governmental international organization that creates and develops global standards.

Why is ISO certification important to Sitecore?

Sitecore has recently obtained a number of ISO certifications, detailed on the Trust Center security page.

ISO 27001 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance and continuous improvement of the ISMS.

ISO 27017 is a security standard that provides guidance on the information security aspects of cloud computing. Sitecore uses this standard to supplementing the ISO 27001:2013 standard with cloud-specific controls that are applied to its public cloud environment.

ISO 27018 is a code of practice that focuses on protection of personally identifiable information (PII) in the public cloud. By providing cloud services, Sitecore acts as a data processor to its customers. Sitecore uses ISO 27018:2014 standard in order to protect the PII that it processes for its customers

These standards are internationally recognized and demonstrates to our customers, partners and vendors that we have adopted best practices to manage the infrastructure of Sitecore’s ISMS and cloud offerings

How do I submit a support ticket?

To contact Sitecore’s support team, please submit your support ticket via the Sitecore Support Portal at: support.sitecore.net.

Find events near you

Use my current location

Change my location

Apply