Certifications, Assessments, and Standards
Cloud transformations require customers to rely on CSPs that take security and compliance seriously - enable trust in transactions, ensure data accuracy and reliability, and support their IT controls. SOC 1, SOC 2, SOC 3 along with other industry certifications enable Informatica customers to deliver accurate financial reports confidently to alleviate any regulatory pressures.
Informatica is the most secure and trusted cloud data management provider. To protect and safeguard your data, we adhere to the key standards in your industries to significantly minimize risks and ensure strong, continuous compliance. We’ve listed below the certifications, assessments, and standards that we comply with. You can also register to receive some of the independent reports on our compliance.
AICPA SOC 3® - SOC for Service Organizations
These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2® Report. Because they are general use reports, SOC 3® reports can be freely distributed.
AICPA SOC 1® - SOC for Service Organizations
These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to financial controls, operations, and IT and business processes that are tied to their financial reporting. Informatica has successfully achieved SOC 1 Type 2 compliance. This validates that our customers can effectively meet their financial reporting obligations with Informatica Intelligent Data Management Cloud (IDMC) controls. SOC 1 reports can only be distributed to existing customers and their auditors, not prospects. If a service organization’s clients have their financials audited, a SOC 1SM report gives those clients’ auditors assurance that proper controls are implemented, operational, and effective.
Please contact your account rep for a copy of the report.
AICPA SOC 2® - SOC for Service Organizations
The American Institute for Certified Public Accountants (AICPA) provides specifications for how service organizations report on the internal controls of the services they provide. The reports provide valuable information that users need to assess and address the risks associated with an outsourced service.
These reports are aimed at a broad range of users who require detailed information and assurance about the controls at a service organization. The information details the security, availability, and processing integrity of the systems the service organization uses to process users’ data, as well as the confidentiality and privacy of the information processed by these systems.
Informatica can make available a SOC 2 Type 2 report on the Informatica Cloud Hosting Service (ICHS) environment, the suitability of the design, and the operating effectiveness of controls over time. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.
Please contact your account rep for a copy of the report.
FedRAMP
Informatica has achieved a U.S. Government FedRAMP Moderate Level Authority To Operate (ATO) under the sponsorship of the Department of State for the Informatica Intelligent Cloud Services (IICS) platform. With this designation, government agencies can now leverage the industry-leading platform within the Government Cloud environment.
Check out our Intelligent Cloud Data Management for Government FedRAMP Requirements data sheet to find out more.
Ready to start your journey now? Contact our Informatica Federal team at fedramp@informatica.com and a member of our team will get back to you within 24 hours.
HIPAA / HITECH
Informatica’s information security program governing the ICHS environment has been examined by a qualified third party to determine if the system description is fairly presented and that the information security program governing the ICHS system conforms, as applicable, and is presented in accordance with the requirements of HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health).
The third party has produced a report documenting the process, along with its opinion. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.
Please contact your account rep for a copy of the report.
Privacy Shield
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
Informatica’s EU-U.S. Privacy Shield certification can be found here.
Data Protection Impact Assessments
Information about the privacy and security of Informatica’s iPaaS, software as a service, and data as a service offerings is available to help customers complete data protection impact assessments (DPIAs) under the EU General Data Protection Regulation (GDPR). This information does not constitute and should not be interpreted as legal advice.
Please contact your account rep for a copy of the report.
Salesforce.com App Exchange
AppExchange is Saleforce.com’s online application marketplace for third-party applications that run on the Salesforce Force.com platform. Informatica’s integration with Salesforce enables customers to easily integrate their Salesforce information with other applications and databases no matter if the source is on-premises, hybrid, or in the cloud.
Cloud Security Alliance
Informatica is a Cloud Service Provider and is one of the more than 80,000 individual Cloud Security Alliance (CSA) members worldwide. The CSA is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within cloud computing", and to provide education on the uses of cloud computing to help secure all other forms of computing.
