Certifications, Assessments, and Standards
To protect and safeguard your data, we adhere to the key standards in your industries. We’ve listed below the certifications, assessments, and standards that we comply with. You can also register to receive some of the independent reports on our compliance.
AICPA SOC 3® - SOC for Service Organizations
These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2® Report. Because they are general use reports, SOC 3® reports can be freely distributed.
AICPA SOC 2® - SOC for Service Organizations
The American Institute for Certified Public Accountants (AICPA) provides specifications for how service organizations report on the internal controls of the services they provide. The reports provide valuable information that users need to assess and address the risks associated with an outsourced service.
These reports are aimed at a broad range of users who require detailed information and assurance about the controls at a service organization. The information details the security, availability, and processing integrity of the systems the service organization uses to process users’ data, as well as the confidentiality and privacy of the information processed by these systems.
Informatica can make available a SOC 2 Type 2 report on the Informatica Cloud Hosting Service (ICHS) environment, the suitability of the design, and the operating effectiveness of controls over time. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.
Please contact your account rep for a copy of the report.
HIPAA / HITECH
Informatica’s information security program governing the ICHS environment has been examined by a qualified third party to determine if the system description is fairly presented and that the information security program governing the ICHS system conforms, as applicable, and is presented in accordance with the requirements of HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health).
The third party has produced a report documenting the process, along with its opinion. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.
Please contact your account rep for a copy of the report.
Privacy Shield
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
Informatica’s EU-U.S. Privacy Shield certification can be found here.
Data Protection Impact Assessments
Information about the privacy and security of Informatica’s iPaaS, software as a service, and data as a service offerings is available to help customers complete data protection impact assessments (DPIAs) under the EU General Data Protection Regulation (GDPR). This information does not constitute and should not be interpreted as legal advice.
Please contact your account rep for a copy of the report.
Salesforce.com App Exchange
AppExchange is Saleforce.com’s online application marketplace for third-party applications that run on the Salesforce Force.com platform. Informatica’s integration with Salesforce enables customers to easily integrate their Salesforce information with other applications and databases no matter if the source is on-premises, hybrid, or in the cloud.
Cloud Security Alliance
Informatica is a Cloud Service Provider and is one of the more than 80,000 individual Cloud Security Alliance (CSA) members worldwide. The CSA is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within cloud computing", and to provide education on the uses of cloud computing to help secure all other forms of computing.
