c07-trust-compliance-reports-3582

Certifications, Assessments, and Standards

To protect and safeguard your data, we adhere to the key standards in your industries. We’ve listed below the certifications, assessments, and standards that we comply with. You can also register to receive some of the independent reports on our compliance. 

AICPA SOC 3® - SOC for Service Organizations

soc-3-logo-trust-center

These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2® Report. Because they are general use reports, SOC 3® reports can be freely distributed.  

AICPA SOC 2® - SOC for Service Organizations

aicpa-soc-1-logo-trust-center

The American Institute for Certified Public Accountants (AICPA) provides specifications for how service organizations report on the internal controls of the services they provide. The reports provide valuable information that users need to assess and address the risks associated with an outsourced service.

These reports are aimed at a broad range of users who require detailed information and assurance about the controls at a service organization. The information details the security, availability, and processing integrity of the systems the service organization uses to process users’ data, as well as the confidentiality and privacy of the information processed by these systems.

Informatica can make available a SOC 2 Type 2 report on the Informatica Cloud Hosting Service (ICHS) environment, the suitability of the design, and the operating effectiveness of controls over time. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.

Please contact your account rep for a copy of the report.

HIPAA / HITECH 

hipaa-logo-trust-center

Informatica’s information security program governing the ICHS environment has been examined by a qualified third party to determine if the system description is fairly presented and that the information security program governing the ICHS system conforms, as applicable, and is presented in accordance with the requirements of HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health).

The third party has produced a report documenting the process, along with its opinion. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.

Please contact your account rep for a copy of the report.

Privacy Shield

privacy-shield-logo-trust-center

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. 

Informatica’s EU-U.S. Privacy Shield certification can be found here.

Salesforce.com App Exchange

salesforce-logo-trust-center

AppExchange is Saleforce.com’s online application marketplace for third-party applications that run on the Salesforce Force.com platform. Informatica’s integration with Salesforce enables customers to easily integrate their Salesforce information with other applications and databases no matter if the source is on-premises, hybrid, or in the cloud.

ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements

iso-logo-trust-center

The Informatica Information Security Management System (ISMS) is aligned with the ISO/IEC 27001:2013 standard. This family of standards helps organizations keep information assets secure. ISO/IEC 27001 is the best-known standard in the family providing requirements for an ISMS, which is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process. ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. 

Cloud Security Alliance

csa-logo-trust-center

Informatica is a Cloud Service Provider and is one of the more than 80,000 individual Cloud Security Alliance (CSA) members worldwide. The CSA is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within cloud computing", and to provide education on the uses of cloud computing to help secure all other forms of computing.