Over the past couple of years, we have developed the Adobe Common Controls Framework (CCF), enabling our cloud products, services, platforms and operations to achieve compliance with various security certifications, standards, and regulations (SOC2, ISO, PCI, HIPAA, FedRAMP etc.). The CCF is a cornerstone of our company-wide security strategy. The framework has gained acceptance and visibility across our businesses leading to a growing roster of certifications.
Last week, Adobe Marketing Cloud became compliant with SOC2 -Type 1. This certification also enables our financial institution customers to comply with the Gramm-Leach Bliley Act (GLBA) requirements for using service providers.
In addition to SOC2 – Type 1, Adobe Experience Manager Managed Services (AEM MS) and Adobe Connect Managed Services (AC MS) have achieved compliance with ISO27001. AEM MS has also achieved compliance with HIPAA, now joining AC MS in this designation. This is in addition to the recently confirmed FedRAMP certification for both of these solutions, achieved in 2015.
During 2015, the Document Cloud eSign service implemented the CCF as well and became compliant with SOC2-Type 2, ISO27001, PCI, and HIPAA requirements. Please refer to the “Adobe Security and Privacy Certifications” white paper on Adobe.com for the most up-to-date information about our certifications across our products and services.
Over the past 3 years, we have made significant investments across the company to harmonize various security functions, compliance and governance processes, and technologies. These are major accomplishments and milestones for Adobe’s cloud services and products which will allow us to provide our customers with assurance that their data and applications are more secure.
We have also been out in the security and compliance community, talking with information security and compliance professionals about CCF. This has enabled further collaboration with industry peers in this area. This is a all part of our on-going commitment to help protect our customers and their data. We will update you in future posts on this blog as we achieve additional compliance milestones.
Sr. Director – Risk Advisory and Assurance