The Common Controls Framework (CCF) by Adobe is the foundational framework and backbone to our company-wide security compliance strategy. CCF is a comprehensive set of simple control requirements, aggregated, correlated, and rationalized from industry information security and privacy standards. Adobe has been able to use this framework to help us accelerate adoption of additional industry and regulatory standards across our products and services while maintaining our posture with existing compliance commitments.
During 2020, Adobe added two significant standards to its compliance regime across products: Service Organization Controls (SOC) 2 Confidentiality (in addition to already achieved Security and Availability) and ISO 22301:2019 (business continuity and resilience).
Our adherence to these new standards has been validated by our primary third-party auditor and official reports/certificates are available to customers via their Adobe Sales representatives. These new standards independently validate the efforts we have made to help ensure the confidentiality of the data and assets you entrust with us. They also certify that our policies, procedures, and infrastructure meet standards for resilience. These efforts also ensure our solutions are protected and available for our customers during this global COVID-19 pandemic and beyond. You can learn more about our overall efforts to prepare for and deal with this pandemic on the Adobe corporate blog.
Our team is committed to continuing to build trust in our products and services. We also believe in sharing the knowledge we gain solving hard security & compliance problems with the broader community. To that end we continue to offer a documented version of our Common Controls Framework (CCF) (now at version 4.0) available as open source. Over 6000 companies have downloaded this framework to help in their own compliance efforts. Compliance is an ongoing journey at Adobe and, as always, we thank all of our teams that work with us to help deliver enhanced confidence and trust for our customers.
Manager, Tech GRC