Salesforce Heroku believes that great apps come from inspired and productive developers. That’s why we focus on providing a set of powerful capabilities that help developers bypass mundane tasks, remove friction, and automate processes.

At Salesforce, Trust is our number one value and empowered developers across the globe entrust sensitive customer data to Heroku. Today we are proud to announce compliance milestones for the Heroku Platform that validate the strength of our security best practices. We know that compliance is an essential component of the customer Trust journey and we see compliance as the byproduct of a relentless focus on security and engineering excellence.

• ISO 27001 Certification: Widely recognized and internationally accepted information security standard that specifies security management best practices and comprehensive security controls following ISO27002 best practices guidance.

• ISO 27017 Certification: A standard that provides additional guidance and implementation advice on information security aspects specific to cloud computing.

• ISO 27018 Certification: Establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with defined privacy principles for public cloud computing environments.

• SOC2 Type I Attestation: An independent examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability, and confidentiality of the information processed by the Heroku Platform as of a specified date.

The scope of these certifications include the Heroku Platform Runtimes (Common Runtime, Heroku Private Spaces, and Heroku Shield Private Spaces) and Heroku Data Services (Heroku Postgres, Heroku Redis, Apache Kafka on Heroku, and Heroku Connect).

These compliance achievements are industry agnostic and benefit all Heroku Customers (and your customers) by providing independent validation of the security controls and processes implemented by Heroku to protect Customer Data. These milestones expand upon our existing compliance program that has already demonstrated compliance for highly regulated data types such as PCI-DSS data (“credit card data”) and HIPAA data (“protected health information”).

You can find more information regarding this announcement by visiting Heroku’s Security, Privacy and Compliance DevCenter article.