MuleSoft

ISO/IEC 27017:2015 cloud security certification (July 23, 2025) validating cloud-specific security controls and implementation guidance. Third-party audited certification covering cloud service provider security controls with annual surveillance audits ensuring cloud infrastructure protection.

ISO/IEC 27018:2019 cloud privacy certification (July 23, 2025) validating personal data protection in cloud services. Third-party audited certification covering privacy controls and data protection measures for cloud service providers with annual surveillance audits.

ISO/IEC 42001:2023 certification for AI management systems covering Salesforce AI Platform, Agentforce, and AI features (October 1, 2025). Validates comprehensive AI governance, risk management, ethical AI practices, and system reliability with annual surveillance audits for responsible AI deployment.

SOC 2 Type II attestation report (June 12, 2025) validating security, availability, processing integrity, confidentiality, and privacy controls over 12-month audit period. Independent evaluation of information security control environment for MuleSoft Cloud Offerings by certified public accountants.

Comprehensive Business Continuity Plan (August 11, 2025) ensuring continuous operations through documented recovery procedures, backup strategies, and tested incident response protocols. Enterprise resilience framework maintains service availability during disruptive events with regular testing validation.

Disaster recovery facilities geographically diverse from primary data centers with required hardware, software, and connectivity. Annual disaster recovery testing (August 11, 2025) validates failover and restoration capabilities from primary to secondary locations using operational and DR procedures.

Security incident management policies and procedures with notification protocols for unauthorized Customer Data disclosure. Incident Response Plan (May 1, 2025) establishes detection, analysis, containment, eradication, and recovery procedures with defined roles and post-incident review processes.

Comprehensive Data Processing Addendum establishing data processing terms, controller-processor responsibilities, Standard Contractual Clauses, and safeguards. Ensures GDPR compliance with EU/UK Binding Corporate Rules for Processors and Data Privacy Framework certifications (EU-US, UK, Swiss).

Multiple geographic data residency options across AWS regions including United States, Brazil, Canada, Australia, Japan, Singapore, South Korea, Germany, France, Ireland, Sweden, United Kingdom, and India. Customers can select region during setup or request migration to meet data sovereignty and compliance requirements.

HIPAA Business Associate Agreement support for handling Protected Health Information with technical and organizational safeguards. Implements breach notification procedures and regulatory compliance for healthcare data processing. HDS certification (June 17, 2025) enables hosting French health data on behalf of third parties.

Continuous monitoring for unauthorized intrusions by Salesforce or authorized independent third parties. Analyzes browser data (device type, OS version, browser version, installed plugins) for security purposes including fraud prevention and ensuring proper MuleSoft Cloud Offerings functionality.

PCI DSS Level 1 compliance as data storage entity validated by Qualified Security Assessor (December 17, 2024). Attestation of Compliance demonstrates adherence to Payment Card Industry Data Security Standards for secure credit card information handling. Credit card data must be encrypted on platform to benefit from AoC.

Transport Layer Security (TLS) required for all management plane services and available for runtime plane services. MuleSoft Cloud Offerings default to encrypted services with customer control over protocol and encryption for runtime applications. SSL/TLS encryption for credentials and session tokens in motion.

Annual independent security assessments including infrastructure vulnerability assessments and application security testing (most recent December 5, 2024). Third-party penetration testing validates security controls and identifies vulnerabilities before exploitation with detailed remediation guidance.