Certifications, Assessments, and Standards

Cloud transformations require customers to rely on CSPs that take security and compliance seriously - enable trust in transactions, ensure data accuracy and reliability, and support their IT controls. SOC 1, SOC 2, SOC 3 along with other industry certifications enable Informatica customers to deliver accurate financial reports confidently to alleviate any regulatory pressures.

Informatica is the most secure and trusted cloud data management provider. To protect and safeguard your data, we adhere to the key standards in your industries to significantly minimize risks and ensure strong, continuous compliance. We’ve listed below the certifications, assessments, and standards that select services comply with. You can also register to receive some of the independent reports on our compliance.

AICPA SOC 3® - SOC for Service Organizations

These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2® Report. Because they are general use reports, SOC 3® reports can be freely distributed.  

Print

AICPA SOC 1® - SOC for Service Organizations

These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to financial controls, operations, and IT and business processes that are tied to their financial reporting. Informatica has successfully achieved SOC 1 Type 2 compliance. This validates that our customers can effectively meet their financial reporting obligations with Informatica Intelligent Data Management Cloud (IDMC) controls. SOC 1 reports can only be distributed to existing customers and their auditors, not prospects. If a service organization’s clients have their financials audited, a SOC 1SM report gives those clients’ auditors assurance that proper controls are implemented, operational, and effective.

Please contact your account rep for a copy of the report.

AICPA SOC 2® - SOC for Service Organizations

The American Institute for Certified Public Accountants (AICPA) provides specifications for how service organizations report on the internal controls of the services they provide. The reports provide valuable information that users need to assess and address the risks associated with an outsourced service.

These reports are aimed at a broad range of users who require detailed information and assurance about the controls at a service organization. The information details the security, availability, and processing integrity of the systems the service organization uses to process users’ data, as well as the confidentiality and privacy of the information processed by these systems.

Informatica can make available a SOC 2 Type 2 report on the Informatica Cloud Hosting Service (ICHS) environment, the suitability of the design, and the operating effectiveness of controls over time. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.

Please contact your account rep for a copy of the report.

FedRAMP

Informatica has achieved a U.S. Government FedRAMP Moderate Level Authority To Operate (ATO) under the sponsorship of the Department of State for the Informatica Intelligent Cloud Services (IICS) platform. With this designation, government agencies can now leverage the industry-leading platform within the Government Cloud environment.

Check out our Intelligent Cloud Data Management for Government FedRAMP Requirements data sheet to find out more.

Ready to start your journey now? Contact our Informatica Federal team at fedramp@informatica.com and a member of our team will get back to you within 24 hours.

TX-RAMP

Informatica has achieved TX-RAMP Level 1 certification. The Texas Risk and Authorization Management Program provides a standardized approach for security assessment, certification, and continuous monitoring of cloud computing services that process the data of Texas state agencies.

HIPAA / HITECH 

Informatica’s information security program governing the ICHS environment has been examined by a qualified third party to determine if the system description is fairly presented and that the information security program governing the ICHS system conforms, as applicable, and is presented in accordance with the requirements of HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health).

The third party has produced a report documenting the process, along with its opinion. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.

Please contact your account rep for a copy of the report.

Data Privacy Framework Program

The EU-U.S. DPF and UK Extension to the EU-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, and UK Government to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, and United Kingdom while ensuring data protection that is consistent with EU and UK law.

Data Protection Impact Assessments

Information about the privacy and security of Informatica’s iPaaS, software as a service, and data as a service offerings is available to help customers complete data protection impact assessments (DPIAs) under the EU General Data Protection Regulation (GDPR). This information does not constitute and should not be interpreted as legal advice.

Please contact your account rep for a copy of the report.

Cyber Essentials

The UK Cyber Essentials (https://www.ncsc.gov.uk/cyberessentials/) Scheme was developed as part of the UK's National Cyber Security Programme. This scheme is mandatory for the UK central government contracts that involve handling personal data and providing certain ICT products and services. The UK Cyber Essentials Scheme is backed by the UK industry, including the Federation of Small Businesses, the CBI, and several insurance organizations offering incentives for businesses. 

You can validate this certificate via (https://iasme.co.uk/cyber-essentials/ncsc-certificate-search/) by typing Informatica Software Limited, or you can ask your Informatica account rep to share our Cyber Essential Basic Certificate. 

The certificate can be shared under a signed NDA or appropriate confidentiality language to be in place with Informatica.

Please contact your account rep for a copy of the above Certificate.

Cloud Security Alliance

Informatica is a CSA Trusted Cloud Provider and has a Level 1 CSA STAR assessment. The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It ultimately reduces complexity and helps alleviate the need to fill out multiple customer questionnaires.

You can view our submission here.