Salesforce Developers Blog

Announcing PCI Certification for Salesforce Functions

Avatar for Andre SotoAndre Soto
We are proud to announce that Salesforce Functions is certified as a PCI Level 1 Service Provider. Customers can now process payment card data and design their cardholder data environment (CDE) securely and at scale using Salesforce Functions.
Announcing PCI Certification for Salesforce Functions
August 30, 2022
Listen to this article
0:00 / 0:00

We are proud to announce that Salesforce Functions is certified as a PCI Level 1 Service Provider. Customers can now process payment card data and design their cardholder data environment (CDE) securely and at scale using Salesforce Functions. This is an important milestone in providing assurances to our customers that they can process and run highly compliant payloads using Functions.

Scaling trust with compliance

Trust is our #1 value at Salesforce. Developers from around the world entrust us with their sensitive data, and nothing is more important to us than honoring our custodial commitments to protecting this data. We know that compliance is an essential part of the customer trust journey, and we see compliance as the result of a steadfast focus on security and engineering excellence.

What is PCI?

The Payment Card Industry Data Security Standards (PCI DSS) is an information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AoC). Customers required to demonstrate PCI compliance for Salesforce Functions to their auditors can access and download a copy of this AoC on the Heroku Trust Compliance portal with their active Salesforce Services licenses or by reaching out to your account executive to nominate access.

Learn more

To learn more about our PCI program and other compliance and security programs, see the Salesforce Compliance page and the Salesforce Trust page.

About the author

Andre Soto is a Director of Product Management for Platform Elastic Services at Salesforce. His primary focus for the last few years has been working on security, compliance, and product management for Heroku.

Andre Soto

More Blog Posts

Use Data Cloud Event Monitoring for Security, Performance, and Adoption

Use Data Cloud Event Monitoring for Security, Performance, and Adoption

Get started with event monitoring on Data Cloud by creating dashboards and reports to ensure your systems are secure and performing optimally.July 09, 2024

Introducing MCP Support Across Salesforce

Introducing MCP Support Across Salesforce

Model Context Protocol is revolutionizing how AI applications connect with tools and data, and Salesforce is at the forefront of this transformation.June 23, 2025