We are proud to announce that Salesforce Functions is certified as a PCI Level 1 Service Provider. Customers can now process payment card data and design their cardholder data environment (CDE) securely and at scale using Salesforce Functions. This is an important milestone in providing assurances to our customers that they can process and run highly compliant payloads using Functions.

Scaling trust with compliance

Trust is our #1 value at Salesforce. Developers from around the world entrust us with their sensitive data, and nothing is more important to us than honoring our custodial commitments to protecting this data. We know that compliance is an essential part of the customer trust journey, and we see compliance as the result of a steadfast focus on security and engineering excellence.

What is PCI?

The Payment Card Industry Data Security Standards (PCI DSS) is an information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AoC). Customers required to demonstrate PCI compliance for Salesforce Functions to their auditors can access and download a copy of this AoC on the Heroku Trust Compliance portal with their active Salesforce Services licenses or by reaching out to your account executive to nominate access.

Learn more

To learn more about our PCI program and other compliance and security programs, see the Salesforce Compliance page and the Salesforce Trust page.

About the author

Andre Soto is a Director of Product Management for Platform Elastic Services at Salesforce. His primary focus for the last few years has been working on security, compliance, and product management for Heroku.