Security and PCI compliance overview

Updated on 20-October-2016 at 10:16 AM

Business Catalyst End of life announcement - find out more details.

Adobe Business Catalyst takes the security of your digital experiences seriously. This article will outline the various procedures and specifications in place to guarantee this.

Security white paper

The official white paper documentation that provides an overview of securtiy and compliancy can be downloaded here .

White paper overview

This white paper documentation outlines the following security related topics in relation to Business Catalyst:

  • The Adobe Security Organization
    Adobe coordinates all security efforts under the Chief Security Officer (CSO). This area of the document outlines the governance structure that falls under the CSO.
  • Adobe Secure Product Development
    The Adobe Secure Product Lifecycle is employed which involves a rigorous set of several hundred specific security activities.
  • Adobe Security Training
    Adobe conducts ongoing security training within development teams to enhance security knowledge throughout the company and improve the overall security of our products and services.
  • Adobe Business Catalyst Architecture
    Business Catalyst is fully hosted in Amazon Web Services (AWS) and it takes advantage of a large set of its products, as discussed in the white paper.
  • Level 1 PCI and DSS Compliance
    Business Catalyst undergoes annual PCI audits to obtain Level 1 PCI DSS compliant certification which is the highest tier of compliance.
  • Adobe Business Catalyst Authentication (Adobe ID)
    Adobe IDs are employed in order to authenticate a user. Adobe ID leverages a strong hash algorithm in combination with password salts and a large number of hash iterations. Furthermore, Adobe continually monitors Adobe ID accounts for unusual or anomalous account activity and evaluates this information tohelp quickly mitigate threats to the security of your Adobe ID account.
  • Adobe Risk & Vulnerability Management
    Adobe performs penetration testing with third-party vendors as well as incident reports in order to effectively respond to and mitigate newly discovered threats
  • Amazon Web Services (AWS)
    Customer data is stored in specific geographic locations that utilize secure network architecture. Automated monitoring systems are in place which help detect unusual or unauthorized activities.
  • AWS Data Center Physical and Environmental Controls
    AWS data centers utilize state‐of‐the‐art, innovative architectural and engineering approaches. Amazon applied its many years of experience designing, constructing, and operating its own large scale data centers to the AWS platform and infrastructure
  • Adobe Corporate Locations
    Adobe maintains offices around the world and implements the following processes and procedures company‐wide to protect the company against security threats
  • Adobe Employees
    Adobe maintains segmented development and production environments for Business Catalyst, using technical controls to limit network and application‐level access to live production systems.Employees have specific authorizations to access development and production systems. Employee background checks are performed, and upon termination an employee's access is revoked.
  • Customer Data Confidentiality
    Adobe always treats customer data as confidential. Adobe does not use or share the information collectedon behalf of a customer except as may be allowed in a contract with that customer and as set forth in the Adobe Terms of Use and the Adobe Privacy Policy.

Adobe Business Catalyst is PCI compliant

Business Catalyst is certified Level 1 PCI DSS compliant. This compliance extends to all online shops powered by Business Catalyst. Please take a look at this document for more details on this topic.

Security recommendations for processing payments

When collecting online payments on your site it is always recommended to take the measures described in this article in order to ensure your customers' payments are processed securely.

Sensitive data guidelines and Best Practices

As a best practice, Business Catalyst does not recommend storing sensitive personally identifiable data within the CRM. Please take a look at this article for a few best practices that will ensure the sensitive data processed will be kept safe.