The Adobe Common Controls Framework (CCF)

 

We believe that a sound compliance and risk management strategy is as important to the success of an organization as the company’s product strategy. Adobe demonstrates our commitment to security by implementing a range of important industry standards and complying with government regulations concerning the security and privacy of data. As new security standards and regulatory requirements are developed and adopted by the industry, Adobe reviews them and adopts those with relevance to our customers.

 

To support our ongoing compliance efforts, Adobe implemented an open-source framework of security processes and controls called the Common Controls Framework (CCF). CCF helps protect Adobe infrastructure, applications and services, as well as helps us comply with a number of industry-accepted best practices, standards, regulations and certifications. In creating the CCF, Adobe analyzed the criteria for the most common security certifications for cloud-based businesses and rationalized the more than 4,300 requirements down to Adobe-specific controls that map to 21 industry standards.

The Adobe Common Controls Framework. Get more information about this diagram in the accordion section below

Our Ongoing Efforts


Compliance is a continuous process that includes periodic internal audits, external assessments and continuous controls monitoring. Adobe is subjected to regular third-party audits and periodic reviews to ensure we consistently meet commitments. Adobe has also invested in developing an enterprise-wide governance, risk, and compliance (GRC) automation platform to help maintain an effective governance model for the compliance program. 

Open-source and Ready to Use


The Common Controls Framework (CCF) has been open sourced (now at version 5.0) to help the broader security and risk management community achieve their own compliance goals. We regularly update the framework as regulations evolve or new industry standards are integrated into our compliance regime. We invite you to use this framework to help accelerate and standardize your own ongoing compliance efforts. Download CCF today and we always welcome feedback on its development.