Sitecore Strengthens Security Posture for Regulated Industries

San Francisco, April 7, 2025 – Sitecore®, a global leader in digital experience software, today announced it has earned CyberVadis Cybersecurity Assessment gold medal for the company's security governance, proactive risk management, and commitment to protecting customers and partners. Sitecore undertook this assessment as a part of its commitment to meeting the security and data privacy standards set by healthcare, financial services, and other regulated industries.

Marketers at financial services organizations like Achmea, Acrisure, and First Abu Dhabi Bank and healthcare leaders including Arkansas Children’s Hospital, Bayer, New England Biolabs, NMDP (formerly the National Marrow Donor Program), and Northern California’s Western Health Advantage trust Sitecore to bring together AI, content, and digital experiences to engage customers and drive business

CyberVadis, a globally recognized cybersecurity assessment platform, conducts rigorous reviews to evaluate a company's data protection measures, network security, vulnerability management, and compliance with industry standards. Sitecore underwent a thorough evaluation by CyberVadis experts, demonstrating its adherence to industry best practices.

“This recognition is a testament to our collective efforts in building a resilient security framework, ensuring compliance with industry standards, and continuously improving our cybersecurity capabilities,” said Darren Cassidy, Chief Information Officer at Sitecore. “Further, it showcases the dedication and hard work of our security, GRC, and Data Protection teams in maintaining top-tier security and risk management. This reflects Sitecore’s ongoing commitment to meeting the industry’s highest standards for security and trust.”

Sitecore prioritizes the security and protection of customer data as a core responsibility. To uphold this commitment, the company maintains a comprehensive suite of certifications and security reports related to our Sitecore Products and Services. These include:

• Information Security Management System Certificates: ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019
• CSA STAR Certification regarding compliance with issues critical to cloud security
• Trusted Information Security Assessment Exchange (TISAX), a framework for information security tailored to the global automotive industry
• Health Insurance Portability and Accountability Act (HIPAA) readiness for all key products in Sitecore’s digital experience platform (DXP), supporting US healthcare customers
• Information Security Registered Assessors Program (IRAP), an Australian government initiative primarily used for assessing the security of systems and services handling Australian government data
• PCI DSS v4.0, a global security standard developed to protect payment card data
• EU-U.S. Data Privacy Framework
• UK Extension to the EU-U.S. Data Privacy Framework
• Swiss-U.S. Data Privacy Framework

For detailed information, please visit the Sitecore Legal Hub.

About Sitecore

Sitecore is a global leader in digital experience software, trusted by visionary brands like L’Oréal, Microsoft, and United Airlines to power their content lifecycle from content strategy to digital experience delivery. Our composable platform gives marketers and technologists the power to build together at global scale – harnessing content, data, personalization, and AI – to manage digital assets, create engaging content, understand customer intent, and deliver standout experiences across all touchpoints. Discover more at  sitecore.com.

Sitecore is a registered trademark of Sitecore Corporation A/S in the USA and other countries. All other brand names, product names or trademarks belong to their respective holders.

Media Contact :

Jessica Rampen
press@sitecore.com