Trusted by the most highly regulated industries

For almost 30 years, our customers have trusted our ability to handle their data with care and respect. That’s why organizations from the most highly regulated sectors rely on us to protect their most sensitive information wherever work happens.

Privacy

Policies and practices

Privacy policy
The Citrix privacy policy applies to the personal information we may obtain through our various online and offline channels, as well as from third-party sources, including business partners, ad networks and vendor properties.

Data processing addendum
The Citrix Data Processing Addendum describes the privacy practices that are applied to the personal information Citrix processes on behalf of our customers when providing Citrix cloud services, technical support services or consulting services.

Cloud Services Data Protection
The Citrix Cloud Services Data Protection resources provide information on data protection and security practices that apply to our cloud services.

GDPR

Solution architectures for the General Data Protection Regulation (GDPR)

Subprocessor list
List of sub-processors authorized to access personal data.

Brexit and Citrix Services
For information about Brexit and Citrix Services, please refer to this document.

Citrix Law Enforcement Requests Reports

Citrix publishes bi-annual reports about the number and types of requests it receives from law enforcement agencies for the disclosure of customer data. The most recent reports can be found here:

Certifications

Common Criteria

Citrix commitment to developing secure software is shown in our progress toward Common Criteria.

FIPS 140-2

View how Citrix complies with the Federal Information Processing Standard.

IRAP

Citrix Workspace, which incorporates the Citrix Virtual Apps and Desktop Service, the Citrix Gateway Service (HDX Proxy), the Citrix Cloud Platform, and the Citrix Identity Service, achieved IRAP Compliance.

SOC 2

SOC 2 reports show the controls that Citrix has in place as a service provider.

ISO

Citrix has products certified with internationally-recognized ISO/IEC standards.

HIPAA

Citrix Workspace and Citrix ShareFile for Healthcare safeguard protected health information under HIPAA and HITECH.

PCI

Payment Card Industry Data Security Standard (PCI DSS) Attestation of Compliance reports for various services where Citrix is a service provider.

Certifications

Service	SOC2	ISO 27001	ISO 27701	HIPAA	PCI DSS v3.2.1	IRAP	FedRAMP Moderate JAB Authorization
Citrix Products
Citrix Cloud Platform	Type 2						
Citrix Identity Service	Type 2						
Citrix Desktop as a Service	Type 2						
Citrix Workspace Platform	Type 2						-
Citrix Endpoint Management	Type 2			-	-	-	-
Citrix Analytics Service	Type 2						-
Citrix Gateway Service	-	-	-	-	-	 (HDX only)	-
ShareFile Products
ShareFile	Type 2				ETC 2023	-	-
RightSignature (eSignature)	Type 2	ETC 2023	ETC 2023		-	-	-
Podio (including Workflows)	-	-	-	-	-	-	-
NetScaler Products
Application Delivery Management	ETC 2023	-	-	-		-	-

The above information is subject to change, without notice, and should not be considered a commitment for Citrix product acquisitions for any forward looking items.

Additional compliance and certification documentation

Section 508 and WCAG 2.0
Accessibility and usability of Citrix products is a high-priority not only within our products but our Cloud and web assets as well.

DoDIN
Citrix ADC MPX 14000-FIPS 11.1 Platinum Edition has passed both Interoperability and Cybersecurity certifications to remain on the Department of Defense Information Network Approved Products List (DoDIN APL).

Citrix Cloud Government
Citrix Cloud Government built directly on Microsoft Azure Government.

Business Continuity Overview
Information about the Citrix Business Continuity Program, which operates globally and spans across every line of business, with the goal of maintaining business-critical functions and services during and after disruptive events.