Trusted by the most highly regulated industries
For almost 30 years, our customers have trusted our ability to handle their data with care and respect. That’s why organizations from the most highly regulated sectors rely on us to protect their most sensitive information wherever work happens.
Policies and practices
Data processing addendum
The Citrix Data Processing Addendum describes the privacy practices that are applied to the personal information Citrix processes on behalf of our customers when providing Citrix cloud services, technical support services or consulting services.
Cloud Services Data Protection
The Citrix Cloud Services Data Protection resources provide information on data protection and security practices that apply to our cloud services.
List of sub-processors authorized to access personal data.
Schrems II and Citrix Services
How Schrems II impacts the use of Citrix services.
Brexit and Citrix Services
For information about Brexit and Citrix Services, please refer to this document.
Citrix has self-certified compliance with the EU-U.S. and Swiss-U.S. Swiss Privacy Shield frameworks.
Citrix Law Enforcement Requests Reports
Citrix publishes bi-annual reports about the number and types of requests it receives from law enforcement agencies for the disclosure of customer data. The most recent reports can be found here:
Citrix Workspace, which incorporates the Citrix Virtual Apps and Desktop Service, the Citrix Gateway Service (HDX Proxy), the Citrix Cloud Platform, and the Citrix Identity Service, achieved IRAP Compliance.
|Service||SOC2||ISO 27001||ISO 27701||HIPAA||PCI DSS
|Citrix Cloud Platform
|Citrix Identity Service||Type 2|
|Citrix Desktop as a Service||Type 2|
|Citrix Workspace Platform||Type 2||-|
|Citrix Endpoint Management||Type 2||-||-||-|
|Citrix Analytics Service||Type 2||-|
|Citrix Gateway Service||-||-||-||-||-||
|ShareFile||Type 2||ETC 2023||-||-|
|RightSignature (eSignature)||Type 2||ETC 2023||ETC 2023||-||-||-|
|Podio (including Workflows)||-||-||-||-||-||-||-|
|Application Delivery Management||ETC 2023||-||-|
The above information is subject to change, without notice, and should not be considered a commitment for Citrix product acquisitions for any forward looking items.
Additional compliance and certification documentation
Section 508 and WCAG 2.0
Accessibility and usability of Citrix products is a high-priority not only within our products but our Cloud and web assets as well.
Information security certification is key for many of our customers, that is evident in our FSTEK certification for the Russian government.
IRAP deployment guide
Deployment instructions for CVAD and Citrix Workspace to maintain IRAP compliance at the Protected Level
Citrix ADC MPX 14000-FIPS 11.1 Platinum Edition has passed both Interoperability and Cybersecurity certifications to remain on the Department of Defense Information Network Approved Products List (DoDIN APL).
Citrix Cloud Government
Citrix Cloud Government built directly on Microsoft Azure Government.
Export guidelines overview for Citrix products.
Business Continuity Overview
Information about the Citrix Business Continuity Program, which operates globally and spans across every line of business, with the goal of maintaining business-critical functions and services during and after disruptive events.
Security at Citrix: Vulnerability & Incident Response, Reporting and History
Information about how to report suspected vulnerabilities and incidents, how Citrix responds to and reports security issues, and incident history from the past three years.