BY USE CASE
Secure Distributed Work
Boost Productivity
BY INDUSTRY
Trusted by the most highly regulated industries
For almost 30 years, our customers have trusted our ability to handle their data with care and respect. That’s why organizations from the most highly regulated sectors rely on us to protect their most sensitive information wherever work happens.
Policies and practices
Privacy policy
The Citrix privacy policy applies to the personal information we may obtain through our various online and offline channels, as well as from third-party sources, including business partners, ad networks and vendor properties.
Data processing addendum
The Citrix Data Processing Addendum describes the privacy practices that are applied to the personal information Citrix processes on behalf of our customers when providing Citrix cloud services, technical support services or consulting services.
Cloud Services Data Protection
The Citrix Cloud Services Data Protection resources provide information on data protection and security practices that apply to our cloud services.
GDPR
GDPR FAQ
Solution architectures for the General Data Protection Regulation (GDPR)
Subprocessor list
List of sub-processors authorized to access personal data.
Schrems II and Citrix Services
How Schrems II impacts the use of Citrix services.
Brexit and Citrix Services
For information about Brexit and Citrix Services, please refer to this document.
Privacy Shield
Citrix has self-certified compliance with the EU-U.S. and Swiss-U.S. Swiss Privacy Shield frameworks.
Citrix Law Enforcement Requests Reports
Citrix publishes bi-annual reports about the number and types of requests it receives from law enforcement agencies for the disclosure of customer data. The most recent reports can be found here:
Citrix commitment to developing secure software is shown in our progress toward Common Criteria.
View how Citrix complies with the Federal Information Processing Standard.
Citrix Workspace, which incorporates the Citrix Virtual Apps and Desktop Service, the Citrix Gateway Service (HDX Proxy), the Citrix Cloud Platform, and the Citrix Identity Service, achieved IRAP Compliance.
Payment Card Industry Data Security Standard (PCI DSS) Attestation of Compliance reports for various services where Citrix is a service provider.
Certifications
| Service | SOC2 | ISO 27001 | ISO 27701 | HIPAA | PCI DSS v3.2.1 |
IRAP | FedRAMP Moderate JAB Authorization |
| Citrix Products | |||||||
|---|---|---|---|---|---|---|---|
| Citrix Cloud Platform |
Type 2 | ||||||
| Citrix Identity Service | Type 2 | ||||||
| Citrix Desktop as a Service | Type 2 | ||||||
| Citrix Workspace Platform | Type 2 | - | |||||
| Citrix Workspace Environment Management | - | - | - | - | - | - | |
| Citrix Endpoint Management | Type 2 | - | - | - | |||
| Citrix Analytics Service | Type 2 | - | - | ||||
| Citrix Gateway Service | - | - | - | - | - | (HDX only) |
- |
| ShareFile Products | |||||||
| ShareFile | Type 2 | ETC 2023 | - | - | |||
| RightSignature (eSignature) | Type 2 | ETC 2023 | ETC 2023 | - | - | - | |
| Podio (including Workflows) | - | - | - | - | - | - | - |
| NetScaler Products | |||||||
| Application Delivery Management | ETC 2023 | - | - | ||||
The above information is subject to change, without notice, and should not be considered a commitment for Citrix product acquisitions for any forward looking items.
Additional compliance and certification documentation
Section 508 and WCAG 2.0
Accessibility and usability of Citrix products is a high-priority not only within our products but our Cloud and web assets as well.
FSTEK
Information security certification is key for many of our customers, that is evident in our FSTEK certification for the Russian government.
IRAP deployment guide
Deployment instructions for CVAD and Citrix Workspace to maintain IRAP compliance at the Protected Level
DoDIN
Citrix ADC MPX 14000-FIPS 11.1 Platinum Edition has passed both Interoperability and Cybersecurity certifications to remain on the Department of Defense Information Network Approved Products List (DoDIN APL).
Citrix Cloud Government
Citrix Cloud Government built directly on Microsoft Azure Government.
Export
Export guidelines overview for Citrix products.
Business Continuity Overview
Information about the Citrix Business Continuity Program, which operates globally and spans across every line of business, with the goal of maintaining business-critical functions and services during and after disruptive events.
Security at Citrix: Vulnerability & Incident Response, Reporting and History
Information about how to report suspected vulnerabilities and incidents, how Citrix responds to and reports security issues, and incident history from the past three years.