Trusted by the most highly regulated industries

For almost 30 years, our customers have trusted our ability to handle their data with care and respect. That’s why organizations from the most highly regulated sectors rely on us to protect their most sensitive information wherever work happens. 

Policies and practices

Privacy policy
The Citrix privacy policy applies to the personal information we may obtain through our various online and offline channels, as well as from third-party sources, including business partners, ad networks and vendor properties.

Data processing addendum
The Citrix Data Processing Addendum describes the privacy practices that are applied to the personal information Citrix processes on behalf of our customers when providing Citrix cloud services, technical support services or consulting services.

Cloud Services Data Protection
The Citrix Cloud Services Data Protection resources provide information on data protection and security practices that apply to our cloud services.


Solution architectures for the General Data Protection Regulation (GDPR)

Subprocessor list
List of sub-processors authorized to access personal data. 

Schrems II and Citrix Services
How Schrems II impacts the use of Citrix services.

Brexit and Citrix Services
For information about Brexit and Citrix Services, please refer to this document.

Privacy Shield
Citrix has self-certified compliance with the EU-U.S. and Swiss-U.S. Swiss Privacy Shield frameworks. 

Citrix Law Enforcement Requests Reports

Citrix publishes bi-annual reports about the number and types of requests it receives from law enforcement agencies for the disclosure of customer data. The most recent reports can be found here:

Common Criteria

Citrix commitment to developing secure software is shown in our progress toward Common Criteria.

FIPS 140-2

View how Citrix complies with the Federal Information Processing Standard.


Citrix Workspace, which incorporates the Citrix Virtual Apps and Desktop Service, the Citrix Gateway Service (HDX Proxy), the Citrix Cloud Platform, and the Citrix Identity Service, achieved IRAP Compliance.  


SOC 2 reports show the controls that Citrix has in place as a service provider. 


Citrix has products certified with internationally-recognized ISO/IEC standards.


Citrix Workspace and Citrix ShareFile for Healthcare safeguard protected health information under HIPAA and HITECH.


Payment Card Industry Data Security Standard (PCI DSS) Attestation of Compliance reports for various services where Citrix is a service provider.


Service SOC2 ISO 27001 ISO 27701 HIPAA PCI DSS
IRAP FedRAMP Moderate
JAB Authorization
Citrix Products
Citrix Cloud Platform
Type 2
Citrix Identity Service Type 2
Citrix Desktop as a Service Type 2
Citrix Workspace Platform Type 2   -
Citrix Endpoint Management Type 2 - - - -
Citrix Analytics Service Type 2 -
Citrix Gateway Service - - - - -
(HDX only)
ShareFile Products
ShareFile Type 2 ETC 2023 - -
RightSignature (eSignature) Type 2 ETC 2023 ETC 2023 - - -
Podio (including Workflows) - - - - - - -
NetScaler Products
Application Delivery Management ETC 2023 - - - - -

The above information is subject to change, without notice, and should not be considered a commitment for Citrix product acquisitions for any forward looking items.

Additional compliance and certification documentation

Section 508 and WCAG 2.0
Accessibility and usability of Citrix products is a high-priority not only within our products but our Cloud and web assets as well.

Information security certification is key for many of our customers, that is evident in our FSTEK certification for the Russian government.

IRAP deployment guide
Deployment instructions for CVAD and Citrix Workspace to maintain IRAP compliance at the Protected Level

Citrix ADC MPX 14000-FIPS 11.1 Platinum Edition has passed both Interoperability and Cybersecurity certifications to remain on the Department of Defense Information Network Approved Products List (DoDIN APL).

Citrix Cloud Government
Citrix Cloud Government built directly on Microsoft Azure Government.

Export guidelines overview for Citrix products.

Business Continuity Overview
Information about the Citrix Business Continuity Program, which operates globally and spans across every line of business, with the goal of maintaining business-critical functions and services during and after disruptive events.

Security at Citrix: Vulnerability & Incident Response, Reporting and History
Information about how to report suspected vulnerabilities and incidents, how Citrix responds to and reports security issues, and incident history from the past three years.