// Trust & Security Report

    Adobe Inc. (Marketo Inc. subsidiary) logo

    Adobe Inc. (Marketo Inc. subsidiary)

    Adobe Marketo Engage is an enterprise marketing automation platform with core features for lead management, campaign orchestration, and analytics. Sub-products include Marketo Sales Connect, Marketo Sales Insight Actions, and Marketo Measure. Available in multiple pricing tiers with performance-based options.

    Certifications held

    10

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Adobe Creative Cloud for enterprise holds SOC 2–Type 2 (Security, Availability, & Confidentiality), and Marketo Engage is included within Adobe Experience Cloud which carries the same certifications.

    Verify on adobe.com
    SOC 3
    HELD

    Adobe Experience Cloud holds SOC 3 (Security, Availability, & Confidentiality) certification.

    Verify on adobe.com
    ISO 27001:2022
    HELD

    Adobe Experience Cloud has achieved ISO 27001:2022 certification.

    Verify on adobe.com
    ISO 27017:2015
    HELD

    Adobe Experience Cloud holds ISO 27017:2015 certification for cloud-specific security controls.

    Verify on adobe.com
    ISO 27018:2019
    HELD

    Adobe Experience Cloud holds ISO 27018:2019 certification for cloud-based personal data protection.

    Verify on adobe.com
    ISO 22301:2019
    HELD

    Adobe Experience Cloud has achieved ISO 22301:2019 certification for business continuity and disaster recovery.

    Verify on adobe.com
    ISO 9001:2015
    HELD

    Adobe Experience Cloud holds ISO 9001:2015 quality management certification.

    Verify on adobe.com
    GDPR
    HELD

    Marketo Engage offers tools to help comply with GDPR and supports data subject rights including Right to Access and Right to Erasure. A Data Processing Agreement (DPA) is available for customers.

    Verify on experienceleague.adobe.com
    CCPA (California Consumer Privacy Act)
    HELD

    Marketo Engage offers tools to help comply with CCPA and provides privacy controls for California residents.

    Verify on experienceleague.adobe.com
    HIPAA
    HELD

    Marketo Engage readily supports compliance with HIPAA through advanced tools and protections. However, all Add-ons are not HIPAA-ready and must not be used with data requiring additional HIPAA protections.

    Verify on nation.marketo.com
    > Show 3 unconfirmed / not-held certifications
    PCI DSS
    NOT CONFIRMED

    No public certification or evidence of PCI DSS compliance on vendor domain. Platform uses strong encryption (AES 256-bit at rest, TLS 1.2+ in transit) suitable for payment processing contexts, but no official PCI DSS attestation found.

    source: adobe.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification on vendor domain.

    source: adobe.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR certification on vendor domain.

    source: adobe.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region: United States, United Kingdom, The Netherlands, Australia; Canada data center in development. Customers can control data residency through existing governance controls.

    Adobe explicitly does not use customer data to train or fine-tune Azure OpenAI models. AI-generated outputs remain within the customer's Marketo Engage environment subject to existing residency, governance, and retention controls.

    // Security controls

    Encryption at Rest

    AES 256-bit encryption for all data stored in Marketo Engage

    adobe.com

    Encryption in Transit

    HTTPS with TLS 1.2 or greater for all data transmitted

    adobe.com

    Data Centers

    Enterprise-class data centers from top-tier cloud hosting providers with fully redundant power and environmental systems

    adobe.com

    Incident Response

    Adobe maintains an incident response program and security training for personnel

    adobe.com

    Business Continuity

    Business continuity and disaster recovery capabilities verified by ISO 22301:2019 certification

    adobe.com

    // Products & data scope

    Marketo Engage (Core)Marketing Automation

    data: Lead database, campaign performance data, customer engagement metrics

    Main product offering; available in multiple pricing tiers with performance-based options (Standard, Performance, Performance Plus)

    Marketo Sales ConnectSales Tools

    data: Sales activities, email engagement, call logging

    Includes GDPR-specific compliance card in Person Detail View; integrates with CRM systems

    Marketo Sales Insight ActionsSales Intelligence

    data: Sales engagement and account activity

    Supports GDPR compliance requirements for sales teams

    Marketo MeasureMarketing Attribution

    data: Attribution and revenue cycle analytics

    Separate security documentation available; tracks multi-touch attribution

    Marketo AIArtificial Intelligence

    data: Marketing automation workflows, lead data for AI-assisted operations

    Native agentic AI within Engage for automation tasks; does not train on customer data; supports lead list import, program validation, data normalization, and analytics

    // What to watch

    • HIPAA limitation: Add-ons are not HIPAA-ready and must not be used with PHI or HIPAA-regulated processes; core Marketo Engage is HIPAA-compliant but customers should verify add-on usage
    • Interactive Webinars feature: Customers cannot create, receive, maintain, or transmit PHI (Protected Health Information) in connection with Interactive Webinars events
    • PCI DSS: While Marketo uses strong encryption (AES 256-bit) suitable for payment processing contexts, no official PCI DSS certification is publicly listed; vendors in payment processing should verify PCI DSS readiness directly with Adobe
    • No AI governance certs: Despite having native AI features (Marketo AI), no ISO/IEC 42001 or CSA STAR AI certifications are publicly listed

    // At a glance

    Pricing model

    Subscription-based SaaS with multiple tiers; contact for pricing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Adobe Inc. (Marketo Inc. subsidiary)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    adobe.com

    > Browse all vendor trust reports