Your security and compliance are our top priorities. Explore our comprehensive security policies, architecture, and certifications.
Review our comprehensive security and compliance documentation that meets SOC2 Type II equivalent standards. Our security framework includes detailed policies covering data governance, access controls, system monitoring, and incident response procedures.
Our Shared Responsibility Matrix clearly defines security obligations between Cloud Compliance and our customers, ensuring transparent accountability across all layers of our Salesforce-native applications. This documentation covers data protection, infrastructure security, application-level controls, and compliance monitoring.
Our Security & Compliance Policy Framework encompasses risk management protocols, regular security assessments, business continuity planning, and continuous monitoring procedures. All policies are regularly updated to align with evolving privacy regulations including GDPR, CCPA, and emerging data protection requirements.
All Cloud Compliance apps follow the rigorous Salesforce AppExchange Security Review process, which validates that our packages meet current best security practices and have no known vulnerabilities. This comprehensive review process combines automated security scanning with manual penetration testing conducted by Salesforce’s Product Security team.
Our applications undergo thorough security validation including code analysis, authentication testing, data handling verification, and integration security assessment. The AppExchange Security Review ensures our solutions maintain enterprise-grade security standards and can be safely deployed in production Salesforce environments.
This annual review process includes ongoing security monitoring, vulnerability assessments, and compliance with Salesforce’s strict security requirements. All security reviews are conducted by certified security professionals and include detailed documentation of our security architecture and controls.
Explore our technical security architecture documentation showing Cloud Compliance products are Salesforce native managed packages operating within the context of the Salesforce security model. No outbound calls are made by Cloud Compliance unless pre-configured for an exceptional use case and only with customer pre-approval.
Cloud Compliance APIs are invoked from external systems and authenticated via Salesforce security for API enabled user login only. All Cloud Compliance products operate within the context of the Salesforce security model. Cloud Compliance Apex APIs/Functions do NOT make any outbound call to an external system.
Checkmarx code scan is submitted for every release to AppExchange. Each release tests against 107 regression tests. An average of 214 hours per release is spent on testing. Version is controlled on a private GitHub repository with source code escrow via Codekeeper available.
