Security and Data Retention
Lane Four AppExchange Package
The Lane Four application is a “Marketplace” application as defined by the Salesforce.com MSA, which can be viewed in in its standard form entirety here. More specifically, the Lane Four application is considered a Non-Salesforce application as defined by section 5.2 and operates within the customer’s Salesforce instance.
The Lane Four application will NOT be considered an integrated application as defined in section 5.3 of the above referenced Salesforce MSA. This means no employees, contractors, or agents of Nuvem Inc. will have direct access to the data or information stored within the customers Salesforce application. Further, data and information will never be transmitted via any means to a system or computer server managed by Nuvem Inc. and no computer server or system controlled by Nuvem Inc. will have direct access to the customers computers, networks, or applications which includes but is not limited to Salesforce.com.
The only reason an agent of Nuvem Inc. would gain access to data stored in the customers Salesforce account, is if an authorized user of the customers Salesforce application explicitly provides this access. The effective operation of the Lane Four application does NOT require any agent of Nuvem Inc. to possess API, direct login or any kind of access to the customers data. Further, Nuvem Inc. encourages the customer to never provide this access to an agent of Nuvem Inc. and adhere to its own data access policies.
If an authorized agent of the customer chooses to provide an agent of Nuvem Inc. access to their Salesforce account, the following policies must be adhered to:
- The customer will NOT provide an existing user name and password to an agent of Nuvem Inc.
- The customer will NOT provision a new user account for an agent of Nuvem Inc.
- The customer, at it’s sole discretion, may give temporary access for a term of no more than 3 days via a Salesforce feature known as “Grant support login access”. This will give an agent of Nuvem Inc. the ability to view data and configuration, while preventing exporting or manipulation of data.
At the request of a customer, Nuvem Inc. will add the customer to high security list where the following protocols will be strictly adhered to:
- Opt-out of regular push upgrades, ensuring application upgrades can be reviewed for functionality and security approval.
- No agent of Nuvem Inc. will request the “Grant support login access” function to be extended for support purposes in an environment where personally identifiable or confidential information is stored.
- To provide system support, Nuvem Inc. agents will request the application log files which do not contain personally identifiable or confidential information to be exported. Support will then be offered via screen sharing type support activities and / or by being granted access to a Salesforce.com sandbox which contains no personally identifiable or confidential data.
Lane Four Consulting Services
Nuvem inc. is a boutique Toronto-based Salesforce consulting firm with over 150 clients, including publicly traded, high-growth and non-profit organizations. We focus on a managed services approach which integrates us into your team, ensuring the project is well planned, sprints are relevant to business need, and adoption is managed through rapid support.
We specialize in Salesforce and cloud tools, including the following types of activities:
- Managing large complex projects involving requirements management, custom development and integrations
- Supporting deployment and adoption through rapid support and week-to-week collaboration sessions
- Architecting and implementing cloud-based infrastructure projects
- Designing and implementing service-oriented integrations between critical systems including Salesforce.com
- Using code to automate deployments and achieve a continuous delivery model
- Using, understanding and implementing security models in tools like Salesforce.com
In the course of performing these services Nuvem Inc. will need access to client systems and infrastructure, below are policy and procedures all Nuvem Inc. consultants follow:
- Nuvem inc. will never remove or alter information stored in the clients instance of Salesforce.com. Security and access to the clients instance of Salesforce is governed by the clients signed agreement with Salesforce.com. Nuvem Inc. in no way alters or impacts the normal operation of Salesforce security and access protocols.
- Work on the above activities are fully insured through robust insurance coverage, insurance certificates can be provided on request.
- Access to production applications is at the sole discretion of the client, Nuvem inc. is able to perform the above activities in any of the following: 1. A sandbox environment which contains no customer or prospect data 2. A sandbox seeded with obfuscated customer or prospect data.
- Deployments of new code and configuration is done via a Salesforce feature called “Change Sets”, after the client is satisfied with the work product, a change set will be published for deployment, and any post deployment activity will be documented.
- If the client authorizes Nuvem Inc. to perform data manipulation activities such as data updates and de-duplication, Nuvem Inc. will be required to possess the data required to perform the data update. Nuvem limits the possession of this information to must have data only and commits to providing the client a copy of all processed files and destroying local copies.
- If the client grants Nuvem Inc. access to it’s production instance of Salesforce, Nuvem will be restricted to the user rights, permissions and data access granted by that user. Nuvem urges the client to only give the level of access compliant to internal data governance and system access policies-