Data storage and processing security
The software development lifecycle includes strict compliance with code review practices, automated and manual testing techniques, static and dynamic code analysis tools, and so on. We also turn to third-party security companies for regular vulnerability scanning.
Multiple controls ensure that there is no single point of failure – from disaster recovery plans for critical software and program components to proximity of the facilities to local police and fire/emergency services. The exterior walls of data centers are bullet resistant. To provide further security protection, the facility perimeter is surrounded by concrete bollards and other barriers. All data centers are equipped with minimum 48 hours onsite fuel supply for back-up power supply systems and standing contracts with fuel suppliers.
We apply multiple software, hardware and administrative measures to prevent unsanctioned physical or electronic access to Salesforce infrastructure. Only authorized persons can have physical access to the software and hardware infrastructure. All developers receive secure coding trainings and at least one annual disaster-recovery exercise.
Salesforce platform allows for enhanced security by customer’s choice, including two-factor authentication, IP-address restrictions, time of day restrictions, additional customer data encryption and many other features.
Compliance to federal law #152
To comply with the Federal Law #152 “On Personal Data” we intend to work with Ciphercloud (http://www.ciphercloud.com), a reliable supplier of a box solution for initial processing and storage of personal data in the territory of the Russian Federation. Ciphercloud is fully integrated with Salesforce platform and is successfully implemented by international companies.