Submit a question or request a demo.

=

Salesforce Platform Qualification

ROQMetrics > CSV  > Salesforce Platform Qualification

Salesforce Platform Qualification

Computer System Validation

Computerized system validation (CSV) is the documented process of assuring that a computerized system works as intended in a consistent manner. The validation process begins with the system requirements definition and continues until system retirement and in accordance with e-records regulatory retention rules.

If you are implementing a cloud-based GxP solution, one of the first things you will want to do is qualify the platform from three different perspectives (infrastructure, Network, and Application). This is no different then if you were qualifying an on-premise solution. The difference may be in how you go about it. The likelihood of auditing large and established cloud providers such as Salesforce is slim; however, Salesforce does provide plenty of information needed to qualify their platform for your intended use.

Getting Started

Start by going to trust.salesforce.com. Here you will find a wealth of information regarding system status, security, and compliance.

  • System Status – provides transparency around service availability and performance for Salesforce products
  • Security – provides a place to review best practices, training, and other resources available for the platform where security comes standard.
  • Compliance – provides trust and compliance documentation for each Salesforce service where compliance is engineered for the cloud.

Certifications & Documentation

Salesforce maintains a comprehensive set of compliance certifications and documentation (https://compliance.salesforce.com/en) that attests to validate their #1 value of trust, covering the following topics and more.

Risk Assessment

Although the infrastructure qualification activities have shifted to the cloud provider, the responsibility remains the same, and for this reason, it is essential to perform a risk assessment. A risk assessment is one of the tools that is used to identify the controls needed to avoid failures. In executing a risk assessment, possible malfunctions, subsequent damages, the probability of occurrence, potential severity, and actions to mitigate the risks are identified along with any residual risk.

Below are some risk areas to cover in the assessment. Keep in mind that existing documentation and certifications include these topics.

Infrastructure

  • Data Center Security
  • Backup and Disaster Recovery
  • Real-time Replication
  • Training
  • Change control
  • Periodic reviews
  • Incident Management
  • Decommissioning
  • Service Level Agreements

Network

  • HTTPS Encryption
  • Penetration Testing
  • Advanced Threat Detection
  • Secure Firewalls
  • IP Login Restrictions

Application

  • Identity & Single Sign-On
  • Password Policies
  • Two Factor Authentication
  • User Roles & Permissions
  • Field & Row Level Security

Want to learn more?

ROQMetrics, Inc,

701 E Santa Clara Street Suite 42, Ventura CA 93003

(877) – 221-0767

roqmetrics
No Comments

Post a Comment

Comment
Name
Email
Website