Product Security Measures
FinancialForce’s software development lifecycle incorporates a range of security measures, including:
- Code reviews designed to ensure adherence to FinancialForce development standards.
- Software security testing and code scanning to identify and address security vulnerabilities.
- Release reviews and approvals designed to ensure product releases comply with internal process requirements.
- Vulnerability testing and remediation for infrastructure and tools supporting our source code management platform.
- Development and changes to production application systems are authorized, tested, approved and documented.
Salesforce AppExchange Security Review
FinancialForce applications are submitted to Salesforce as part of the AppExchange Security Review process. Salesforce provides the AppExchange Security Review program to assess the security posture of ISV applications published on the AppExchange against industry best practices for security.
FinancialForce Financial Management applications include rigorous controls designed to ensure financial transactions are validated prior to posting and are not subsequently modified without a clear audit trail.
These application controls include:
- Comprehensive audit trails for transactions, master data modifications and security setup changes
- Multi-level approval processes for transactions and master file data changes
- Segregation of duties
- Granular control of company, object, record and field level access by role
Because FinancialForce applications are 100% Salesforce-native, all data processed by FinancialForce applications resides on the Salesforce cloud platform and is protected by the Salesforce platform’s redundancy and disaster recovery systems.