This document outlines the information security policies, practices, and procedures for OKRify, a 100% native Salesforce application built on the secure and reliable Salesforce Lightning Platform.
1. Overview
OKRify is a native Salesforce application designed to help organizations manage Objectives and Key Results (OKRs), Run Meetings, Gamification and Performance Management. This Information Security Policy outlines the security framework, processes, and controls implemented by OKRify to ensure the confidentiality, integrity, and availability of customer data. As a native Salesforce application, OKRify leverages Salesforce’s robust security features and adheres to industry-leading best practices to mitigate risks.
2. Scope
This document applies to all components of the OKRify application, its associated data processing, and the environments where it operates, including:
- Data stored on Salesforce.
- Processes related to application usage, maintenance, and updates.
3. Security Principles
OKRify adheres to Salesforce’s shared responsibility model, which defines the division of security responsibilities:
- Salesforce is responsible for securing its infrastructure, network, and core platform services.
- OKRify is responsible for securing the application, its configurations, and customer data handled by the app.
- Customers are responsible for user access, permissions, and ensuring secure configurations of their Salesforce org.
4. Data Security
- All data within Salesforce, including OKRify data, is encrypted at rest using Salesforce Shield Platform Encryption.
- OKRify leverages Salesforce's infrastructure, which adheres to data residency requirements depending on the customer’s region.
- OKRify enforces role-based access controls (RBAC) by leveraging Salesforce’s native sharing rules and permissions.
5. Authentication and Authorization
- OKRify supports Salesforce’s authentication mechanisms, including multi-factor authentication (MFA).
- Integration with Single Sign-On (SSO) is supported, ensuring secure user access.
- OKRify employs Salesforce’s robust user profiles, permission sets, and sharing settings to enforce least-privilege access.
6. Vulnerability Management
- OKRify conducts periodic vulnerability scans of the application using Salesforce security tools.
- Vulnerabilities are prioritized and remediated based on their severity.
- Developers follow secure coding guidelines and perform code reviews before deployment.
- OKRify’s release cycles include rigorous testing for security flaws, including penetration testing.
7. Incident Response
- OKRify monitors Salesforce’s Trust Status for platform-related incidents.
- Application-specific logs are regularly reviewed for suspicious activity.
- Security incidents are handled as per an Incident Response Plan (IRP) that includes:
- Incident detection and verification.
- Impact analysis and containment.
- Resolution and recovery.
- Post-incident review and root cause analysis.
8. Compliance and Certifications
- OKRify is a fully native Salesforce application, built entirely on the Salesforce Lightning Platform—the same secure and robust infrastructure that powers Salesforce. As a native app, OKRify benefits from real-time data processing, exceptional accuracy, and top-tier data security, with customer data remaining securely within the Salesforce environment, eliminating risks associated with external data handling. By leveraging Salesforce's advanced security framework—including encryption, multi-factor authentication, and role-based access controls—OKRify inherits rigorous global certifications such as ISO 27001/27017/27018, SOC 1/2/3, HIPAA, PCI DSS, and FedRAMP. These certifications ensure compliance with stringent data privacy regulations, including GDPR and CCPA, while delivering unparalleled reliability, speed, and security.
Check below link for more information on Salesforce compliance certifications
9. Backup and Disaster Recovery
- OKRify leverages Salesforce’s built-in data backup and disaster recovery mechanisms.
- Daily backups are maintained by Salesforce, and OKRify recommends customers use Salesforce-native or third-party backup tools for additional redundancy.
10. Training and Awareness
- OKRify’s team undergoes regular security training, including Salesforce-specific security best practices.
- Security awareness programs ensure developers and support staff are familiar with potential threats and mitigation strategies.
11. Customer Responsibilities
Customers are encouraged to:
- Enable MFA for all Salesforce users.
- Restrict access to OKRify using profiles and permission sets.
- Regularly review user access and audit logs.
12. Review and Updates
This policy is reviewed annually or whenever significant changes are made to OKRify or Salesforce’s security model. Updates are communicated to all stakeholders to ensure continued compliance and awareness.
13. Contact Information
For security-related inquiries or to report a vulnerability, contact the OKRify security team at:
Email: [email protected]
This Information Security Policy ensures OKRify is committed to delivering a secure, reliable application for its customers while leveraging Salesforce’s powerful security framework.
