Salesforce.org EMEA Limited

Salesforce.org Add-ons

Extending Salesforce services is easy with a host of powerful add-ons. Pre-integrated, adding extra functionality and services beyond the Salesforce platform is easy. The add-ons listed give you the extra capability, tools and capacity you need to configure your Salesforce service the way you want.

Features

  • Additional API calls
  • Web services API
  • Weekly export service
  • Identity connect
  • Additional scheduled analytics
  • Dynamic dashboards
  • Additional file storage
  • Sandboxes
  • Sales Cloud console
  • Workflow

Benefits

  • Scale the service to your organisation needs
  • Simple activation minimises disruption
  • Pre-integrated, rapidly add new capability

Pricing

£12 per instance per year

Service documents

G-Cloud 9

432426963480700

Salesforce.org EMEA Limited

Liam Mulligan

+353 1 256 1469

lmulligan@salesforce.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Access through web browser
  • Access through mobile app Salesforce1

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2 business days for included standard support, faster responses times possible with add-on support plans
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Voluntary Product Accessibility Template, or VPAT, to evaluate
Salesforce Lightning Experience design conformance with the accessibility standards under Act World Wide Web
Consortium’s Web Content Accessibility Guidelines
Onsite support Onsite support
Support levels 2 business days for included standard support, faster responses times possible with add-on support plans outlined under the Cloud Support framework.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online documentation and training available through Trailhead (https://trailhead.salesforce.com/)
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Several methods exist to export data from Salesforce.

Direct Export - Data can be exported directly into CSV (comma separated values) file, or Excel files with a button click. This can be done from either a standard or custom list view, or from a report. This is the most common method utilized by end users.
Excel Connector - Salesforce provide an Excel Connector to push and pull data from Excel to Salesforce and vice versa.
Salesforce API - Data can be exported to and from the system though our API at any time or via a number of built in features.
Salesforce Data Loader - The Salesforce Apex Data Loader is a free tool which is used specifically for importing/updating/exporting data in Salesforce.
Partner Tools - There are also many pre-integrated partner tools, some of which you may already own that may be leveraged. Examples of these include, but are not limited to, Informatica, Actian, CastIron, Boomi, etc.

We also offer a weekly export service (WES) for those customers requiring a local backup copy of their data or a data set for import into other applications (such as an ERP system).
End-of-contract process Upon contract termination with Salesforce, the customer's data on disk is flagged within the database and set to inactive status or what can be referred to as a "soft delete." This data is no longer available or accessible to the application but is backed up in the full database backup process. The data remains in this state for 180 days; this is done in the event that the customer decides to resume services or needs the data for a legal reason. At 180 days, the data is marked for deletion ("hard delete") and will be deleted after 30 more days. Once this "hard delete" is executed the customer data is physically deleted and unrecoverable from the database. Following the purge, the data will remain on backup for an additional 90 days prior to being unrecoverable from backup media and deleted/overwritten.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service User can access Salesforce through a responsive website or through a dedicated mobile app, with all of the features of desktop viewing available
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Voluntary Product Accessibility Template, or VPAT, to evaluate
Salesforce Lightning Experience design conformance with the accessibility standards under Act World Wide Web
Consortium’s Web Content Accessibility Guidelines
API Yes
What users can and can't do using the API RESTful & SOAP APIs, Bulk & Streaming APIs
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Salesforce platform can be customised to your needs by changing record and field names or through extensions available on the AppExchange

Scaling

Scaling
Independence of resources Assured by independent testing of implementation

Analytics

Analytics
Service usage metrics Yes
Metrics types Reporting is a key component of Salesforce
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller (no extras)
Organisation whose services are being resold Salesforce.com

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Direct export in csv or Excel files.
Excel Connector.
Salesforce API.
Partner tools.
Weekly export service
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The Salesforce Services is designed with the concept of continuous improvement and Trust (e.g. Availability, Performance and Security) in the infrastructure. Salesforce uses commercially reasonable efforts to make its on-demand services available to its customers 24/7, except for planned downtime, for which Salesforce gives customers prior notice, and force majeure events.
Approach to resilience Alesforce’s service delivery architecture includes comprehensive failover capabilities and encompasses multiple layers of the stack (hardware, database, web tier, app tier), physical infrastructure (UPS, communication lines to the data centers, heating/cooling, fire suppression) and network infrastructure. Salesforce’s data centers and processes are ISO27001 certified and audited against the SSAE16 SOC1 standard.
Outage reporting When maintenance is scheduled, Salesforce publishes the dates and times of the maintenance windows on trust.salesforce.com which show a forward 12-month view of the maintenance windows Salesforce plans to take.
For unplanned outages email alerts are sent to customers within 10 minutes of the outage and every 30 minutes during the outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels To enable users to do their job without exposing data that they do not need to see, Salesforce provides a flexible, layered sharing design that allows you to expose different data sets to different sets of users. All users and application-level security are defined and maintained by the organization administrator, and not by Salesforce. The organization administrator is appointed by the customer. An organization's sharing model sets the default access that users have to each other's data.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 TBC
ISO/IEC 27001 accreditation date TBC
What the ISO/IEC 27001 doesn’t cover TBC
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 02/02/2017
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover TBC
PCI certification Yes
Who accredited the PCI DSS certification TBC
PCI DSS accreditation date TBC
What the PCI DSS doesn’t cover TBC
Other security accreditations Yes
Any other security accreditations
  • SOC 1 Type II (SSAE 16 Report - Previously SAS70)
  • SOC 1 Type II (SSAE 16 Report - Previously SAS70)
  • SOC 3 (formerly SysTrust)
  • ISO 27018

Security governance

Security governance
Named board-level person responsible for service security No
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Salesforce seeks third-party validation of its security protocols including ISO 27001 and 27018, PCI-DSS, FedRAMP, and SOC 1 (SSAE16) and SOC 2 Type II audits.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Changes are reviewed and approved by Technical Operations management prior to deployment to production. System changes and maintenance are managed using an internal case tracking system. Vendor-supplied OS, application, and networking patches are evaluated by systems administrators, tested on internal systems, and are deployed by Technical Operations during announced maintenance periods.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Salesforce implements a multipronged approach to ensure the software we release is secure. From initial ideas to release, we deploy several tools and processes in this regard. Specifically, we perform the following tasks to assure security in the development lifecycle. - Architecture Reviews, Source Code Control, Development, Quality Assurance, Product Security
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Overall system monitoring is provided by a variety of tools. All monitoring alerts are aggregated and monitored by Site Reliability (SR). Alerts such as configuration changes from network devices, server state changes, and other events can be correlated to indicate root cause. The dynamic model capability also allows the customization of the monitoring tool to mimic Salesforce Service's hardware/software configuration. Salesforce has built extensive monitoring and instrumentation into the application itself, so that the application can accurately report its health and performance to the systems engineers, network operations staff, QA personnel, and developers.
Incident management type Supplier-defined controls
Incident management approach Salesforce has a formal Incident Management Process that guides the Salesforce Computer Security Incident Response team (CSIRT) in investigation, management, communication, and resolution activities. Salesforce will promptly notify the Customer in the event of any security breach of the Services resulting in an actual or reasonably suspected unauthorized disclosure of customer data. Notification may include phone contact by Salesforce Support, email to the customer's administrator and Security Contact (if submitted by customer), and public posting on trust.salesforce.com.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £12 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A 1 week free trial is available
Link to free trial http://www.salesforce.org/nonprofit/power-of-us/

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑