Laserfiche WebLink
SOLICITATION # CH16012 <br />Salesforce protects customer data by ensuring that only authorized users can access it. <br />Administrators assign data security rules that determine which data users can access. Sharing <br />models define company -wide defaults and data access based on a role hierarchy. All data is <br />encrypted in transfer. All access is governed by strict password security policies. All passwords <br />are stored in SHA 256 one-way hash format. Applications are continually monitored for security <br />violation attempts. <br />Protection at the facilities level <br />Salesforce security standards are stringent and designed with demanding customers in mind, <br />including the world's most security -conscious financial institutions. Authorized personnel must <br />pass through five levels of biometric scanning to reach the Salesforce system cages. All buildings <br />are completely anonymous, with bullet -resistant exterior walls and embassy -grade concrete posts <br />and planters around the perimeter. All exterior entrances feature silent alarm systems that notify <br />law enforcement in the event of suspicion or intrusion. Data is backed up to disk or tape. These <br />backups provide a second level of physical protection. Neither disks nor tapes ever leave the data <br />center. <br />Protection at the network level <br />Multilevel security products from leading security vendors and proven security practices ensure <br />network security. To prevent malicious attacks through unmonitored ports, external firewalls allow <br />only http and https traffic on ports 80 and 443, along with ICMP traffic. Switches ensure that the <br />network complies with the RFC 1918 standard, and address translation technologies further <br />enhance network security. IDS sensors protect all network segments. Internal software systems <br />are protected by two -factor authentication, along with the extensive use of technology that controls <br />points of entry. All networks are certified through third -party vulnerability assessment programs. <br />Secure Data Centers <br />Data centers provide only power, environmental controls, and physical security. Salesforce <br />employees manage all other aspects of the service at the data centers. Colocation data center <br />personnel do not have network or logon access to the Salesforce systems. Colocation personnel <br />have physical access to the <br />Salesforce secure server room in the event of an emergency, but do not have keys to the <br />individual racks containing hardware. Data centers maintain a common baseline of physical and <br />environmental controls across data centers. <br />The exterior perimeter of each anonymous data center building is bullet resistant, has concrete <br />vehicle barriers, closed-circuit television coverage, alarm systems, and manned 24/7 guard <br />stations that together help defend against non -entrance attack points. Inside each building, <br />multiple biometric scans and guards limit access through interior doors and to the Salesforce <br />secure rooms at all times. <br />Access to Salesforce's secure server rooms in the datacenter is authorized based on position or <br />role. Additional access controls enforced by an electronic key box are implemented for the <br />dedicated Salesforce Government Cloud racks to ensure that access is limited to Qualified U.S. <br />Citizens. Salesforce has an established process to review data center access logs to the server <br />room. Additionally, an at <br />least annual assessment of the data center is performed to ensure the data centers are meeting <br />Salesforce's security control requirements. <br />In addition to securing the data center locations, it is critical that the data center facilities maintain <br />robust critical infrastructure to support Salesforce through the following services: <br />carahsoft <br />61 <br />carahsoft <br />