© 2016 ARPEDIO Solutions Aps All Rights Reserved
First of all it is important to re-iterate that ARPEDIO Sales and ARPEDIO Stakeholder Matrix are native Salesforce.com products and therefore approved for Salesforce for sale on the Salesforce.com Appexchange. This means that the app’s have gone through a detailed security process for acceptance and all the details can be found here Force.com security review.
The installation into customer environments are controlled as SFDC Managed package and can be installed, upgraded and uninstalled from the instance via the “Installed packages” functionality in Salesforce.
All customer data is stored and utilized in customer’s own SFDC instance.
See previous. And great efforts have been made to minimize the data storage needs.
As data only resides in the customer SFDC instance that is not an issue.
The App is a managed package and thus it takes advantages of all the features of a managed package. In addition user setup and user access control are controlled with standard SFDC access control, selected and managed by the system administrator. System admin will have access to template builder and other users will have access to only ARPEDIO data on objects that they would otherwise have access to with their SFDC user.
All of the security review documentation is public, but we do not have access to the specific review results around ARPEDIO. ARPEDIO gets an Approved or Rejected from SFDC. The app cannot be on Appexchange without being in approved stage. The links below should help understand the process:
OWASP Best Practices (linked from Requirements)
Security review is a periodic, pointintime review at an interval determined by salesforce.com (typically anywhere between 6 months 2 years). When partners upload a new package version to the AppExchange and attempt to associate it with their listing, we automatically run a source code analysis against the Force.com code to identify potential security vulnerabilities. If issues are identified, partners receive a report via email and are requested to address issues immediately.
SFDC reserve the right to conduct random security penetration tests on partner applications at any time. If they find that partners have deviated from the security standards and best practices, SFDC may remove their application from the Appexchange.
ARPEDIO has no outages in current lifetime but any customer issues are handled via tiered customer support with max. response times within 24 hrs. for standard severity issues. Depending on customer requirements SLA’s are negotiable
Depending on SLA’s but typically not since the app is running on customer environments on the SFDC instance.
Licenses and control of user accounts are handled via the functionality in “Installed packages”.
As all the customer data is stored and utilized in customer’s own SFDC instance, this is not an issue.
All the customer data is stored and utilized in customer’s own SFDC instance and encrypted as such.
All the customer data is stored and utilized in customer’s own SFDC instance.
If you have questions or comments please send them to us at firstname.lastname@example.org or contact us at: