Salesforce Enterprise Resilience/BCP Summary

This document summarizes the Salesforce Enterprise Resilience framework, Business Continuity Planning (BCP) and Disaster Recovery (DR) programs maintained by Salesforce for its Cloud services. This framework encompasses various programs such as Risk Management, Business Continuity, Crisis Management, Third Party Risk Management, Cyber Resilience, Incident Response, and Disaster Recovery. Each program is managed and regularly reviewed to ensure alignment with industry standards and regulatory compliance. The Enterprise Resilience Board oversees these efforts, ensuring Salesforce can meet commercial, compliance, and operational needs. Specific measures include annual risk assessments, business continuity plans, crisis management teams, third-party risk evaluations, cyber resilience strategies, and a robust incident response system. The elements of the Salesforce Enterprise Resilience framework are verified by external auditors as part of our regular compliance audits. These audit reports and certifications are made available on our self-service compliance documentation portal.