SalesforceSalesforce / Trust

Security Perspective on the Shared Responsibility Model

Understanding the shared responsibility model between Salesforce and our customers/partners is an important concept. Trust is our #1 core value and as a data processor we implement robust security and privacy measures to protect the confidentiality, integrity and availability of our customer data. It is equally important for our customers to understand and review the capabilities available to them and secure their instance of Salesforce to meet their security, contractual and regulatory obligations. This whitepaper is aimed to assist customers in understanding the partnership model from a security and compliance roles and responsibilities perspective.

Files

Available versions for download

Reporting Start DateReporting End DateUpdated OnNotesActions
2023-07-24-2023-07-24-
Login to download

Services covered

Services related to this document

Agentforce & Einstein Platform

Agentforce & Einstein Platform

Applicable to the services and features branded as: Agentforce (collectively, “Agentforce”) which includes the following features: Agentforce Assistant, Agentforce Sales Coach, Agentforce SDR, Agent

B2C Commerce / Commerce Cloud (First Party)

B2C Commerce / Commerce Cloud (First Party)

Applicable to the services branded as B2C Commerce/Commerce Cloud on First Party Data Centers

B2C Commerce / Commerce Cloud (Hyperforce)

B2C Commerce / Commerce Cloud (Hyperforce)

Applicable to the services branded as B2C Commerce/Commerce Cloud on Hyperforce

Data Cloud

Data Cloud

Applicable to the services branded as Data Cloud, Customer Data Cloud (aka Salesforce Data Cloud), or Customer Data Platform (formerly branded as Salesforce CDP).

General (not service specific)

General (not service specific)

Applicable to Salesforce as an entity without the context of a specific service (Corporate Services)

Government Cloud Plus

Government Cloud Plus

Please note that some documents listed below are specific to FedRAMP-authorized environments and therefore cannot be downloaded directly from this site. If you click on the document links you will see

Government Cloud Plus - Defense

Government Cloud Plus - Defense

Applicable only to the environment branded and sold as Government Cloud Plus - Defense. Government Cloud Plus - Defense is a physically isolated, dedicated instance of Salesforce’s Platform as a Serv

Heroku

Heroku

Applicable to the services branded as Heroku.

Marketing Cloud - Account Engagement

Marketing Cloud - Account Engagement

Applicable to the services branded as Marketing Cloud Account Engagement (formerly branded as Pardot).

Marketing Cloud - Advertising

Marketing Cloud - Advertising

Applicable to the services branded as Marketing Cloud - Advertising

Marketing Cloud - Advertising

Marketing Cloud - Advertising

Applicable to the services branded as Marketing Cloud - Advertising

Marketing Cloud - Engagement (First Party)

Marketing Cloud - Engagement (First Party)

Applicable to the services branded as Marketing Cloud - Engagement

Marketing Cloud - Engagement (Hyperforce)

Marketing Cloud - Engagement (Hyperforce)

Applicable to the services branded as Marketing Cloud - Engagement

Marketing Cloud - Growth

Marketing Cloud - Growth

Applicable to the services branded as Marketing Cloud - Growth

Marketing Cloud - Intelligence

Marketing Cloud - Intelligence

Applicable to the services branded as Marketing Cloud - Intelligence

Marketing Cloud - Personalization

Marketing Cloud - Personalization

Applicable to the services branded as Marketing Cloud - Personalization

MuleSoft

MuleSoft

Applicable to the services branded as MuleSoft or the Anypoint Platform (MuleSoft Services).

MuleSoft Government Cloud

MuleSoft Government Cloud

Applicable only to the services branded as MuleSoft Government Cloud. The MuleSoft Government Cloud is a secure, FedRAMP-compliant deployment environment that enables U.S. Government agencies to use t

Own by Salesforce

Own by Salesforce

Applicable to the services branded as Own by Salesforce (formerly known as OwnCompany Inc.) which include: Backup & Recovery - Automated backups with rapid, stress-free recovery options. Data Securit

Quip

Quip

Applicable to the services branded as Quip

Sales Enablement

Sales Enablement

Applicable to the services branded as Sales Enablement (formerly branded as myTrailhead)

Salesforce Professional Services

Salesforce Professional Services

Applicable to professional services performed by SFDC, its Affiliates, or its or their respective permitted subcontractors under an SOW or Order Form, including the provision of any Deliverables speci

Salesforce Services (First Party)

Salesforce Services (First Party)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Rela

Salesforce Services (Hyperforce)

Salesforce Services (Hyperforce)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter, Consumer Good Cloud, Customer 360 Audiences (Salesforce UCI Org SPARC), Database.com, Einstein Rela

Slack

Slack

Applicable to the services branded as Slack.

Slack (GovSlack)

Slack (GovSlack)

Applicable only to the environment branded and sold as GovSlack. GovSlack is a dedicated instance of Slack designed to support key government regulations for processing and storing sensitive data. Wi

Tableau Cloud

Tableau Cloud

Applicable to the services branded as Tableau Cloud

Tableau Next

Tableau Next

Applicable to the services branded as Tableau Next, including the underlying Data Cloud, Tableau Semantics and Agentforce Services.