Canadian Center for CyberSecurity Summary Report - Salesforce Services

The Canadian Centre for Cyber Security (CCCS) Cloud Service Provider (CSP) Information Technology Security (ITS) assessment program is a Canadian Federal government program whose goal is to understand the capabilities and risks associated with cloud services being used by the Government of Canada (GC). This assessment helps achieve this by determining if GC Information Technology (IT) security requirements for Medium categorization, as described in Annex B Cloud Control Profile - Medium, are satisfied to an acceptable level of assurance. Salesforce participates in the CCCS CSP ITS assessment program as a requirement of providing cloud services to GC departments. GC departments use the resulting assessment reports in their risk-based decision making when procuring public cloud services involving information to a maximum level of Protected B and can be further leveraged by GC departments to support their own internal Security Assessment and Authorization processes.