Data protection and data security are undisputedly among the most important topics in digitization. This is particularly true for the cloud computing segment. Companies that work only or predominantly with the cloud are extremely dependent on their data being protected from unauthorized access by third parties at all times. The responsibility for this lies in the hands of the providers of cloud software and cloud services such as Salesforce.
Table of contents
If you also have questions about data protection or are unsure, please contact us and we will be happy to advise you.
Who is Salesforce?
Salesforce is based in San Francisco and was founded in 1999. It was the first company ever to offer CRM software via the cloud, setting a ball rolling that triggered a revolution in the industry and has become an indispensable part of the digital world. Today, the portfolio includes Software as a Service (SaaS) and Platform as a Service (PaaS) with a focus on Customer Relationship Management (CRM). Salesforce is considered the global market leader in this area. Customers who work with Salesforce products save themselves the expense of purchasing software and expensive hardware infrastructure, as well as the financial and time expenditure for implementations and maintenance. Employees can work from their PC, notebook, smartphone or tablet, anytime, anywhere. All that is required is an Internet connection.
Safe Harbour Agreement
The Safe Harbour Agreement was an agreement between the US and the EU on the transfer of data between the two parties. It was in effect from 2000 until October 6, 2015, when the European Court of Justice declared the agreement invalid. There had been repeated criticism years before, not least from numerous German data protection officers. Following the scandals involving U.S. intelligence services, the reason for this was the realization that the companies involved in the U.S. could not guarantee adequate data protection for European citizens.
Order data processing (ODP)
The Californian software company was well prepared when the European Court of Justice handed down its ruling and offers its customers data protection and legal certainty by means of an additional contract that complies with the rules of the EU Model Clauses. In accordance with Section 11 of the German Federal Data Protection Act, this contract regulates the collection, processing and use of personal data by Salesforce on the instructions of the customer. Companies can conclude this supplementary contract with Salesforce and thus secure themselves legally. This contract can be found here: Contract on data processing on behalf.
Certification by TÜV Rheinland
Salesforce is certified as a "Certified Cloud Service" by TÜV Rheinland. The requirements of this certificate are currently the most comprehensive available in terms of quality, security and compliance, also seen in an international context.
TÜV Rheinland audited Salesforce's services, particularly with regard to the implementation of the required security measures and data protection processes. The requirements of Section 9 of the German Federal Data Protection Act and Article 17 of the European Data Protection Directive were taken as a basis. For the certification procedure, existing certificates from the area of ISO 27001 and reports (SOC reports) on requirements already fulfilled were reviewed and taken into account. On the other hand, the TÜV team visited the Salesforce headquarters in San Francisco, where intensive discussions were held with the responsible contacts from the compliance department.
TÜV then examined the architecture of the software and the security measures down to the system level, for example the configuration of application servers. Experienced experts helped conduct an external security analysis to determine whether Salesforce's services could be compromised via the Internet. This endurance test is the key quality and unique selling point of the "Certified Cloud Service" process. In the end, both the auditors from TÜV and the external analysts were convinced that Salesforce takes the areas of data protection, security and compliance very seriously and does everything in its power to meet the high requirements of Germany and the European Union. The certificate with all the details can be viewed by anyone interested on the website www.certipedia.de.
What does that mean for you?
The "Certified Cloud Service" is currently the leading standard for the certification of cloud services and will probably remain so for a while. With a company like Salesforce, which has been awarded the corresponding seal of approval, customers and their data protection officers can be sure that they are not getting a "cheat pack" into their house, but software that complies with German laws in every respect. The TÜV audit delves very deeply into the subject matter. It does not limit itself to a document check, but also intensively examines the technical implementation of security measures and the processes behind them, right through to the specifications for emergency management. That's why companies that opt for Salesforce and thus for the "Certified Cloud Service" seal can sleep soundly when it comes to data protection.
But Salesforce offers more than "just" sufficient data protection
Numerous small, large and very large German companies rely on Salesforce's cloud solutions, and not just because of its data protection efforts. The software does not go down in flames even when customer websites are accessed millions of times, and it completes its tasks reliably and quickly at all times. In addition to the main product Sales Cloud, the leading CRM solution, Salesforce offers other modules. These include:
the Service Cloud (for customer service, support and customer transaction management)
the Marketing Cloud (for any kind of online marketing campaigns)
the Analytics Cloud (for fast data analysis, also on mobile devices)
the Community Cloud (for networking customers, employees and partners)
the Salesforce Platform (for fast and easy application development) and the
the IoT Cloud (for exploiting the potential offered by the Internet of Things).
With all its technical features and modules, coupled with the "Certified Cloud Service" for data protection and security, the software from the California-based manufacturer is a compelling solution for all companies that want to move their business and CRM to the cloud.
Do you need help with your project? Then don't hesitate to contact us and we will support you with our know-how.