Content Standard GuideTitleALL: Certinia Information Security Program, Compliance, and Security FAQsURL NameALL-Certinia-Information-Security-Program-Compliance-and-Security-FAQsInformationQuestionHelp QuestionWhat is Certinia's security, compliance, and information security program?Where can I find Certinia's security reports, like SOC 3, or FAQs about their security profile?How does Certinia ensure data security and availability for its products?How do I access Certinia’s Security Advisories?Since Certinia is built on Salesforce, what are the details of their security model, and how do they leverage the Salesforce platform's security?Product AreaHelp Product AreaAll product areasEnvironmentHelp EnvironmentAll ProductsAnswerHelp AnswerWhat is Certinia's security, compliance, and information security program? Certinia’s Information Security Program is a risk-based strategy designed to protect customer information assets by adhering to the core security principles of Confidentiality, Integrity, and Availability. This robust security and privacy program includes dedicated Information Security leadership, security policies and standards, control verification efforts, risk identification and mitigation, and compliance with security and privacy regulations and commitments.The program is validated by SOC 1 Type II, SOC 2 Type II, and SOC 3 attestations, and Certinia also supports compliance with HIPAA (Health Insurance Portability and Accountability Act) requirements for its customers through configurable security features.More information can be found here: Certinia Information Security Program Where can I find Certinia's security reports, like SOC 3, or FAQs about their security profile? Certinia utilizes a Whistic Security Profile to centralize and provide transparency into its security posture for customers.This profile offers access to publicly available security documents, including the CSA Consensus Assessments Initiative Questionnaire (CAIQ), the SOC 3 Report, the Security Whitepaper, and Information Security FAQs.By partnering with Whistic, Certinia also provides a secure platform for customers to request and access confidential documents such as SOC 1 Type II and SOC 2 Type II reports, cyber insurance information, penetration testing reports, and other standard security questionnaires like the SIG Lite and VSA. This helps customers gain an in-depth understanding of the security of Certinia products and the shared security responsibility model with Salesforce.More information can be found here: Whistic Security Profile How does Certinia ensure data security and availability for its products? Certinia’s product security is built upon the Salesforce platform, leveraging a shared security responsibility model. Salesforce secures the underlying infrastructure, while Certinia secures its 100% native applications.Certinia implements robust security development lifecycle (SDLC) processes, including penetration testing, code reviews, manual security testing, code scanning, and vulnerability testing with subsequent remediation. Certinia ensures all changes are authorized, tested, and documented.Furthermore, all Certinia applications undergo the rigorous Salesforce AppExchange Security Review, which assesses for OWASP top ten vulnerabilities and Salesforce-specific weaknesses.Certinia’s Financial Management applications include application controls such as comprehensive audit trails, multi-level approval processes, segregation of duties, and granular role-based access controls to protect customer data. More information can be found here: Certinia Product Security How do I access Certinia’s Security Advisories? Certinia Security Advisories Since Certinia is built on Salesforce, what are the details of their security model, and how do they leverage the Salesforce Platform's security? Certinia applications are built natively on the industry-leading Salesforce platform (Force.com), ensuring they benefit from Salesforce’s robust security features, including user management, access control, disaster recovery, backups, and physical/network security.All Certinia apps undergo the rigorous AppExchange security review process to meet high security standards. By leveraging this platform, Certinia satisfies stringent data security requirements and complies with major global security and privacy laws, further benefiting from the extensive list of Salesforce certifications such as ISO 27001, SOC, FedRAMP, and PCI-DSS.More information can be found here: Salesforce SecurityAdditional NotesHelp Additional NotesIf SOC 1 or SOC 2 reports are needed, contact Certinia to request access to the Full Whistic Profile. Below is a consolidated list of the website links shared previously: Certinia Information Security ProgramWhistic Security ProfileCertinia Product SecurityCertinia Security AdvisoriesSalesforce SecurityRelease VersionHelp Release VersionAll Versions
Was this article helpful?00Choose a general reason-- Choose a general reason --FeedbackUpload FilesUpload FilesOr drop filesSubmit