Why your Salesforce Partner should be SOC Certified

What is SOC 2 and why it's important that you work with a Salesforce partner that has this in place?

No wonder ‘Trust’ is a word that you hear a lot when it comes to Salesforce. When you trust a Salesforce partner with your platform, you are entrusting them with your customers, your financial operations, and a whole host of other business-critical infrastructure and information.

It’s serious stuff, and no partner should underestimate the responsibility. In this blog, we outline what SOC 2 is and the role it plays in the context of working with a Salesforce consultancy.

What is SOC Compliance?

A System and Organization Controls (SOC) report is a voluntary compliance standard that utilizes independent, third-party auditors to examine various aspects of a company, such as:

• Security
• Confidentiality
• Privacy
• Controls related to financial reporting
• Controls related to cybersecurity

SOC 2 is the one that every SaaS company should hold, as it is specifically designed for service providers storing customer data in the cloud. It goes beyond a technical audit: being SOC 2 compliant requires that your handling of cybersecurity creates a company culture of trust and allows you to build relationships with your clientele on solid foundations.

As a customer, this is your guarantee that your Salesforce partner is up to date with industry security standards and has the processes and procedures in place to operate in an ethical and compliant manner.

Type 1

The ‘Type 1’ refers to the fact that assessment measures the design of the security processes at a specific point in time. So, for example, the auditor might assess what happened when an employee left the organization and whether the correct offboarding processes were in place and correctly followed. This would undoubtedly include a process to ensure that the ex-consultant had no further access to their clients’ Salesforce org or data.

How the assessment takes place

A qualified third party must carry out the audit. If your Salesforce partner is serious about SOC, they will work with an industry expert to certification to make sure all protocols are in place to get ready for auditing. A-LIGN, for example, has proven and extensive expertise in providing cybersecurity compliance, assessment, and audit services for SaaS companies.

SOC 2 for Salesforce partners

Finally, let’s bring in Endiem’s Operations Manager, Melanie Gehman, to explain why SOC 2 certification is vital as a Salesforce Partner.

“Opening up an organization to outside consultants or vendors always comes with risk. The SOC report provides reasonable assurance over Endiem’s operating effectiveness of controls and clearly outlines any potential risks for customers or partners that work with us.With a growing client list of larger enterprise customers this is the next logical step in scaling our business.”

If you would like to find out more about Endiem and how our expert consultants work with our clients to provide secure Salesforce solutions people love, then contact us to discuss your project today!