Cloud Coach Security Policy

Security is at the heart of Cloud Coach’s application development. This is why we developed our products to run exclusively on the Salesforce platform. Our core information security principles are:

Confidentiality: Prevent the disclosure of information to unauthorized individuals or systems.
Integrity: Maintain and assure the accuracy and consistency of data over its entire lifecycle.
Availability: Ensure the information is available when needed.

Cloud Coach is committed to achieving and maintaining these principles and the trust of our customers. Integral to this is providing a robust security and privacy program that carefully considers security and data protection across our services, including data submitted by customers to our services (“customer data”). Our customers are in a wide range of verticals, some with stringent security requirements, including financial services, healthcare, technology, energy, and government.

Security at Cloud Coach

Cloud Coach does its best to ensure that customer and company information assets are protected in accordance with industry best practices.

Salesforce ISV Partner

Built on the Salesforce Platform

Cloud Coach solutions are developed exclusively on the Force.com platform, an industry-leading and mature platform for cloud applications. Cloud Coach applications go through a qualitative and quantitative security review process with Salesforce to ensure applications meet a set of security standards and best practices. By leveraging this industry-leading, cloud-based platform, Cloud Coach and its customers benefit from a variety of security features including user management, data visibility protection, disaster recovery and backups, and physical and network security. Housed on the Force.com platform, Cloud Coach products have consistently met the most stringent data security requirements, and comply with major security, privacy and data protection laws and standards globally.

Salesforce Certifications

Because Cloud Coach applications run exclusively within the Salesforce platform, Cloud Coach and its customers benefit from the security measures and certifications attained by Salesforce. Salesforce undergoes comprehensive privacy and security assessments by, and has achieved certifications from multiple auditors and certifying bodies. These include the following security- and privacy-related audits and certifications: Geographical Recognition:

EU / EEA Binding Corporate Rules for Processors
EU / EEA and Switzerland Safe Harbor self-certification through the U.S. Department of Commerce
TRUSTe Certified Privacy Seal

Global Audit Compliance

ISO 27001
SSAE 16/ISAE 3402 SOC-1
SOC 2
SOC 3
FedRAMP
PCI-DSS
TÜV Rheinland Certified Cloud Service

A current list of security and privacy assessments and certifications of the Salesforce platform can be found at https://trust.salesforce.com/en/compliance/.

Salesforce AppExchange Security Review

Cloud Coach applications are submitted to Salesforce as part of the AppExchange Security Review process. Salesforce provides the AppExchange Security Review program to assess the security posture of ISV applications published on the AppExchange against industry best practices for security.

Disaster Recovery

Because Cloud Coach applications are 100% Force.com-native, all data processed by Cloud Coach applications resides on the Salesforce cloud platform owned, operated and managed by Salesforce.

Data Encryption

Cloud Coach relies on Salesforce platform capabilities for encryption of data in transit. Salesforce uses industry-accepted encryption products to protect customer data and communications during transmissions between a customer’s network and the Cloud Coach applications, including 128-bit Advanced Encryption Standard (AES), and PCI-DSS L1 Compliance. Additionally, customer data is encrypted during transmission between data centers for replication purposes. Additional security features are available as part of the Salesforce Shield program, available from Salesforce.