Protecting Data Privacy
In addition to adhering to General Data Protection Regulation (GDPR), data governance and data security requirementsRequest Demo
How does ComplianceQuest ensure Data Privacy?
At ComplianceQuest, we’re making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations and data privacy requirements. We assist our customers to protect and have more control over both organizational and personal data while leveraging native capabilities on the Salesforce platform.
Specifically, we leverage several technologies including Salesforce Shield and Salesforce Data Mask to help organizations comply with protecting PII.
Leveraging Salesforce Shield for Enhanced Protection, Monitoring, and Retention of Your Critical Data
ComplianceQuest has been built from the ground up on the Salesforce platform. This allows us to leverage Salesforce Shield which offers enhanced protection, monitoring, and retention of your critical data stored in the CQ platform. Key features of Salesforce Shield includes:
Sensitive data is natively encrypted, even as key data-related functionality like search, data validation and data visualization is not affected. With a base user license, users can feel safe knowing that their data at rest is encrypted with 128-bit AES encryption for any custom text field. For data in transit, all Salesforce orgs encrypt data with 256-bit AES encryption following the TLS 1.2 protocol. With Salesforce Shield, data at rest can also be encrypted with 256-bit AES encryption.
Through Data Monitoring:
Flow of data across your org can be carefully monitored using Salesforce Shield to ensure data privacy requirements are met. We understand user adoption of data and how it is used across connected apps.
Define custom security policies for your enterprise:
By leveraging Salesforce Shield, ComplianceQuest ensures that our customers can customize and follow security policies as per their unique requirements. This ensures that malicious activities are prevented in real-time and that the data history is retained for forensic level compliance.
Leverage Salesforce Data Mask to protect PII in Test and Validation Environments
When production data that may contain PII is replicated in a sandbox environment to facilitate development and testing, it is crucial that all sensitive data is protected to avoid non-compliance. This includes names, social security numbers or salary data. By leveraging Salesforce Data Mask, ComplianceQuest ensures that sensitive data is masked with dummy text or random characters or deleted altogether even as the test and validation process works as designed. Salesforce Data Mask capabilities include:
- Replace sensitive PI and PII data in any structured field, free text field, Chatter post or object to limit employee and contractor access using random characters or numbers, data from libraries, or custom patterns using non-deterministic masking.
- Delete sensitive information entirely when it is not required for application development.
- Empower everyone to build and customize without exposing protected data and remain compliant.
- Data Mask uses security policies chosen by you in data classification to identify and highlight fields with a high likelihood of protected data.
- Leverage a proprietary preprocessing algorithm for speed and easy configuration. Configure your Data Mask in production to have them included in every sandbox or directly in a sandbox if required.
Designed to Accelerate GDPR Readiness
ComplianceQuest is designed to accelerate GDPR readiness through the following capabilities:
Right to be Forgotten
ability to delete customer’s personal data at both an organization and individual level to meet GDPR obligations.
includes an Individual object for tracking privacy preferences across multiple roles in your organization which can relate to one or many contacts, accounts, and custom object records.
Accountability / Transparency
offers customers robust data processing containing strong privacy commitments. It contains data transfer frameworks ensuring that customers can lawfully transfer personal data to Salesforce outside of the European region.
Salesforce Platform helps customers’ requests to export their data. Data can be extracted via both UI-driven as well as API-driven methods, including reports and report/dashboard APIs, data loader, Apex, SOAP and REST APIs, and third-party ETL tools.
Restriction of Processing
On the Salesforce Platform, records can be identified, exported, and deleted upon receiving a verified request to restrict processing. If the restriction is lifted later, the records can be re-imported.
Salesforce has security built into every layer of the platform. The infrastructure layer comes with replication, backup, and disaster recovery planning. Network services have encryption in transit and advanced threat detection. Application services implement identity, authentication, and user permissions. As mentioned above, Salesforce also offers an additional layer of trust with Salesforce Shield, including Platform Encryption, Event Monitoring, and Field Audit Trail.
Unmatched User Authenticator Settings
The ComplianceQuest platform offers an unparalleled set of user authenticator settings that ensure the highest level of security and convenience for your organization. ComplianceQuest offers Single Sign-on (SSO) capability to improve usability without sacrificing security. Our platform also provides Multi-Factor Authorization (MFA) to add an extra layer of security by requiring users to provide additional authentication factor such as a one-time password (OTP) or by connecting a 3rd party authenticator app, to prevent unauthorized individuals from gaining access to your sensitive information.
With ComplianceQuest you can configure your MFA and SSO options at any time. Administrators can also use our dashboard to monitor user activity, enforce security policies, and track compliance with industry standards such as SOC 2 and ISO 27001.
With our software's robust user authenticator settings, you can be confident that your accounts are secure and your data is well protected.