BUILT-IN SECURITY AND COMPLIANCE
Flux Capacity is a 100% Salesforce Native Application and Certified AppExchange ISV
Flux Capacity is developed on Force.com, a robust and secure platform for cloud applications provided by Salesforce. Flux Capacity applications listed on the Salesforce AppExchange have been through an extensive security review process with Salesforce to ensure applications meet a set of security standards and best practices. Flux Capacity is required to be re-certified on an annual basis.
Salesforce constantly updates and upgrades the security of their data centers and the platform. By being a part of this cloud platform, Flux Capacity applications and our customers’ data benefit from a wide range of security features and controls in such areas as user management, access control, disaster recovery, backups, physical and network security. As a result, Flux Capacity applications meet our customers’ most stringent data security requirements and comply with major security, privacy and data protection laws and standards globally.
Salesforce Platform Security and Compliance Certifications
Salesforce undergoes comprehensive privacy and security assessments and has achieved the following audits and certifications:
Binding Corporate Rules for the Processing of European Personal Data
TRUSTe Certified Privacy Seal
ISO 27001, 27017, 27018
C5 (ISAE 3000)
SOC 1, SOC 2
For more information and a full list of certifications and documentation, visit: https://compliance.salesforce.com/en
Additional Salesforce security and trust resources are available at: https://trust.salesforce.com/en/
Flux Capacity Policies and Procedures
First and foremost, your data is secure with Flux Capacity. You always maintain complete control over your data. Flux Capacity cannot access or view any data your company has created or stored in the Flux Capacity app.
Flux Capacity maintains a rigorous set of internal policies and procedures to safeguard our application and our customers’ information. Our founders’ 20+ years of combined Enterprise consulting and Salesforce program management experience is the basis by which we carefully operate. We respect the sensitivity and security of all customer interactions and information.
We maintain the following policies and programs to ensure the highest standard of internal security in all aspects of our business.
Risk Management Policy: We perform periodic information security risk assessments (RAs) for the purpose of determining areas of vulnerability, and to initiate appropriate remediation.
Endpoint Protection & Responsible Use Policy: We maintain a secure and professional environment to avoid disruption and/or compromise of services and systems stemming from inappropriate, irresponsible or negligent use of network access.
IT Asset Management Policy: We maintain accurate records of employees' physical computer assets. This policy establishes procedures to ensure compliance with government regulations, industry standards and to ensure accurate reporting of physical assets.
Web Filtering & Internet Usage Policy: Our Internet Usage Policy applies to all employees who have access to computers and the Internet to be used in the performance of their work.
Vendor Security & Risk Management Program: We maintain a clear policy related to our 3rd party vendor security. This policy establishes procedures to ensure compliance with government regulations, industry standards and to ensure safe and secure handling of our operational systems and data.
Flux Capacity safeguards licensing and packaging functions for our AppExchange product. Only senior product executives, the co-founders at Flux Capacity, have access to the AppExchange license management and package release functions of our management org and development environment. Those access points are protected by two-factor authentication. All Flux Capacity devices are subject to an acceptable use policy and are tracked and maintained in our asset management process. View our Flux Capacity AppExchange Access Model diagram for more information.
From a product perspective, we adhere to a structured, quality-based software development lifecycle. Each release of Flux Capacity is run through a Salesforce security scan in addition to rigorous internal quality assurance processes and automated regression testing. To maintain complete compatibility with our partners, Salesforce.com and TaskRay, the same QA process is followed leading up to each release of their respective platforms. Minor releases and patches are developed and made available, where necessary, to coincide with our partners' release cycles.