Compliance

SOC2

Sitetracker is SOC2 Type II compliant and completes an annual SOC2 compliance review, audited by licensed PCI QSA auditors. This process ensures that information security practices, policies, procedures and operations meet or surpass the rigorous SOC2 standards for security, availability, confidentiality and processing integrity.

Privacy Shield

Sitetracker adheres to the Privacy Shield Framework. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Salesforce Certifications

Sitetracker applications are developed and run on the Force.com platform, so we benefit from and leverage the security controls designed and implemented by Salesforce. Salesforce undergoes comprehensive privacy and security assessments by, and has achieved certifications from, multiple auditors and certifying bodies. These include the following security and privacy-related audits and certifications:

Geographical Recognition

  • EU / EEA Binding Corporate Rules for Processors
  • EU / EEA and Switzerland Safe Harbor self-certification through the U.S. Department of Commerce
  • TRUSTe Certified Privacy Seal

Global Audit Compliance

  • ISO 27001
  • SSAE 16/ISAE 3402 SOC-1
  • SOC 2
  • SOC 3
  • FedRAMP
  • PCI-DSS
  • TÜV Rheinland Certified Cloud Service

A current list of security and privacy assessments and certifications of the Salesforce Platform can be found at https://trust.salesforce.com/en/compliance/

 

Salesforce AppExchange

Sitetracker applications are submitted to Salesforce as part of the AppExchange Security Review process. Salesforce provides the AppExchange Security Review program to assess the security posture of applications published on the AppExchange against industry best practices for security.

Data Encryption

Sitetracker encrypts data in transit using AES 128-bit encryption at the minimum. Encryption at rest is not a standard operation, but can be implemented upon request.

Salesforce uses industry-accepted encryption methods to protect customer data and communications during transmissions between a customer’s network and Salesforce Services, including through the Transport Layer Encryption (TLS), leveraging at least 2048-bit RSA server certificates and 128- bit symmetric encryption keys. Additionally, all data, including customer data, is transmitted between data centers for replication purposes with a dedicated AES 256-bit encryption.

Disaster Recovery

Sitetracker maintains a comprehensive disaster recovery plan in the event of a customer instance outage in salesforce.com. Sitetracker will work in conjunction with Salesforce’s site reliability engineers on any operational issues and the computer security incident response team (CSIRT) on any information security issues.

Incident Response

Trust is built on the value of transparency. During an incident that impacts our performance or the security and availability of Sitetracker services, we communicate with our customers at regular intervals, depending on the severity of the incident.

Sitetracker works with Salesforce’s 24/7 global site reliability team to address incidents to our customer instances. Within ten minutes of a service disruption, performance or security incident, Sitetracker engineers are notified via email from Salesforce and are regularly updated until the incident is resolved. Sitetracker’s customer success team will engage all designated contacts and provide them with regular updates via email, and phone calls if necessary.

For security and privacy related questions contact us via email: privacy@sitetracker.com