Cloud apps you can trust

At FinancialForce.com, we understand that security, availability and application processing integrity are critical to your organization. We, along with salesforce.com, have invested in a world-class cloud infrastructure and rigorous application control procedures that are far beyond what you could ever deploy for yourself.  Our control environment has been audited by a Big 4 auditing firm (SOC 1 Type II report) which will provide you peace of mind, but can also help lower the cost of the auditing processes for your company.

Here is why you can entrust your systems and information to FinancialForce.com.

Built on the platform trusted by over 100,000 companies

As a native salesforce platform application, our applications (and your data) inherit all the benefits of the considerable investments made by salesforce.com in infrastructure, data management, controls, security and certifications including Systrust, Truste and ISO 27001. And better yet, you’ll always have access to trust.salesforce.com, a set of web pages dedicated to providing cloud users with a transparent view of the cloud computing environment.

The salesforce platform includes these certifications:

 

Independent Audits - SSAE 16/ SOC 1 Type II Report

FinancialForce.com provides our customers with a Service Organization Control 1 (SOC 1) Type II report prepared by an internationally recognized Big 4 auditing firm. The SOC 1 report is in addition to the reports and certifications of the underlying platform provided by salesforce.com. The report is prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. The purpose of the report is to provide our customers assurances in all material respects that FinancialForce.com’s Description of Services is fairly presented, that controls put in place by FinancialForce.com are suitably designed to meet their control objectives and that those controls were tested and operated effectively during the audit period.

The report reviews the following:

• Control environment
• Control activities
• Information and communication
• Monitoring
• Risk assessment
• Change management
• Information security
• Incident management
• Disaster recovery and business continuity

The SOC 1 report provides FinancialForce.com’s customers with the additional assurance that our applications are developed and delivered with the highest level of standards to ensure a high quality product is deployed in your environment.

Application Controls

FinancialForce.com provides rigorous application controls that ensure your financial transactions have been correctly validated and reviewed prior to posting, have comprehensive audit trails and cannot subsequently be modified via “back door” manipulation of object data.

These application controls include: 

• Comprehensive audit trails for transactions, master data modifications and security setup changes.
• Multi-level approval processes for transactions and master file data changes
• Segregation of duties
• Highly granular control of company, object, record and field level access by role
• Two phase document save and post
• Lockdown of document posting for closed accounting periods
• Transaction lockdown prevents “after the event” manipulation of accounting entries even by users with system administrator permissions
• API enforcement of business rules

Application Quality

FinancialForce.com has made significant investments in people, processes and systems to ensure high quality business applications. All our application code is peer reviewed and tested via a battery of both human and automated testing procedures. Tests include:

• Story level testing
• Regression testing
• Volume testing
• Compatibility testing
• Functional testing
• Beta testing
• Smoke testing
• Installation and upgrade testing 

FinancialForce applications are also tested via the AppExchange Security Review process. The Security Review has been developed to assess the security posture of ISV application offerings to ensure that applications published on the AppExchange follow industry best practices for security.