attachmentAV for Salesforce: Security

attachmentAV raises the bar for the security of your Salesforce organization. In the following, we give you insights into our security policies and controls.

ISO 27001 and GDPR compliance (#)

First of all, we are ISO 27001 certified and GDPR complaint.

Here is an exceprt, of our security controls.

  • Transmission Confidentiality: We have set up processes to utilize standard encryption methods, including HTTPS with the TLS algorithm, to keep transmitted data confidential.
  • Encrypting Data At Rest We have set up cryptographic mechanisms to encrypt all production databases and storage systems that store customer data at rest.
  • Centralized Collection of Security Event Logs: Our infrastructure is configured to generate audit events for actions of interest related to security for all critical systems.
  • Vulnerability Remediation Process: We identifiy vulnerabilities on the Company platform through the execution of regular vulnerability scans.

For more details about our security policies and controls as well as the certificates, please visit our trust center.

Jurisdiction/Region (#)

attachmentAV for Salesforce processes data in the jurisdiction/region of your choice.

You can configure one of the following jurisdictions:

  • EU (default)
  • US
  • Canada
  • India

Are you required to ensure data processing in another region of the world? Let us know!

Protecting data in transit (#)

attachmentAV encrypts data in transit as illustrated in the following figure.

  • App sends scan job to backend: HTTPS/TLS
  • Backend downloads file from Salesforce: HTTPS/TLS
  • Backend sends scan result to app: HTTP/TLS

attachmentAV for Salesforce encrypts all data in transit

Protecting data at rest (#)

To be able to scan files for viruses, trojans and other kinds of malware, attachmentAV temporarily persists data.

  1. attachmentAV downloads the file from Salesforce.
  2. attachmentAV temporarily stores the file on an encrypted volume.
  3. attachmentAV calls the Sophos engine to scan the file.
  4. attachmentAV deletes the file.
  5. attachmenAV notifies Salesforce about the scan result.

We use encrypted volumes to ensure confidentiality of the temporary data.

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email