Flosum is a complete Salesforce-based DevOps solution designed specifically for the Salesforce platform. It streamlines development processes from requirements planning to production deployment while ensuring governance, compliance, and innovation. As a native Salesforce application, Flosum leverages the platform’s security and infrastructure to provide enterprise-grade security and compliance.

Flosum: Built on Salesforce Trust

Flosum operates within an OEM relationship with Salesforce. Each customer receives a dedicated Salesforce org (instance) with the necessary licenses to run the Flosum application, which can be provisioned via Salesforce AppExchange.

Key Security Benefits:

• Seamless Integration: Flosum inherits all security, infrastructure, disaster recovery, and availability policies of the Salesforce platform.
• Exclusive Access Control: The Flosum org is hosted entirely within Salesforce and is accessible only from the customer’s corporate network.
• No External Access: Flosum personnel cannot access or modify the customer’s Flosum instance.
• Physical Security: The same security measures applied to Salesforce instances extend to Flosum.

Strengthen Your Security 

Flosum is the only DevOps solution that is 100% native to Salesforce, ensuring maximum security.

Enterprise-grade security

Enterprise Controls: Inherits Salesforce's robust security infrastructure

Granular Permissions: Leverages Salesforce’s native user management and role-based access

Zero-trust Policy: Hyperforce compliant and no back-door access to your metadata

Government Ready: Compatible with GovCloud and inherits FedRAMP security controls

Compliance Certifications

Flosum complies with all Salesforce security certifications, including:

• ISO 27001/27018
• SSAE 16/ISAE 3402 SOC-1, SOC 2, SOC 3
• PCI-DSS
• TRUSTe Certified Privacy Seal
• CSA STAR
• FDA 21 CFR Part 11 (Electronic Records Management)
• HIPAA

(For a complete compliance list, contact us.)

Flosum Architecture: Built for Security and Compliance

Flosum is designed exclusively for Salesforce customers. Since it is entirely built on the Salesforce platform, Flosum has no additional servers or data center footprint. This ensures full control over access and security.

• Zero-Trust architecture enforcement
• Real-time security reporting
• Data residency compliance 
• 100% regulatory compliance
• No IP addresses to open up
• No shared infrastructure
• Governance-first deployment approach

Key Security Features

Native Salesforce

• Inherits enterprise-grade security controls
• Uses Salesforce granular user permissions
• Managed package in your Salesforce
• Used by Governments

Information Security

• Hyperforce compliant
• Same security perimeter as your Salesforce orgs
• Meets data residency and privacy laws
• No back-door access to your metadata

‍Secure by Design

• Enforce zero-trust policy
• 100% traceable changes
• Enforce governance while moving quickly and confidently
• Real-time security reporting

Security Review

Many enterprises conduct extensive security reviews before adopting new solutions. Since Flosum is fully native to Salesforce, customers can leverage their existing Salesforce security assessments when evaluating Flosum.

User Provisioning

• Customers manage user provisioning within their Salesforce org.
• Flosum has no direct access to user credentials or login details.
• Salesforce’s password policies apply unless overridden by a corporate single sign-on (SSO) configuration.

Integration With Single Sign-on

Most enterprises utilize corporate SSO to manage authentication across applications. Flosum seamlessly integrates with customers’ existing SSO solutions, just as their Salesforce production instance does.

Trust, Availability, and Business Continuity 

As Flosum is fully built on the Salesforce platform, the same SLAs for availability, business continuity, and disaster recovery apply to Flosum as they do for the customer's production Salesforce instance.

Change Management and Upgrade Process

Flosum releases updates three to six times per year, including minor enhancements and major feature releases.

‍Upgrade Process:

Customer Communication: A dedicated Flosum Customer Success Director informs customers about upcoming upgrades.

Feature Review: Customers evaluate new features and decide whether to upgrade.

Planned Scheduling: Flosum coordinates upgrades to avoid conflicts with customer deployments.

Salesforce Release Awareness: Flosum avoids upgrades within two weeks before or after a major Salesforce release.

Data Management

Customer data remains entirely within the Salesforce infrastructure, benefiting from the same security and compliance standards as their production Salesforce environment.

Conclusion

Flosum is the only native Salesforce DevOps solution that enforces a zero-trust architecture while ensuring enterprise-grade security, compliance, and governance. By leveraging Salesforce’s security framework, Flosum allows enterprises to move quickly while maintaining full control over their data, infrastructure, and deployment processes.

Contact Flosum today to learn more about our enterprise-grade security features.

<<Book A Meeting>>

| www.flosum.com | (+1) (844) 335-6786