Skip to main content
DESelect Security Help Center home page Security Portal
Submit a request
Sign in
  1. DESelect Security
  2. A14. Application Security
  3. General

General

  • Do you test the changes in a test environment before putting them in production?
  • How does DESelect keep client specific data and infrastructure apart from other clients? Is DESelect single-tenant/multi-tenant?
  • Is sensitive data encrypted (eg. user access tokens)?
  • Describe the release management process you use?
  • What does the Salesforce Security Review entail?
  • Do you support role-based access control (RBAC) for end-users / administrators?
  • Are upgrades or system changes installed during off-peak hours or in a manner that does not impact the customer?
  • Do you use an automated source code analysis tool to detect security defects in code prior to production?
  • Do you review your applications for security vulnerabilities and address any issues prior to deployment to production?
  • Are all identified security, contractual, and regulatory requirements for customer access contractually addressed and remediated prior to granting customers access to data, assets, and information systems?
  • Do you conduct network penetration tests of your cloud service infrastructure at least annually?
  • Do you conduct application penetration tests of your cloud infrastructure regularly?
  • Are controls in place to prevent unauthorized access to your application, program, or object source code, and assure it is restricted to authorized personnel only?
  • Do you publish a list of all APIs available in the service and indicate which are standard and which are customized?
Copyright © DESelect bv. All rights reserved.
  • DESelect Support
  • DESelect.com
  • Trust Status Page
  • Privacy Policy
  • Terms of Service
Powered by Zendesk