Data Security Policy Statement

WEDnetPA is committed to safeguarding the privacy and integrity of all private data it collects, processes, and stores.

This document outlines the security measures in place to protect sensitive information across management platforms, including ISAAC (Information Sharing, Administration, & Analysis Center) using Salesforce.

Platforms and Data Management

WEDnetPA collects, processes, and stores private data on the following management platform:

– ISAAC (Information Sharing, Administration, & Analysis Center) powered by Salesforce (including Sales Cloud and Communities)

The platform uses multiple layers of security to ensure the confidentiality and integrity of sensitive information.

Security Measures

Salesforce Infrastructure

  • Hosted on secure data centers, audited for compliance with global standards such as ISO 27001, SOC 2, and GDPR.
  • Access to these data centers is restricted and monitored 24/7.

Network Security

Salesforce data transmission is encrypted using 256-bit TLS encryption to ensure secure communication between clients, Sales Cloud, and Communities.

Salesforce platforms are continuously monitored for unauthorized access and vulnerabilities.

Server-Level Security

Salesforce servers are hosted in redundant global data centers.

Sensitive data is stored in encrypted databases and protected with load balancing and disaster recovery systems.

Software-Level Security

Salesforce Platforms (Sales Cloud and Communities)

Access Control: Restricted to authorized personnel via role-based access management, ensuring each user can only access necessary data.

Sensitive Data Protection

Salesforce implements data masking, ensuring that even authorized users can see only the minimum necessary information. PII is encrypted both at rest and in transit using field-level encryption.

Authentication

Salesforce supports multi-factor authentication (MFA) and IP range restrictions to enhance user authentication and ensure access control.

Data Handling Policies

External Access (Salesforce Communities)

 Salesforce’s Community feature ensures a secure interface for external stakeholders, utilizing encryption, session timeouts, and strict user role controls to limit exposure to unauthorized users.

Temporary Storage

Data cached on user workstations or accessed via browser sessions is managed under WEDnetPA’s strict temporary storage policies to avoid accidental exposure.

Encryption Practices

All data is encrypted both during transmission and at rest. 

All data transmitted between users and servers is encrypted using TLS 1.2 or higher encryption protocols.

Data Retention Policies

WEDnetPA ensures that data retention policies comply with legal and regulatory requirements. Data is only retained for as long as necessary for business purposes, and any unnecessary or outdated data is securely deleted in accordance with the company’s retention policy.

Azure Storage Security for Legacy Data

WEDnetPA utilizes Microsoft Azure Storage services for legacy data storage. Azure Storage automatically encrypts all data before persisting it to the cloud using service-side encryption (SSE) with symmetric AES-256 encryption keys. This encryption is enabled for all storage accounts by default and cannot be disabled, ensuring that all Azure Storage resources and object metadata are fully encrypted. All new and existing data is encrypted regardless of performance tier, access tier, or deployment model, including all redundancy options.

For data in transit, Microsoft uses Transport Layer Security (TLS) protocol to protect data traveling between cloud services and customers, with Microsoft datacenters negotiating TLS connections that provide strong authentication, message privacy, and integrity. All transactions through the Azure portal occur over HTTPS. Every request to a secure resource in Azure Storage must be authorized, and Azure Storage supports OAuth 2.0 token-based authentication and role-based access control (RBAC).

Azure SQL Database Security

WEDnetPA utilizes Azure SQL Database for certain legacy structured data storage, with comprehensive security measures protecting sensitive information through multiple encryption and access control layers. Transparent Data Encryption (TDE) is enabled by default for Azure SQL Databases, performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest. TDE uses AES-256 encryption algorithm with Database Encryption Keys (DEK) protected by built-in server certificates that are unique for each server, with Microsoft automatically rotating these certificates annually in compliance with internal security policies and storing the root key in a Microsoft internal secret store.

Azure SQL Database supports both SQL authentication and Microsoft Entra ID authentication, with Microsoft Entra ID providing centralized identity management, multifactor authentication capabilities, and OAuth 2.0 token-based authentication for enhanced security. Authorization is controlled through role-based access control (RBAC) and database-level permissions, with contained database users enabling authentication without storing credentials in the master database.

Continuous Improvement and Compliance

WEDnetPA continually reviews and updates its data security policies to ensure compliance with evolving regulatory requirements and industry best practices. The company ensures its practices are in line with standards such as:

  • ISO 27001
  • SOC 2
  • GDPR

These ongoing reviews ensure a secure environment for all private data handled by ISAAC, Salesforce Sales Cloud, and Salesforce Communities.

Pennsylvania Department of Community & Economic Development
Statements
Contact
© Copyright 2025 WEDnetPA. All rights reserved.