This document outlines the security measures in place to protect sensitive information across management platforms, including ISAAC (Information Sharing, Administration, & Analysis Center) using Salesforce.
WEDnetPA collects, processes, and stores private data on the following management platform:
– ISAAC (Information Sharing, Administration, & Analysis Center) powered by Salesforce (including Sales Cloud and Communities)
The platform uses multiple layers of security to ensure the confidentiality and integrity of sensitive information.
Salesforce data transmission is encrypted using 256-bit TLS encryption to ensure secure communication between clients, Sales Cloud, and Communities.
Salesforce platforms are continuously monitored for unauthorized access and vulnerabilities.
Salesforce servers are hosted in redundant global data centers.
Sensitive data is stored in encrypted databases and protected with load balancing and disaster recovery systems.
Access Control: Restricted to authorized personnel via role-based access management, ensuring each user can only access necessary data.
Salesforce implements data masking, ensuring that even authorized users can see only the minimum necessary information. PII is encrypted both at rest and in transit using field-level encryption.
Salesforce supports multi-factor authentication (MFA) and IP range restrictions to enhance user authentication and ensure access control.
Salesforce’s Community feature ensures a secure interface for external stakeholders, utilizing encryption, session timeouts, and strict user role controls to limit exposure to unauthorized users.
Data cached on user workstations or accessed via browser sessions is managed under WEDnetPA’s strict temporary storage policies to avoid accidental exposure.
All data is encrypted both during transmission and at rest.
All data transmitted between users and servers is encrypted using TLS 1.2 or higher encryption protocols.
WEDnetPA ensures that data retention policies comply with legal and regulatory requirements. Data is only retained for as long as necessary for business purposes, and any unnecessary or outdated data is securely deleted in accordance with the company’s retention policy.
WEDnetPA utilizes Microsoft Azure Storage services for legacy data storage. Azure Storage automatically encrypts all data before persisting it to the cloud using service-side encryption (SSE) with symmetric AES-256 encryption keys. This encryption is enabled for all storage accounts by default and cannot be disabled, ensuring that all Azure Storage resources and object metadata are fully encrypted. All new and existing data is encrypted regardless of performance tier, access tier, or deployment model, including all redundancy options.
For data in transit, Microsoft uses Transport Layer Security (TLS) protocol to protect data traveling between cloud services and customers, with Microsoft datacenters negotiating TLS connections that provide strong authentication, message privacy, and integrity. All transactions through the Azure portal occur over HTTPS. Every request to a secure resource in Azure Storage must be authorized, and Azure Storage supports OAuth 2.0 token-based authentication and role-based access control (RBAC).
WEDnetPA utilizes Azure SQL Database for certain legacy structured data storage, with comprehensive security measures protecting sensitive information through multiple encryption and access control layers. Transparent Data Encryption (TDE) is enabled by default for Azure SQL Databases, performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest. TDE uses AES-256 encryption algorithm with Database Encryption Keys (DEK) protected by built-in server certificates that are unique for each server, with Microsoft automatically rotating these certificates annually in compliance with internal security policies and storing the root key in a Microsoft internal secret store.
Azure SQL Database supports both SQL authentication and Microsoft Entra ID authentication, with Microsoft Entra ID providing centralized identity management, multifactor authentication capabilities, and OAuth 2.0 token-based authentication for enhanced security. Authorization is controlled through role-based access control (RBAC) and database-level permissions, with contained database users enabling authentication without storing credentials in the master database.
WEDnetPA continually reviews and updates its data security policies to ensure compliance with evolving regulatory requirements and industry best practices. The company ensures its practices are in line with standards such as:
These ongoing reviews ensure a secure environment for all private data handled by ISAAC, Salesforce Sales Cloud, and Salesforce Communities.