日本語

Certification and Trust

Salesforce.com and its contracted third parties perform annual security certification reviews for all applications listed on the AppExchange. The objective of this high-level security assessment is to provide reasonable assurance that AppExchange partners follow security best practices based on industry standards, and create a culture of trust for customers and partners.

The scope of this high-level security assessment varies based on the application type:

Application Type Definition Scope
Native
Applications that are developed and hosted entirely on the platform, with no external data exchange and/or storage. Security risks are minimal since the application and data reside in the Salesforce environment.

  • Security posture of the organization (IT Management, security policies, procedures, standards, etc.)
Client (On-Premise)
 
Applications that run outside the salesforce.com environment, typically running on a desktop or mobile device. These applications treat the force.com platform as a data source, using the development model of whatever tool and platform for which they are designed.



  • Security posture of the organization (IT Management, security policies, procedures, standards, etc.)
  • Application development and architecture
  • Integration with Salesforce
Composite



Applications that run on external services and integrate with Salesforce using lower-level API calls. Such applications allow for more flexibility and powerful integration; however, Salesforce customer data may be exchanged and stored on third-party servers.







  • Security posture of the organization (IT Management, security policies, procedures, standards, etc.)
  • Application development and architecture
  • Integration with Salesforce
  • Network tests
  • Network and application penetration testing (if applicable*).
*Note: Penetration testing is performed only when applications stores sensitive Salesforce data (login credentials, credit card information, etc.)

A detailed certification requirements checklist is available here:  http://wiki.apexdevnet.com/index.php/Requirements_Checklist

For more information and answers to your questions about the certification process, contact us at appexchangeinfo@salesforce.com.