Practifi, built on the trusted Salesforce platform, aligns with and follows the same robust security measures and practices as Salesforce. The platform is built on reliable technology, implementing industry-leading security controls across every layer, from the physical infrastructure to the application itself.
Practifi recognizes the importance of addressing work-from-home (WFH) and remote security concerns and ensuring safety measures are in place. When users access Practifi using a Salesforce-supported browser, transport layer security (TLS) technology protects your information using both server authentication and classic encryption. This ensures that your data is safe, secure, and available only to registered users in your organization.
Practifi data is stored on a network of secure data centers strategically located across the globe including the US, UK, Canada, Australia and New Zealand. For clients in the United States, Practifi data is stored in Salesforce data centers located in Chicago, Dallas, Phoenix and Washington, DC.
Salesforce data centers are designed to provide the utmost security, availability, and performance for your Practifi instance. These data centers are consistently monitored and assessed to ensure compliance with industry standards. Accreditations include:
In the realm of data management, Practifi relies on the secure infrastructure provided by Salesforce, known for its ISO 27001 and FISMA certified data centers. Salesforce has extensive experience in large-scale data center design, construction, and operation, a foundation upon which the Salesforce platform and infrastructure have been meticulously crafted. These data centers maintain a discreet presence within nondescript facilities, boasting robust protective measures such as extensive setbacks and military-grade perimeter defenses, including berms and other natural barriers. Rigorous control over physical access is maintained, both at the perimeter and building ingress points, orchestrated by a cadre of seasoned security professionals equipped with cutting-edge video surveillance, state-of-the-art intrusion detection systems, and an array of electronic safeguards. Access to data center floors mandates that authorized personnel successfully complete two-factor authentication, no less than three times. All visitors and contractors are obligated to show identification and remain under the continuous escort of authorized personnel throughout their visit.
The Salesforce approach is one of strict access control. Data center access and information are exclusively extended to employees who possess a bona fide business need for such privileges. If an employee’s business need for these privileges wanes, access is promptly rescinded, irrespective of their continued association with Salesforce or Practifi. Comprehensive logging and routine auditing of both physical and electronic data center access by Salesforce personnel ensure the integrity of this security protocol.
Salesforce data center electrical power systems are meticulously designed for full redundancy and maintainability, ensuring uninterrupted operations without any impact on services. In the event of an electrical failure, critical loads are supported by Uninterruptible Power Supply (UPS) units, and the entire facility receives backup power from on-site generators.
Electrical, mechanical, and life support systems and equipment within the Salesforce data centers are actively monitored by the data center staff, with a focus on immediate issue identification. Preventive maintenance is routinely carried out to sustain the ongoing operability of the equipment.
Because Practifi is hosted on the Salesforce platform we inherit the industry leading BCP and DR capabilities of Salesforce. These include features such as ge-redundant failover, 24x7x365 access to global and regional crisis management reams, and ongoing operability of the equipment.
Salesforce performs nightly backups, storing data securely across multiple locations. In case of emergencies, Salesforce can recover your entire database within a certain time frame, ensuring data integrity and system reliability. Access up-to-date incident status by product here: https://trust.salesforce.com/#systemStatus
Practifi requires MFA for all user logins as standard, and supports common authentication methods including the Salesforce1 app, Google Authenticator, and one-time codes. Users can also leverage built-in authenticator services such as Windows Hello™, Touch ID®, or Face ID® allowing users to quickly verify their identity with a fingerprint, iris, or facial recognition scan, streamlining the MFA process.
Practifi provides a flexible, layered data sharing design that lets admins control user access to data. By default, Practifi ships with a comprehensive set of user roles that are assigned to users and that control the access that these users have. For example, advisor and administrator roles.
Firms can further configure their orgs with additional access controls, for example restricting record visibility to specific sets of users as may be required in a multidivisional firm. Administrators can also customize the standard Practifi configuration to provide appropriate access to other groups that are using the software, as may be required when outsourcing services or when users have a specific need for information.
After initial onboarding, authorization of access to client data within Practifi is controlled exclusively by the client. Practifi can assist on behalf of the client only if the client provides our support team with explicit access. Product releases are handled via our push upgrade process, which doesn’t require access to client orgs.
With Practifi, you have control over session timeouts. You can specify the duration of inactivity that triggers automatic logout, enhancing your security measures. The default timeout session is set at two hours.
Data is encrypted using robust 128 or 256-bit encrypted SSL (https), ensuring its confidentiality during transit to and from Practifi. Salesforce requires the use of TLS 1.2 or higher for secure communication with Practifi to maintain data security. Data encryption at rest is also available through Practifi Protect.
Practifi adheres to the Salesforce secure development standards which themselves are based on OWASP standards. This means that there are no third party libraries or dependencies that can give rise to vulnerabilities, the Practifi product is subject to static code analysis (Checkmarx) before packaging and deployment, and annual penetration testing by a third party provider. Results of these tests can be provided to clients upon request.