Salesforce Cloud, Security, Controls and Governance

Our principles

Financial, operational and compliance-related risks in Salesforce are well-controlled and automated
Security and controls are seamlessly embedded into the business process, helping reduce cost of compliance and increase overall process efficiency
Users can access the data they are approved and required to access—no more, no less

Our aim

Our Salesforce security and control solutions are here to enhance trust across every Salesforce instance you operate—whether you’re transforming or optimizing your current environment. We help you proactively identify and manage critical business risks, cutting compliance costs and driving greater ROI across your Salesforce portfolio. With our comprehensive security assessments, seamless integrations, and targeted control services, we’re committed to making your Salesforce ecosystem as secure, efficient, and value-driven as possible.

Whether you’re just starting your journey or well on your way, we can help you quickly lock in confidence in your Salesforce transformation

Real-time security and control risk detection

Evaluate Salesforce Role-Based Access Control (RBAC) security (i.e., profiles, permission sets, record level security, etc.), related security configurations, related security governance processes, and apex source code setup for user access risks, potential misconfigurations, and security vulnerabilities utilizing proprietary tools. Provide recommendations to improve security posture and setup over Salesforce.

Establish more trust around your business operations

Design, build, and test Salesforce business process and information technology general controls (ITGCs) through the implementation of automated (i.e. Approval processes, validation rules, flows, etc.) and manual controls to help companies demonstrate compliance to regulatory bodies.

Effective security design and integration

Design, build, and test a Salesforce role-based access model (i.e., profiles, permission sets, organization-wide defaults, etc.) utilizing a risk-based approach with a focus on least-privileged principals, sensitive data protection (including encryption), and reduction of Segregation of Duty (SoD) conflicts and compliance with applicable regulatory frameworks (SOX, NIST, HITRUST, Privacy, etc.).

Continuous security monitoring

Enable a SaaS Security Posture Management (SSPM) program and / or enable continuous monitoring via Salesforce native products (i.e. Shield Event Monitoring) to identify, prevent, and / or detect potential threats, inappropriate changes to security settings, and /or updates to security entitlements.

“Most businesses are at a point where digital transformation cannot move fast enough because the need for results is so great. But when you’re putting mission-critical data about your customers, employees and partners in these environments, you have to be able to trust that it’s secure.”

Ian Kahn, PwC US Salesforce Practice Leader

Hear from us

Salesforce Winter '25 Release Notes
Securing the Digital Workplace
Saas Fundamentals
PwC's Salesforce Security Analytics Tool

Salesforce Winter '25 Release Notes

The Winter '25 Salesforce release introduces a range of new features and performance enhancements aimed at improving user experience and overall security

PwC's Salesforce Security Analytics Tool

Is your compliance department asking how you are going to protect customer information in Salesforce? Are you subject to GDPR, HIPAA or other privacy regulations, but don’t know who has access to your confidential data or to critical functionalities? Do you want to know how clean your salesforce environment is from a security standpoint? PwC developed the Salesforce Security Analytics tool to help you answer those questions and manage your security in Salesforce in an effective and structured way.

27/09/18

Contact us

Robert Clark

US Cyber Risk & Regulatory — Cloud Compliance & Security, PwC US

Andrea Acciarri

US Cyber Risk & Regulatory — Salesforce Lead, PwC US

Hide

Required fields are marked with an asterisk(*)

First Name*

Last Name*

Company Name*

Job Title*

Job Function*

Email address*

Location*

Details about your inquiry*

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

Salesforce Cloud, Security, Controls and Governance

Our principles

Our aim

Featured content

Salesforce Security Demystified

Net Zero Cloud

Change Management

Whether you’re just starting your journey or well on your way, we can help you quickly lock in confidence in your Salesforce transformation

Real-time security and control risk detection

Establish more trust around your business operations

Effective security design and integration

Continuous security monitoring

Hear from us

Salesforce Winter '25 Release Notes

Securing the Digital Workplace

Saas Fundamentals

PwC's Salesforce Security Analytics Tool

Salesforce Enterprise Cloud Solutions Video

Related content

Salesforce Health Cloud

Ensuring NYDFS compliance for Salesforce

Contact us

Thank you for your interest in PwC