Site Search

Menu

Capabilities

Menu

Artificial Intelligence (AI)

Menu

Cybersecurity, Risk and Regulatory

Loading Results

Salesforce Cloud, Security, Controls and Governance

Our principles

  • Financial, operational and compliance-related risks in Salesforce are well-controlled and automated
  • Security and controls are seamlessly embedded into the business process, helping reduce cost of compliance and increase overall process efficiency
  • Users can access the data they are approved and required to access—no more, no less

Our aim

Our Salesforce security and control solutions are here to enhance trust across every Salesforce instance you operate—whether you’re transforming or optimizing your current environment. We help you proactively identify and manage critical business risks, cutting compliance costs and driving greater ROI across your Salesforce portfolio. With our comprehensive security assessments, seamless integrations, and targeted control services, we’re committed to making your Salesforce ecosystem as secure, efficient, and value-driven as possible.

Featured content

Salesforce Security Demystified

A Client Service Story, Security change management, net zero cloud

Net Zero Cloud

Unlock value through PwC's enterprise cloud risk solution for Salesforce Net Zero Cloud

Change Management

How you can better secure your application change management process over Salesforce
< Back

< Back
[+] Read More

Whether you’re just starting your journey or well on your way, we can help you quickly lock in confidence in your Salesforce transformation

Real-time security and control risk detection

Evaluate Salesforce Role-Based Access Control (RBAC) security (i.e., profiles, permission sets, record level security, etc.), related security configurations, related security governance processes, and apex source code setup for user access risks, potential misconfigurations, and security vulnerabilities utilizing proprietary tools. Provide recommendations to improve security posture and setup over Salesforce.

Establish more trust around your business operations

Design, build, and test Salesforce business process and information technology general controls (ITGCs) through the implementation of automated (i.e. Approval processes, validation rules, flows, etc.) and manual controls to help companies demonstrate compliance to regulatory bodies.

Effective security design and integration

Design, build, and test a Salesforce role-based access model (i.e., profiles, permission sets, organization-wide defaults, etc.) utilizing a risk-based approach with a focus on least-privileged principals, sensitive data protection (including encryption), and reduction of Segregation of Duty (SoD) conflicts and compliance with applicable regulatory frameworks (SOX, NIST, HITRUST, Privacy, etc.).

Continuous security monitoring 

Enable a SaaS Security Posture Management (SSPM) program and / or enable continuous monitoring via Salesforce native products (i.e. Shield Event Monitoring) to identify, prevent, and / or detect potential threats, inappropriate changes to security settings, and /or updates to security entitlements.

“Most businesses are at a point where digital transformation cannot move fast enough because the need for results is so great. But when you’re putting mission-critical data about your customers, employees and partners in these environments, you have to be able to trust that it’s secure.”

Ian Kahn, PwC US Salesforce Practice Leader

Hear from us

Salesforce Winter '25 Release Notes

The Winter '25 Salesforce release introduces a range of new features and performance enhancements aimed at improving user experience and overall security

Securing the Digital Workplace

Essential strategies for safeguarding modern communications

Saas Fundamentals

The shared responsibility model is misunderstood

PwC's Salesforce Security Analytics Tool

Is your compliance department asking how you are going to protect customer information in Salesforce? Are you subject to GDPR, HIPAA or other privacy regulations, but don’t know who has access to your confidential data or to critical functionalities? Do you want to know how clean your salesforce environment is from a security standpoint? PwC developed the Salesforce Security Analytics tool to help you answer those questions and manage your security in Salesforce in an effective and structured way.

Playback of this video is not currently available
3:00

Where you'll see us

Safeguard Your Financial Data with Security Powered by Salesforce

As the regulatory landscape in the financial services sector continues to evolve, maintaining security and compliance remains a top priority for organizations. In this webinar, we’ll discuss how Salesforce can support the implementation of security and regulatory frameworks and explore PwC’s innovative solutions. We’ll also discuss the role of AI within Salesforce, addressing common concerns and providing insights into how emerging technologies can be leveraged while maintaining control over security and compliance.

Thursday, December 5

12:00 PM – 1:00 PM EST

Click to register

{{filterContent.facetedTitle}}

Contact us

Robert Clark

US Cyber Risk & Regulatory — Cloud Compliance & Security, PwC US

Email

Andrea Acciarri

US Cyber Risk & Regulatory — Salesforce Lead, PwC US

Email

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide
Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.