Salesforce Security Assessments

As of January 31, 2023, customers are no longer required to obtain prior approval before performing security assessments for Salesforce products.

All assessments must continue to be performed in accordance with the Security Assessment Agreement but customers may commence testing without notifying Salesforce beforehand.

If your assessment does generate vulnerability findings, please validate automated findings and reference our public documentation related to common false-positive reports here.

If you require a Due Diligence/Security Questionnaire or a third-party risk assessment, Salesforce has a separate process to get this completed.

Note: Do NOT send an email to security@salesforce.com. Please reach out to your account executive or your customer success manager for assistance.