Loading
Industries Order Management
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            OM Plus: Security and Encryption

            You are here:

            1. Salesforce Help
            2. Docs
            3. Industries Order Management

            OM Plus: Security and Encryption

            The topics in this section describe the security aspects of Order Management Plus.

            Order Management Plus architecture includes significant differences from that of Order Management Standard, most notably the addition of AWS. Order Management Plus approaches security from two perspectives: data at rest, and data in motion (for more information, see Data Security).

            In either case, Order Management Plus data is secured by both the sending and receiving entity possessing the same encryption key.

            For information about Order Management Standard security and encryption, see https://trust.salesforce.com/en/.

            • Data Security
              Industries Order Management Plus approaches security from two perspectives: data at rest and data in motion.
            • Data Protection Requirements Summary
              Data protection requirements include protection of Salesforce and fulfillment system credentials, access control for object parameters, disaster recovery plans, and more.
            • OM Plus: Manage Secrets
              With OM Plus, you can view and edit custom secrets directly from the XOM Administration page. For security reasons, you can't actually see the values of the secrets, but you can delete them and replace them with new values.
            • Perimeter Security
              Communication between SFDC and AWS is through two-way certificates, where both sides confirm their identity with certificates using HTTPs.
            • Authorizing Access to Order Management Resources
              You can manage access to a resource for a specific user. For example, you can hide the Scope field on an Orchestration Plan Definition object type for a user profile. The Scope field is then be hidden on all Orchestration Plan Definition objects for that user profile.
            • Managing Encryption Keys
              To ensure data security, we have implemented an additional level of encryption for PII and lets customers manage encryption keys. Vlocity ensures that nobody, including our own staff, can access this key without explicit authorization from the customer.
            • Exposing an API Service to the Internet with Basic Authentication
              Order Management Plus allows you to configure credentials on AWS and protect the configured credentials from the rest of the application in a way that is not accessible by any user.
            • How OM Plus Prevents Exposure of Personally Identifiable Information (­PII)­ from Salesforce Fields
              The majority of PII sent to Order Management Plus is sourced from Salesforce. SFDC fields and attributes are two potential sources for PII. When a field participates in Mappings or in Conditions, the SFDC off-platform submit functionality retrieves all the fields required and passes them to Order Management Plus. These fields are stored in Order Management Plus, in the field Values JSON attribute on order items.
             
            Loading
            Salesforce Help | Article