You are here:
Key Personas for IT Compliance
IT Compliance is built around a small set of personas who collaborate across the compliance program. Understanding who does what helps you assign the right permission sets, configure access, and design workflows that fit your organization.
Required Editions
| Available in: Lightning Experience |
| Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service. |
Each persona below maps to one or more permission sets. A single user can play more than one persona, and a single persona can be shared across multiple users in your organization.
| persona | responsibilities | permission set |
|---|---|---|
| Compliance Administrator | Owns the IT Compliance program end-to-end. Configures Salesforce Go for IT Compliance, defines compliance policies, registers risks and controls, plans audits, and verifies evidence. Usually a senior member of the compliance, governance, or risk team. | Compliance Admin permission set |
| Audit Program Manager | A compliance administrator who specializes in planning and running audit cycles. Creates compliance audits, defines evidence requests, assigns fulfillers, monitors progress, and closes out completed audits for external review. | Compliance Admin permission set |
| Compliance Reviewer | A compliance administrator who specializes in verifying submitted evidence artifacts. Previews files in the evidence artifact previewer, accepts evidence that meets the requirement, and rejects artifacts with an observation statement when more work is needed. Often an IT compliance analyst or senior auditor. | Compliance Admin permission set |
| Policy Author | A compliance administrator who drafts and refines compliance policies, often using Microsoft Word with the Salesforce Compliance Connector. Maps policy clauses to regulation clauses, routes content for review, and publishes approved policies to the Employee Portal. | Compliance Admin permission set |
| Risk Owner | The business or IT leader responsible for managing a specific compliance risk. Participates in risk evaluations, ensures that mitigating controls are in place, and responds when a risk materializes. Typically a subject matter expert outside the core compliance team. | Compliance Admin permission set with record-level sharing |
| Evidence Fulfiller | The IT or cloud engineer, infrastructure owner, or subject matter expert who collects and submits evidence on behalf of the compliance program. Works primarily in the Evidence Hub, where they see assigned evidence requests, upload supporting files, and submit artifacts for review. | IT Compliance Fulfiller permission set |
| Employee | A standard organization employee who interacts with IT Compliance to acknowledge policies and, in some workflows, to submit evidence about their own work. Uses the Employee Portal to read policies, acknowledge them, and respond to assigned evidence requests. | IT Compliance Acknowledger permission set (for policy acknowledgments); IT Compliance Submitter permission set (for evidence submissions) |
| External Auditor | An auditor from outside your organization who reviews the compliance program after the compliance team has accepted the evidence. Because verified artifacts are locked at the moment of verification, external auditors see the exact evidence your compliance team accepted, preserving an unaltered chain of custody. | Read access to relevant compliance audit records and verified artifacts |
| AI Compliance Admin permission set | A compliance administrator who uses AI-powered features such as AI-generated risk summaries, intelligent recommendations, and AI-assisted policy authoring. AI Compliance Admin access is layered on top of Compliance Admin permission set and is included in the AI Compliance add-on. | AI Compliance Admin permission set |
Did this article solve your issue?
Let us know so we can improve!
