This page describes the security practices Glumes IT follows when delivering Salesforce, CRM and analytics services. It is maintained by Glumes IT to answer common security and privacy questions from customers and partners.
We help customers configure Salesforce securely, handle sensitive CRM data responsibly, and maintain environments that meet their own security and governance requirements. Detailed security documentation and responses to vendor questionnaires are available under a signed NDA or Data Processing Agreement.
Every user, integration and consultant receives only the permissions needed for their role. We review profiles, permission sets, field-level security and public groups before go-live and on every release.
We enforce multi-factor authentication on all customer environments and our internal systems. OAuth and SAML SSO are configured wherever the customer's identity provider supports it.
Development, testing and production are separated by sandbox strategy. No live customer data is used in dev or QA sandboxes unless explicitly required, masked and approved.
We enable Salesforce audit logs, field history, login history and event monitoring where available. Access reviews and configuration backups are performed on a scheduled cadence.
Code is versioned, peer-reviewed and deployed through documented release management. Critical customisations are tested in sandbox before promotion, with rollback plans prepared.
Suspected data exposure, unauthorised access or configuration drift is escalated immediately. We notify the customer contact within 24 hours, contain the issue and document remediation.
We do not operate our own data store for customer CRM data. Client data remains in the customer's Salesforce org and approved connected systems. Where we need access for implementation or support, it is granted through named, role-based accounts with the minimum permissions required and reviewed regularly.
We classify data we handle as confidential, do not use it for training AI models or commercial purposes, and return or delete project materials at the end of an engagement unless the customer requests otherwise.
We sign confidentiality agreements and data processing addenda before accessing sensitive customer environments. We can accommodate standard customer security questionnaires and procurement reviews.
Salesforce is responsible for the security of the cloud platform. Glumes IT is responsible for secure configuration, user access, data flows and customisations we build within the customer's org.
Our consultants hold current Salesforce certifications and follow Salesforce's security, architecture and AI trust guidelines. Detailed compliance attestations are available on request under NDA.
For sensitive issues, please contact us by email. We will acknowledge receipt and respond with next steps within one business day.
We provide security documentation, architecture diagrams and compliance responses to support enterprise procurement and Salesforce partner verification.