Salesforce enterprise cloud solutions

Salesforce is more than a one cloud software implementation, it’s an ecosystem of applications. And as powerful as it is for managing everything from the sales pipeline, to customer service and e-commerce, it’s important to approach any Salesforce transformation with clear perspectives on how to manage the complexities and compliance issues that can arise.

That’s why we work with CIOs and CISOs to ensure that controls are properly implemented into their Salesforce application from the start, and executed in a seamless manner in the background of all their operations.

When global companies are trying to move quickly to a new cloud environment, controls should be built into every step. When Chief Information Officers, Chief Information Security Officers and the Controllership work together to plan for regulatory compliance and operational controls at the start of the implementation, the entire transformation will be more efficient.

Business colleagues in discussion on city street during morning commute

Keeping customer and financial data, secure and compliant

Salesforce is a customer-centric platform built to collect and manage customer data, allowing users to offer better products or services to their customers. With access to incredible amounts of personal data, controls must be put in place up front to ensure data security, privacy and compliance needs are met.


Personal data can fall under a wide range of potential regulation, depending on industry and location. Every global company needs to consider how that data can be managed under Europe’s GDPR regulations, for instance, or China’s PIPL laws governing how that data needs to be stored locally.


We help enterprises ensure their compliance needs are met within the Salesforce application. Engineering the business processes and financial controls alongside the technology design can save time and work later.

Patching in compliance considerations after the go-live phase, or during the testing phase, means having to reimagine or redo whole aspects of the implementation. This means the technology team, the head of internal audit, and the IT security team, have much to gain if they can work in tight coordination to consider compliance early.

Industry leaders will have specific regulations of concern. For example, leaders in the healthcare sector want to manage HIPAA laws, and Sarbanes-Oxley can apply wherever Salesforce becomes integral to revenue generation workflows.


During the implementation phase, and after it’s complete, PwC can bring the accelerators and partnerships for assessments of security and controls. And we can help to configure all of the native security functions, such as encryption, in Salesforce to maximize both security and performance via our Salesforce Security Analyzer, and our Enterprise Controls, or even provide ongoing security monitoring.

Contact us

Andrea Acciarri

Andrea Acciarri

Principal, Cyber, Risk and Regulatory, PwC US

Robert  Clark

Robert Clark

Principal, Cyber, Risk and Regulatory, PwC US

Follow us