Skip to main content

Compliance

AppExchange security review

Cotiza CPQ is distributed through the Salesforce AppExchange and undergoes Salesforce security review before publication.

Platform alignment

Cotiza runs entirely on Salesforce infrastructure and inherits:

  • Salesforce data center certifications and compliance programs available to your org's edition
  • Salesforce audit trail capabilities (Field History, Setup Audit Trail)
  • Event monitoring available through Salesforce platform tools

Code quality

  • Apex is bulkified for governor limit safety
  • CRUD and FLS checks are applied through platform security models
  • No external credential storage in the managed package

Customer compliance responsibilities

While Cotiza operates within Salesforce security boundaries, customers remain responsible for:

  • Org-wide security policies (password policies, MFA, IP restrictions)
  • Data classification and retention policies
  • User provisioning and deprovisioning
  • Regulatory requirements specific to their industry (configure Salesforce accordingly)

Audit trail

Approval decisions, Quote changes, and Contract events are stored on Salesforce records. Use standard Salesforce reporting and Field History Tracking (where enabled) for audit requirements.