Content last updated July 2022.
Read about our update schedules here.

Introduction

A system architected to be compliant follows legal and ethical guidelines in ways that can be measured and audited. Systems demonstrate compliant behavior by ensuring data can only be accessed by intended parties for intended purposes, by adhering to legal regulations, and by ensuring equitable access for all authorized users.

To prevent and detect compliance violations, it’s important to be proactive. Taking a reactive stance to regulations and standards can create trust issues with your customers — especially if changes are only the result of customer requests or complaints. Such complaints can damage your organization’s brand and reputation, and can lead to revenue losses.

You can build more compliance in your Salesforce solutions by focusing on three key habits: legal adherence, ethical standards, and accessibility.

Legal adherence entails following the mandates set out by regional laws and industry regulations. Once your organization’s legal team (or a third-party auditor) has determined the specific compliance requirements for your organization, your responsibility as an architect is to familiarize yourself with these requirements and proactively flag any potential compliance issues as early as possible during design to reduce the risk of fines and lawsuits.

You can improve legal adherence in your Salesforce solutions through data privacy and localization.

Data Privacy

Data privacy deals with how your solution collects, stores, and processes personally identifiable information (PII), the regulations that apply to those processes, and how individuals can control who and what has access to their personal data. Adhering to data privacy regulations may require you to make updates to your sharing and visibility model, update your metadata configurations to restrict access, add encryption at the field level, create automations to export or delete a customer’s data upon request, and create policies defining how data can be used in automations and AI.

Non-compliance with data privacy regulations can lead to large fines and lawsuits. Moreover, exposing stakeholder data due to poor controls or a security breach can result in lost revenue and lost customer trust.

Consider the following as you work to ensure adherence to data privacy requirements:

During the classification process, it’s important to think about how all of the fields in your data model might be used and not just the ones that seem like they might be sensitive at first glance. In some cases, fields that seem inconsequential can become sensitive if used within the wrong context. For example, postal codes in the United States are sometimes used to predict the race of individuals who live in them. Names can be used to predict gender, country of origin, race, religion, and even age, as popular names tend to change from generation to generation. Include classifications of all fields and a clear description of how any associated AI functionality will use them in your documentation.

Use artificial intelligence (AI) tools such as Einstein Data Detect to identify sensitive data (for example, age, race, and gender) within your org. If fields are classified as sensitive or if you know which fields are sensitive, tools like Einstein Content Selection will also identify fields that are highly correlated and therefore can be proxies for those sensitive fields.

The list of patterns and anti-patterns below shows what proper (and poor) data privacy management looks like within a Salesforce solution. You can use these to validate your designs before you build, or identify areas of your system that need to be refactored.

To learn more about Salesforce tools for data privacy, see Tools Relevant to Compliant.

Localization

Localization is about adapting a product to a particular language, culture, and desired local look and feel as well as adapting to region-specific regulations, including data residency laws. Regulations vary from country to country, and sometimes even from municipality to municipality. As a result, your systems may need to comply with more than one set of regulations, depending on where your customers are located and how your business goes to market with its products and services.

In addition to variations in data privacy laws, many countries are also enacting data residency laws. At a minimum, data residency laws require all data related to a country’s citizens to be physically stored within that country’s borders. Some laws go further, requiring local storage of all data that country’s citizens can potentially access (including data about products and services). Taking it one step further, some countries and regions have regulations requiring citizen data to be maintained only by other citizens.

Non-compliance could lead to large fines and lawsuits. For example, the EU's data protection authorities can impose fines up to €20 million or 4% of global revenue, whichever is higher. In the U.S., the California attorney general's office can seek significant penalties for both intentional and unintentional violations.

Consider the following to better manage localization and data residency requirements:

The list of patterns and anti-patterns below shows what proper (and poor) localization and data residency processes look like within a Salesforce solution. You can use these to validate your designs before you build, or identify areas that need to be refactored.

To learn more about Salesforce tools for localization, see Tools Relevant to Compliant.

The following table outlines patterns to look for (or build) in your org and anti-patterns to avoid or target for remediation.

Patterns Anti-Patterns
Data Privacy In your documentation:
- You have an up-to-date data dictionary containing field level names, descriptions, and classifications
- You have an up-to-date security matrix that identifies which users have access to what data
- You have up-to-date design documentation, including standards and diagrams for any automations created to address regulatory requirements
In your documentation:
- A data dictionary does not exist or has not been kept up-to-date
- Sharing and visibility documentation does not exist or has not been kept up-to-date
- Design standards, diagrams, and documentation for automations that address regulatory requirements does not exist or has not been kept up-to-date
In your org:
- All objects and fields that contain sensitive information or are subject to data privacy regulations have Compliance Categorization, Data Owner, Data Sensitivity Level, and Field Usage configured
In your org:
- Objects and fields that contain sensitive information or are subject to data privacy regulations are missing configuration for Compliance Categorization, Data Owner, Data Sensitivity Level, or Field Usage
Localization In your documentation:
- You have an org strategy that outlines where data will be stored and maintained to comply with all applicable data residency requirements
- You have an integration strategy that outlines acceptable scenarios and processes for replicating data across borders
- You have an analytics strategy that outlines the level of granularity reports and dashboards can contain at regional, national, and global levels
In your documentation:
- You do not have an org strategy or your org strategy does not address data localization and residency requirements
- You do not have an integration strategy or your integration strategy does not address data localization and residency requirements
- You do not have an analytics strategy or your analytics strategy does not address data localization and residency requirements

Ethical Standards

In business contexts, ethical standards are the guidelines for how companies and individuals conduct themselves from a values-based or moral standpoint. At Salesforce, our core values guide everything we do as a company and as employees. We also have an ethical use policy team that helps to ensure customers are using our software in an ethical way. Our Acceptable Use Policy (AUP) is an extension of our core values, and helps guide our decision-making if questions around usage arise.

Your organization may have an additional set of policies that extend beyond simply complying with local regulations. These types of policies can come in many different forms, ranging from adhering to other regions’ regulations, declining to do business with certain organizations or markets, or monitoring employee-customer interactions to identify and eliminate discrimination or biased behaviors. In order to support these policies, you may need update your design standards or system configuration as you would for legal adherence.

You can build better adherence to ethical standards in your Salesforce solutions by ensuring alignment with company policies and evaluating how you’re using artificial intelligence.

Company Policies

Company policies are guidelines that define how various aspects of the business (including people, processes, and technology) should operate. Customers prefer to do business with organizations they trust. Most company policies are designed to reflect this principle. Customer trust will erode quickly if your systems create user experiences that don’t align with your stated policies.

Effective policies flow naturally from a culture of ethics, in which every employee is educated about their responsibility for ethical use from engineering, design, data science, marketing, and sales. In such a culture, employees see clear incentive structures to reward ethical behavior along with clear, consistent consequences for unethical behavior.

Consider the following to ensure your organization’s policies are reflected in your designs:

The list of patterns and anti-patterns below shows what proper (and poor) adherence to company policies looks like within a Salesforce solution. You can use these to validate your designs before you build, or identify areas in your system that need to be refactored.

To learn more about Salesforce tools for aligning designs with company policies, see Tools Relevant to Compliant.

Artificial Intelligence

Artificial intelligence involves using a system to perform tasks that normally require human intelligence. Examples can include speech recognition, visual pattern recognition, language processing, and decision making. The Salesforce platform comes with a built-in AI layer called Einstein. This is a suite of tools that the platform uses to perform a variety of tasks such as analyzing patterns in your data, predicting business outcomes, and providing recommendations. Einstein also includes tools for language processing and chatbots that enhance customer communications.

Most of the underlying Einstein algorithms are not configurable, but the models are fine-tuned by your customers' data once it enters your system. So, if your underlying data is biased or skewed, your models will become biased and inaccurate as well. An example of bias is not including members of a certain race, gender, or ethnicity in your contact list even though your customer base is diverse and includes members of that group. Refer to the Salesforce Responsible Creation of AI Trailhead module, AI Ethics Maturity Model, and Trusted AI principles for more information.

Not accounting for applicable legal regulations and your company’s own ethical standards can lead to biases within your AI, resulting in lawsuits, lost revenue, customer trust issues, and damage to your company’s public image.

Here’s what to consider for the responsible and ethical use of AI:

The list of patterns and anti-patterns below shows what proper (and poor) AI design looks like within a Salesforce solution. You can use these to validate your designs before you build, or identify areas of your system that need to be refactored.

To learn more about Salesforce tools for implementing more ethical AI policies, see Tools Relevant to Compliant.

Ethical Standards Patterns and Anti-Patterns

The following table outlines patterns to look for (or build) in your org and anti-patterns to avoid or target for remediation.

Patterns Anti-Patterns
Company Policies In your design standards:
- Standards include clear guidance for areas impacted by company policies
In your design standards:
- Design standards do not exist or do not provide clear guidance about areas that are subject to company policies
In your documentation:
- Documentation for configuration and customizations includes references to supported company values
In your documentation:
- Documentation for configuration and customizations does not reference company values or policies
In your org:
- All objects and fields that are subject to company policy-related compliance have Compliance Categorization, Data Owner, Data Sensitivity Level, and Field Usage configured
In your org:
- Objects and that are subject to company policy-related compliance are missing configuration for Compliance Categorization, Data Owner, Data Sensitivity Level or Field Usage
Artificial Intelligence In your design standards:
- Policies and approved use cases for AI applications are clear and easy to find
- Standards for chatbot messaging and conversation flow have been documented
In your design standards:
- Design standards don't exist or do not include clear policies and approved use cases for AI applications
- Clear standards for chatbot messaging and conversation design do not exist (but chatbots are being used)
In your documentation:
- Documentation for configuration and customizations involving AI functionality contains a thorough description of all process logic and is stored in a central location that is accessible by legal teams or auditors
- Models that drive predictions and recommendations are clearly documented, including any applicable data segments
- Conversation logic and chatbot messages are thoroughly documented
- Processes are in place to monitor your organization's AI models for data drift, changes in fairness and bias scores, accuracy, and robustness
- Descriptions are maintained for the training, evaluation, and testing data used for all AI processes
- Descriptions are maintained for any AI-related data cleaning along with bias testing, associated results, and performance/accuracy scores (for example, F1 scores)
In your documentation:
- Documentation for configuration and customizations involving AI functionality is missing, incomplete, or stored in an inaccessible location
- Predictions or recommendations are implemented in your org without documentation of their models
- Chatbots are implemented in your org without documentation of messages and conversation flow
- AI monitoring processes do not exist or are not documented
- Information about training, evaluation, and testing data used for all AI processes is unclear or unavailable
- Information about AI-related data cleaning, bias testing, and results is unclear or unavailable

Accessibility

In technology, accessibility deals with how usable systems or solutions are for people with different abilities. Ensuring your systems are designed to work for all users, regardless of ability, is a legal requirement in some locations and industries. Beyond legal requirements, building accessible systems enables your organization to build and grow trust with your stakeholders. In customer-facing applications, it can even boost revenue, if customers decide to use your systems over alternatives that aren’t as accessible.

Salesforce publishes Accessibility Conformance Reports (ACRs), which are industry-standard documents that explain how our software meets accessibility standards, and most of our UI-based controls, including Lightning Web Components and Experience Cloud Templates, were built to adhere to accessibility standards. Depending on how your business goes to market with its products or services, our baseline accessibility features may be sufficient. However, you may have additional requirements that extend beyond our standards so make sure to review our ACRs and release notes prior to the start of any project and document any additional accessibility requirements.

You can improve how accessible your systems by focusing on two key areas: data entry and navigation.

Data Entry

Data entry activities happen any time a user needs to input information into a field, form, or another part of a user interface. While keyboards and mice are the most common ways to enter data into systems, some users may rely on speech-to-text or similar devices. In addition to using different input tools, your users may also speak different languages.

When your solutions are not designed with accessibility in mind, individuals with certain types of disabilities can be excluded from interacting with them.

Consider the following when designing for accessibility:

The list of patterns and anti-patterns below shows what data entry looks like when properly (and poorly) designed for accessibility within a Salesforce solution. You can use these to validate your designs before you build, or identify areas in your system that need to be refactored.

To learn more about Salesforce tools for building more accessible data entry, see Tools Relevant to Compliant.

Navigation involves users moving focus between screens and between fields within a screen. Users may need to navigate through the various UI elements in your system in a variety of ways, including via clicks and keystrokes, while relying on their sight, hearing, and touch. Ensure that your design standards include a list of navigation devices that you plan to support. Implementation teams should refer to this list when testing to make sure that all possibilities are accounted for.

Consider the following questions — and their answers — as you design accessible navigation:

The list of patterns and anti-patterns below shows what navigation looks like when properly (and poorly) designed for accessibility within a Salesforce solution. You can use these to validate your designs before you build, or identify areas of your system that need to be refactored.

To learn more about Salesforce tolls for building more accessible navigation, see Tools Relevant to Compliant.

Accessibility Patterns and Anti-Patterns

The following table outlines patterns to look for (or build) in your org and anti-patterns to avoid or target for remediation.

Patterns Anti-Patterns
Data Entry In your design standards:
- All devices that may be used for data input beyond a standard keyboard and mouse are listed
- Text values and their translations into all supported languages are listed
In your design standards:
- All devices that may be used for data input beyond a standard keyboard and mouse are listed
- Supported languages are listed along with UI elements to be translated
In your test plans:
- Test steps include using multiple types of input devices to enter data
- Test steps include data entry in multiple languages
In your test plans:
- Accessibility testing is not included or testing for accessible data entry is done ad hoc
In your org:
- Translations for supported languages are stored in Translation Workbench
In your org:
- Translations are stored in custom labels
Navigation In your design standards:
- All devices that may be used for navigation (not just standard keyboard and mouse) are clearly listed
- UI/UX standards specify the type and style of all navigational controls
- The types of visual cues approved to convey meaning or state are clearly listed, and color is not a primary cue
In your design standards:
- Design standards do not exist or do not account for accessibility requirements for navigational controls
- UI/UX standards for navigation are inconsistent
- Visual cues for meaning or state rely on color or there are no clear lists of visual cues for builders
In your test plans:
- Test steps include using multiple types of input devices to navigate
- Test plans include using UI/UX testing to ensure consistent navigational paths
In your test plans:
- Accessibility testing is not included or testing for accessible navigation is done ad hoc

Tools Relevant to Compliant

ToolDescriptionLegal AdherenceEthical StandardsAccessibility
Consent APITrack customer preferences for consentX
Consent Event StreamSend notifications for changes to consent or contact infoX
Consent Management ObjectsManage customer privacy and consent preferencesX
Data Access and PortabilityExport customer-related data upon requestX
Data ClassificationRecord key compliance and audit info for object fieldsX
Data DeletionDelete data to comply with legal regulationsX
Data Privacy PreferencesStore customer data privacy preferencesXX
Data TranslationTranslate data presented to usersXX
Einstein Data DetectAlign categories and sensitivity levels to actual dataX
Einstein Data Exploration ConsentManage project and object permissions for data scientistsXX
Einstein Prediction BuilderMake custom predictions without writing codeX
Files Connect Browse, search, and share external files from SalesforceX
HyperforceComply with local data storage requirementsX
Metadata TranslationTranslate languages to localize applicationsXX
Portability APICompile customer data identified in your portability policyXX
Preference CenterGather customer communication preferencesXX
Privacy CenterSatisfy customer requests and data privacy lawsXX
Restriction of Data ProcessingRestrict personal data processing methodsXX
Right to Be ForgottenDelete individual customer data upon requestX
Salesforce FilesShare and store files privatelyX
Security CenterView security and privacy settings across multiple orgsX
Shield Platform EncryptionEncrypt data at rest and in transitX
Translation WorkbenchMaintain translated values for metadata and data labelsXX

Resources Relevant to Compliant

ResourceDescriptionLegal AdherenceEthical StandardsAccessibility
5 Principles for Responsible AI DesignDesign Artificial Intelligence (AI) functionality ethicallyX
Accessibility Basics (Trailhead)Learn why accessibility is importantX
Accessibility Conformance Reports (ACRs)Understand how Salesforce meets accessibility standardsX
Accessibility OverviewUnderstand accessibility within Salesforce LightningX
AI Ethics Maturity ModelDevelop a roadmap to operationalize ethical principlesX
Best Practices for Conversation DesignFollow best practices when designing chatbotsXX
Best Practices for Sustainable Design (Trailhead)Incorporate sustainability into your designsX
Consent Management Track and comply with consent and opt-out requestsX
Data Policies for EinsteinControl data use across Einstein functionalityXX
Design Standards TemplateCreate design standards for your organizationXXX
Ethical Use PolicyExplore Salesforce policy on ethical use of our products and servicesX
Ethics by Design (Trailhead)Incorporate ethical design into technology developmentX
Explore Salesforce's Culture and Values (Trailhead)Explore Salesforce's core valuesXX
Follow Accessible Mobile Design GuidelinesFollow best practices to make your designs accessibleXX
Get Started with Web Accessibility (Trailhead)Learn the basics of how to make websites and apps accessibleX
How To Run a Consequence Scanning WorkshopConsider all possible outcomes while innovatingX
How We’re Bringing Inclusive Language to Our ProductsUnderstand how Salesforce is replacing noninclusive termsX
Implementing Data Protection and PrivacyEvaluate data protection and privacy requirementsX
Inclusive Design (Trailhead)Foster innovation with inclusive design principlesXX
KPI Spreadsheet TemplateSet Key Performance Indicators (KPIs) for your organizationX
Legal InformationExplore Salesforce's Legal Information centerX
LWC Cookie Consent ModuleControl user cookie access in Experience Cloud sitesXX
Model Card GeneratorDocument usage info about your AI predictionsX
Privacy OverviewLearn about data privacy by region and industryX
Salesforce Compliance CertificationsReview Saleforce's compliance certifications and attestationsX
Sustainable Design (Trailhead)Strengthen the relationship between business and societyX
Testing for Web Accessibility (Trailhead)Utilize automated and manual testing to ensure accessibilityX
The Build With Intention ToolkitConsider all possible outcomes of your designsX

Tell us what you think

Help us keep Salesforce Well-Architected relevant to you; take our survey to provide feedback on this content and tell us what you’d like to see next.