Skip to main content
Content Starts Here
This is a publicly shared Knowledge Article from the Power of Us Hub - an online community for nonprofit and higher ed Salesforce users. Join the Hub .
Best Practices

Healthy Org: Data Security in Salesforce

Data Security in Salesforce

Strategies for controlling access to your Salesforce data using point-and-click security tools.

1. Learn

Trailhead: Protect your Salesforce Data

Free, guided learning paths from This trail walks you through modules and units that will help you learn the basics of data security.

Webinar: Data Security in Salesforce

Download the webinar slide deck and repurpose for your internal trainings or presentations to key stakeholders and end users. is the Salesforce community's home for real-time information on system performance and security

Salesforce Shield

Salesforce Shield protects your institution with point-and-click tools that enhance trust, transparency, compliance, and governance across all of your business-critical apps. Shield is available at a deep discount to customers. Contact your Account Executive for pricing.


If your organization manages individuals identifiable health information, you may need to follow standards set forth by the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of protected health information where applicableReview this slide deck to learn about HIPAA, understand Salesforce's role as a Business Associate, and explore features of Salesforce and Salesforce Shield that can enhance your organization's security.


The General Data Protection Regulation (GDPR) is a comprehensive European privacy law that takes effect on May 25, 2018. Salesforce is committed to compliance with the GDPR:



FERPA requires that federally funded institutions, under programs administered by the U.S. Department of Education, comply with certain procedures with regard to disclosing and maintaining educational records. FERPA was not enacted to preclude the disclosure of educational records simply because the records identify a student by name; rather, it was designed to protect the student’s educational information and status as a student.  

2. Review Your Security Settings

Assess your Org Security with the Salesforce Health Check Tool

Review Security Settings

Org Access

Object Access

Record Access

Field Access

3. Train your Users

Educate End Users About Security Best Practices

Teach users to not be fooled by phishing, and to not click links or open attachments in suspicious emails.

  • If you or any of your users are unsure about whether a Salesforce email is legitimate, forward the email to

Give each user a license and be sure users do not share passwords.

4. Monitor

Audit System Use

Auditing provides information about use of the system, which can be critical in diagnosing potential or real security issues.

Get Help


Join the next Circle of Success

Circles of Success are small group, interactive clinics with other customers.


Log a Tech Support Ticket

If you get stuck, you can always log a tech support ticket. Every customer has access to a Standard Success Plan which includes access to Standard Support.