Skip to content

Policies

Policy statement.

Each policy should provide a formal outline of the ways in which an organization intends to conduct its affairs (internal and external) and how to act in specific circumstances. Employees should check policy statements to make sure they know they are acting in accordance with the policy.

In addition to this, employees, partners, etc. working with and relying on (automated) information and data resources should also be subject to policies. These resources include, but are not limited to, the networks, systems, software and other information technology related services such as Salesforce.

Most policies are based on a few fundamental common principles which must be adhered to by all of those who use, exploit, consume, manage and control these networks, systems and resources.

Besides these fundamental principles, a policy should at a minimum describe what is provided by Salesforce services and why.

The policy should also prescribe the conditions under which access to specific Salesforce resources is granted and what is meant by responsible, ethical and lawful usage. It should also identify the possible consequences when the policy is breached.

A data policy commits to taking care of gathering, viewing (consuming), transferring, storing, maintaining and handling data of customers (consumers), partners, individuals, employees and systems. A data policy contains a clear description of the scope, to whom the policy applies and who or what is subject to it.

A data policy should describe how your organization commits to taking care of data — how people who have access to data should act when they assess, review, collect, store, adjust and/or delete data.

The 'General Data Protection Regulation' (GDPR) enforces companies to change how they collect, store and track EU consumer data. It affects how data is handled within your company's systems.

A data retention policy, for example, describes the conditions and terms under which data is maintained — such as system log files. These are generally considered technical and do not contain sensitive content, but they theoretically could.

There are other types of data policies, such as:

  • Ownership. Describes how data ownership is determined. For example, when accounts are assigned to sales reps per region — how is the region determined? Is it based on the customer's main office address or the billing address?

  • Access. Describes who has what type of access to what type of data and under which criteria. Should all support agents have access to opportunities, and who is allowed to create new contracts?

  • Quality. Describes how the technical quality of individual data elements is determined. When you keep contact records — is the email address required, and what format do you apply to phone numbers?

  • Sharing / Transferring. If someone has access to the credibility status of account records — should this information be available and shared with everyone else who has access to the system, and should it be transferred to an adjacent system?

  • Availability. Describes when data should be available. When a customer has paid their invoice — should this information become available immediately or within the next 12–16 hours?

These are a few examples of policies that apply to data. They form the foundation of how to deal with data and can have significant effects on your Salesforce implementation.