Salesforce.com managed services
As a Salesforce Consulting Partner, VRP provides a dedicated managed service to customers for support, administration and small enhancements of their platform with flexible packages of monthly hours.
Features
- Multi-tenant platform-as-a-service cloud solution
- API rich connectivity and integration services
- High extensibility with native apps from the Salesforce AppExchange
- Declarative workflow capability
- Declarative configuration through Lightning Web Components and framework
- Secure user, role and access management
- Mobile-first interfaces
- Sandbox and test environments with full devops capability
- Fully customisable though code
Benefits
- Sales automation with configure, price, quote
- Customer services and case management automation
- Customer engagement with personalised experience
- Marketing automation for lead nurturing and personalised journeys
- Customer 360 data for holistic view of customers
- Reporting, intelligence, predictive analytics
- Field service with offline capability
Pricing
£140.00 to £260.00 a user a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 5 3 3 1 7 9 6 6 4 8 1 2 8 5
Contact
VRP CONSULTING LTD.
Jennifer Casey
Telephone: +353 (0)896101438
Email: Jennifer.casey@vrpconsulting.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Salesforce has rich API connectivity and can be integrated to many other core systems, e.g. finance, ERP. Native Salesforce apps from the AppExchange can also be configured as part of the solution to extend functionality.
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- Salesforce.com is responsible for maintenance of its multi-tenant SAAS platform
- System requirements
-
- Licenses procured from Salesforce
- Licenses procured from other other ISVs
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- Within 3 to 6 hrs depending on the level of managed service procured
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
VRP Managed Services
Standard - triage response within 6 hrs = £70ph
Premium - triage response within 3 hrs = £80ph
24/7 - follow the sun model (3hrs response) = £90ph
All Managed Service accounts have a dedicated Delivery Manager and access to the dedicated resource pool of support analysts, consultants, architects, developers and QA engineers. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Implementations include training, usually as 'train-the-trainer' approach. This can be supported with quick start guides, videos and platform technical documentation.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Google Docs
- MS Word
- End-of-contract data extraction
- Export of data and metadata can be run from Salesforce at any time, or scheduled to a backup system.
- End-of-contract process
-
At the end of the services contract, a project completion document is created and signed, access to the systems for the project team are removed, and a full handover of documentation is performed.
Post-go-live support or ongoing managed services to support the platform can be contracted separately.
A 90 day warranty is included as standard for all implementation work at no additional cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile user experience via Salesforce standard mobile with limited differences to desktop
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Either an app installed into the customer Salesforce org, or a self--service portal with secure access.
- Accessibility standards
- None or don’t know
- Description of accessibility
-
Create, edit, manage tickets.
View capacity and prioritise tickets.
Reporting - Accessibility testing
- As per Salesforce standards
- API
- Yes
- What users can and can't do using the API
-
Salesforce offers a range of platform and data API’s enabling external systems to interact with the Salesforce platform. The API’s cover data, process and metadata capabilities. The REST and SOAP APIs allow you to create, read, update, and delete records, search or query data, retrieve object metadata, and access information about org limits. The Bulk API is designed for asynchronous processing of volume-based operations on Salesforce. The Streaming API encapsulates newer, event-based integration patterns such as CDC (Change Data Capture) and Platform Events. For more complex use cases, Salesforce enables developers to create and host custom web services using APEX SOAP and REST services.
Application developers define the client side logic in their tool or language of choice, and engage with Salesforce using one of the APIs. API authentication is supported using Username/Password, oAuth 2.0, oAuth JWT flows.
Salesforce applies limits to the number of inbound API requests that can be made in a 24 hour window to your Salesforce instance based on the number of licenses purchased for your environment. A typical Salesforce instance has a baseline allowance of 100,000 inbound API calls, plus 5000 calls multiplied by the number of licenses purchased. - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- All areas of the platform can be customised using declarative settings, Lightning Web Components, Apex code and CSS to provide tailored functionality, processes, data, automation, integration and user experience. Salesforce architects, developers and configurators make changes in sandbox environments that are tested and promoted via best practice dev ops to production.
Scaling
- Independence of resources
-
For professional services implementation contracts, resources are dedicated to projects according to the roles, effort, timeline and utilisation that is agreed.
For managed services contracts, monthly hours are agreed and reviewed quarterly. Additional hours can be consumed up to set limits with no notice period, or extended limits with two weeks notice so the resource pool can be managed effectively.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Our managed service reporting includes ticket volume, throughput and SLA metrics. Platform usage metrics are available as standard via Salesforce reports or to a deeper level of logging and security through the Salesforce Shield add-on.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Data can be exported by running reports, or programmatically using a data loader tool, or on a schedule to a backup system.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- JSON
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
- JSON
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Customers agree an SLA directly with Salesforce as part of their MSA when procuring licenses. Typically this will be >99.5% availability guaranteed and service credits may apply.
- Approach to resilience
- Salesforce publishes it security standards here - https://compliance.salesforce.com/en/documents/a005A00000k4aypQAA
- Outage reporting
-
Salesforce has live updates at https://trust.salesforce.com/en/
Users are notified in advance when they login of upcoming planned outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Authentication controls supported: Multifactor authentication, single sign-on (both as IDP and SP), custom login flows, connected apps (open ID connect), user password management, device controls, session security controls
Data access controls supported: The Salesforce sharing model provides Row Level Security per data entity. A baseline sharing default is setup per object defining what access all users have to records in that object. To open up access, Sharing Rules, Role Hierarchies, other declarative and programmatic Sharing mechanisms are leveraged to provide access to individuals or groups of users. This ensures record level security is correctly administered and maintained in the platform. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Less than 1 month
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- TNV System Certification P Ltd
- ISO/IEC 27001 accreditation date
- 10/04/2021
- What the ISO/IEC 27001 doesn’t cover
- N/A - Following Shared Responsibility model, VRP and Salesforce's SoAs cover all controls.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
ISB is chaired by CEO, including all relevant Regional Management Stakeholders from different support functions which are in charge of:
- Reviewing and approving control design, implementation and effectiveness
- Allocate the needed resources to implement and maintain the ISMS system at an operational level.
- Approval of Regional/Local exemptions to the compliance of the ISMS
- Gather insights on changes that might impact the ISMS
- Review ISMS performance in order to inspect and adjust the suitability, adequacy and effectiveness of it
This happens no less than every quarter.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Templated workspaces and process in tools such as Confluence, Jira, Slack, Salesforce and Google with rights management access and protection on information accessibility based on role profiles. Access is permission based and governed by senior personnel. Where change is process based, change control are either policy, system or personnel controlled. Depending on the nature of data retention needs and the lifecycle of customer engagements, spaces and data is either retained, archived or destroyed.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Please refer to https://compliance.salesforce.com/en/documents/a005A00000vMpyYQAS
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Salesforce Shield supports Monitoring, preventing, and mitigating threats to sensitive data.
With Event Monitoring, you can see who is accessing critical business data, when, and from where.
Failed or suspicious login attempts are flagged and reported in real time. Data downloads are tracked with IP addresses logged. Other critical events can be monitored in real time or using log files
Prevent data loss with Transaction Security Policies
Detect insider threats and report anomalies
Audit user behaviour and measure custom application performance - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- VRP Consulting has its own Incident Management process with playbooks per each scenario, including notification to third parties. Incidents can be reported through our internal portal or via email. Reports are provided using a predefined template containing further details, impact assessment, action log, decisions and lessons learnt, among others.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
Social Value
- Fighting climate change
-
Fighting climate change
We partner with Plant for the Planet and for every 40 hours of services we sell to clients we plant 1 tree on behalf of our clients. This is part of our 1% pledge, aligned with Salesforce's 100 million trees campaign.
https://forest.plant-for-the-planet.org/vrp-consulting/ - Covid-19 recovery
-
Covid-19 recovery
We developed a free telehealth app PatientX, available on the Salesforce AppExchange
https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3A00000G0y0sUAB
Pricing
- Price
- £140.00 to £260.00 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- No