When it comes to Salesforce DevOps for the public sector, security is a top concern, and rightfully so. From the   personal information of employees and elected officials to private details of government operations, there is a   plethora of information that needs to be treated with the utmost care. 

 Companies often have questions regarding the FedRAMP compliance framework and how it applies to them and tools they utilize. FedRAMP stands for the Federal Risk and Authorization Management Program, which was established in 2011 to help federal agencies use modern cloud technologies while placing an emphasis on the security and protection of federal information. 

 One classification of companies who often work in the cloud are independent software vendors (ISV). These are individuals and organizations that develop, market and sell software that runs on third-party software and hardware platforms, including Salesforce Government Cloud, Microsoft Azure, Google Cloud Platform, Amazon Web Services and IBM Cloud for Government. Essentially, an ISV is a software developer. An agency could buy the software and deploy it within their FedRAMP-authorized IaaS environment, similar to when you purchase a computer and add office tools or other programs to it. 

 The FedRAMP program does not directly apply to most ISVs, including Flosum. That’s because an ISV cannot get their native product listed in the FedRAMP marketplace because it is a software and not a service. The FedRAMP program was designed for providers that provide multi-tenant cloud solutions to the U.S. federal government, including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  

 Other apps in the Salesforce market place often claim to be FedRAMP-certified. These are typically composite apps, which means a part of their architecture is outside the Salesforce ecosystem and creates a potential security loophole. 

 ISV products do not meet the requirements to be listed in the FedRAMP marketplace because they do not process, store or transmit federal or system data. As a general rule, they have no access to their agency customers’ production environments unless explicitly granted it by the agency for a specific purpose and limited timeframe, such as if help was needed to troubleshoot a problem. 

 Since Flosum is native, it meets all the security, privacy and compliance requirements that the Salesforce platform does. Flosum is the most secure Salesforce DevOps solution available. As the only release management solution approved for use on Government Cloud, it meets Salesforce FedRAMP and other government security compliance standards. 

 Flosum is the only 100% native DevOps solution purpose-built for Salesforce, making it the best, if not only, choice for government agencies. Our customers include some of the most security-conscious federal, state and local government organizations where governance, compliance, and data security are always a top priority. 


 Read more:

 U.S. Federal Agency Stays on Schedule, Improves Release Quality

 U.S. Defense Agency Finds Efficiency and Security with Flosum

 Government Agency Saves 10 Working Hours Per Project 

signup for our blog


“Flosum is the best native release management tool that you will fall in love with. I have gained confidence in my role and has given me the ability to view release management from a whole different perspective.”

Faizan Ali

Faizan Ali
Salesforce Consultant at Turnitin