When it comes to Salesforce DevOps for the public sector, security is a top concern, and rightfully so. From the   personal information of employees and elected officials to private details of government operations, there is a   plethora of information that needs to be treated with the utmost care. 

 Companies often have questions regarding the FedRAMP compliance framework and how it applies to them   and tools they utilize. FedRAMP stands for the Federal Risk and Authorization Management Program, which   was established in 2011 to help federal agencies use modern cloud technologies while placing an emphasis on   the security and protection of federal information. 


 One classification of companies who often work in the cloud are independent software vendors (ISV). These   are individuals and organizations that develop, market and sell software that runs on third-party software and   hardware platforms, including Salesforce Government Cloud, Microsoft Azure, Google Cloud Platform, Amazon   Web Services and IBM Cloud for Government. Essentially, an ISV is a software developer. An agency could buy   the software and deploy it within their FedRAMP-authorized IaaS environment, similar to when you purchase a   computer and add office tools or other programs to it. 

 The FedRAMP program does not directly apply to most ISVs, including Flosum. That’s because an ISV cannot   get their native product listed in the FedRAMP marketplace because it is a software and not a service. The   FedRAMP program was designed for providers that provide multi-tenant cloud solutions to the U.S. federal   government, including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a   Service (IaaS).  

 Other apps in the Salesforce market place often claim to be FedRAMP-certified. These are typically composite   apps, which means a part of their architecture is outside the Salesforce ecosystem and creates a potential   security loophole. 

 ISV products do not meet the requirements to be listed in the FedRAMP marketplace because they do not   process, store or transmit federal or system data. As a general rule, they have no access to their agency   customers’ production environments unless explicitly granted it by the agency for a specific purpose and   limited timeframe, such as if help was needed to troubleshoot a problem. 

 Since Flosum is native, it meets all the security, privacy and compliance requirements that the Salesforce   platform does. Flosum is the most secure Salesforce DevOps solution available. As the only release   management solution approved for use on Government Cloud, it meets Salesforce FedRAMP and other   government security compliance standards. 

 Flosum is the only 100% native DevOps solution purpose-built for Salesforce, making it the best, if not only,   choice for government agencies. Our customers include some of the most security-conscious federal, state   and local government organizations where governance, compliance, and data security are always a top priority. 


 Read more:

 U.S. Federal Agency Stays on Schedule, Improves Release Quality

 U.S. Defense Agency Finds Efficiency and Security with Flosum

 Government Agency Saves 10 Working Hours Per Project 


“Flosum is the best native release management tool that you will fall in love with. I have gained confidence in my role and has given me the ability to view release management from a whole different perspective.”

Faizan Ali

Faizan Ali
Salesforce Consultant at Turnitin