Security Requirements for AppExchange Partners and Solutions
As a condition of your participation in the AppExchange Partner Program, you must adhere to the security requirements outlined in this document. These requirements include general requirements applicable to all AppExchange Partners and Partner Applications, and additional requirements that are specific to Partner Applications that use or connect with specific technology or are intended for use in specific industries. In these requirements, Partner Applications are also referred to as “solutions.” When you create or edit an AppExchange listing, you’re required to confirm that you complied with these requirements.
The security requirements in this document aren’t exhaustive. We encourage Partners to follow all applicable industry security standards.
General AppExchange Requirements
- All Partners must comply with the requirements described in Security Policy Requirements.
- All Partner Applications must comply with the requirements described in Prevent Secure Coding Violations.
- All Partner Applications must pass a Salesforce Security Review and Assessment where required under the AppExchange Partner Program Policies.
B2C Commerce Solution Security Requirements
If your Partner Application is a B2C Commerce Cartridge or Headless Integration, you must also follow the requirements described in Secure Your B2C Commerce Solution. These B2C Commerce specific requirements are in addition to the General AppExchange Requirements.
Tableau Accelerator Security Requirements
If your Partner Application is a Tableau Accelerator, you must also follow the requirements described in Secure Your Tableau Accelerator. These Tableau specific requirements are in addition to the General AppExchange Requirements.