Skip to Content
  • VISIT CORO.IO
  • Coro Overview
    Main menu

    Coro Overview

    • Coro Deployment
      Coro Overview
      Coro Deployment
      • Salesforce Managed Package
      • Activate Coro connection
      • Data fields for Managed Package
    • Enablement and onboarding
      Coro Overview
      Enablement and onboarding
      • Video learning paths
      • Example kick-off email
      • CRM navigation bar
    • Coro set-up
      Coro Overview
      Coro set-up
      • User Access Management
      • Global Settings
      • Defining User Roles
      • Account Plans
      • Product Hierarchy
      • Competitor List
      • Financials
    • Dashboards and Reports
      Coro Overview
      Dashboards and Reports
      • Report Access
    • Public Architecture and Release Management
      Coro Overview
      Public Architecture and Release Management
      • Release Management
      • Coro Application Data Flow
    • Mobile and Tablet Apps
    • Security Overview
      Coro Overview
      Security Overview
      • Coro Security White Paper
    • Contact Us
  • User Training Videos
    Main menu

    User Training Videos

    • Account Planning Best Practices
      User Training Videos
      Account Planning Best Practices
      • Introduction
      • Right Accounts
      • Right Cadence & Teaming
      • Focus on Actions
      • Staying On-top
      • Sales Leadership Behaviors
    • Coro Overview
      User Training Videos
      Coro Overview
      • Introduction
    • How to Guide: Active Users
      User Training Videos
      How to Guide: Active Users
      • Submit an Account for Review
      • Update Notifications & Account Plan
      • Update Objectives & Health Check
      • Update Competitors & Share of Wallet
      • Update Strategy by Products
      • Update Financials
      • Update Power Base
      • Update Sales Plays
      • Update Relationship Plays
    • How to Guide: Admins
      User Training Videos
      How to Guide: Admins
      • Updating "General Settings"
      • Updating Account Plan Priority Status
      • Updating Accounts in Coro
      • Updating Product Categories
      • Updating User Roles
      • Updating List of Competitors
  • VISIT CORO.IO
  • Coro Overview

      • Coro Deployment
        • Salesforce Managed Package
        • Activate Coro connection
        • Data fields for Managed Package
      • Enablement and onboarding
        • Video learning paths
        • Example kick-off email
        • CRM navigation bar
      • Coro set-up
        • User Access Management
        • Global Settings
        • Defining User Roles
        • Account Plans
        • Product Hierarchy
        • Competitor List
        • Financials
      • Dashboards and Reports
        • Report Access
      • Public Architecture and Release Management
        • Release Management
        • Coro Application Data Flow
      • Mobile and Tablet Apps
      • Security Overview
        • Coro Security White Paper
      • Contact Us
  • User Training Videos

      • Account Planning Best Practices
        • Introduction
        • Right Accounts
        • Right Cadence & Teaming
        • Focus on Actions
        • Staying On-top
        • Sales Leadership Behaviors
      • Coro Overview
        • Introduction
      • How to Guide: Active Users
        • Submit an Account for Review
        • Update Notifications & Account Plan
        • Update Objectives & Health Check
        • Update Competitors & Share of Wallet
        • Update Strategy by Products
        • Update Financials
        • Update Power Base
        • Update Sales Plays
        • Update Relationship Plays
      • How to Guide: Admins
        • Updating "General Settings"
        • Updating Account Plan Priority Status
        • Updating Accounts in Coro
        • Updating Product Categories
        • Updating User Roles
        • Updating List of Competitors
    Your Previous Searches
      Recently Visited Pages

      Content added to Red Folder

      Red Folder (0)

      Removed from Red Folder

      Red Folder (0)

      Security

      Security

      Purpose

      Purpose

      These Security Sections are a formal statement of the security information by which anyone given access to Coro must be aware of.

      Scope

      Scope

      The scope of this Security Section is illustrating the security precautions in place relatively to Coro product. It applies to all employees, partners, and third-parties with access to Coro information assets

      Organizational Security

      Organizational Security

      Coro was designed with security at the forefront of priorities leveraging the application development services of Follow Analytics, recommended by our partners at Salesforce.

      The Coro application is hosted within Heroku, a platform also owned by Salesforce and hosted within AWS

      Hosting Provider Certifications

      Hosting Provider Certifications

      The Coro application is hosted on Heroku’s SOC 2 compliant platform owned by Salesforce. The platform resides within AWS infrastructure. For further information regarding the security practices in place please see the following links:

      • Salesforce: https://trust.salesforce.com/en/security/stay-current-security/
      • Heroku: https://www.heroku.com/policy/security
      • Amazon: https://aws.amazon.com/security

      Encryption

      Encryption

      Data at rest within the Coro application is encrypted using industry standards and best practices that meet the security requirements of the Client.

      TLS encryption is leveraged to provide secure communication by protecting the confidentiality and integrity for all data in transit within the Coro application.

      Network Security

      Network Security

      In the interest of protecting data, Coro logically and physically separates its networks. The corporate network is utilized for all corporate functions. This is separate from the production network, which is used for customer instances. To prevent inadvertent information flow between different networks, access controls are implemented and reviewed periodically.

      Access Control

      Access Control

      Authentication

      Authentication to the Coro application is achieved by leveraging Single Sign On through the customers Salesforce instance.

      Mobile application: The Coro app establishes a new session every time the application is open. If privileges are revoked within the CRM, the Coro mobile application does not log-in. Face ID can used for faster log-ins, but does not provide access to the application itself.

      Provisioning

      Access is provisioned within the clients Salesforce instance. Salesforce has strong logical access controls for their production network which include:

      • Manger approved production access, based on the principal of least privilege, to include necessary segregation of duties
      • Timely access removal for terminated employees
      • Multi-factor authentication to internal systems
      • Bastion Host in place as secure perimeter between authentication and core servers
      • Centralized log correlation in place to capture system activity

      Clients are responsible for granting the appropriate access permissions to data within the Coro application.

      Data Retention and Disposal

      Data Retention and Disposal

      Clients define the data being stored within the Coro application and can set unique data retention and disposal requirements, as well as purge data at their discretion.

      Data stored within the application is housed within an AWS data center, further information regarding their disposal practices can be found at https://aws.amazon.com/security

      Disaster Recovery/Business Continuity Planning

      Disaster Recovery/Business Continuity Planning

      The platform Coro is hosted on maintains redundancy to prevent single points of failure and ensure the availability of data stored within the application. In the event of an outage, the platform is deployed across multiple data centers designed for resiliency. Additionally, data within the application can also be restored from backups that have been configured to meet the requirements of the client.

      Incident Management

      Incident Management

      The platform hosting the Coro application has a defined and implemented incident management policy in place. The response procedure identifies when events should be escalated and who should be notified. This allows for timely response and correct alignment of personnel to resolve potential incidents.

      All incidents are logged into an automated workflow and online ticketing system that tracks the incident from initiation to resolution. Personnel tending to security incidents do not have access to data stored within the application unless there is explicit permission from the client.

      Application Data Flow

      Application Data Flow

      See Application Coro Application Data Flow.

      Data Storage

      Data Storage

      See Data Fields for Managed Package.

      Coro Security processes

      Coro Security processes

      Coro has access to confidential and sensitive client information of numerous Fortune 100 companies as one of the top management consultancies in the world; the business model of Coro and Bain & Company is predicated on being rigorous, transparent and responsible in how it handles and secures confidential information. Data protection is one of the most important priority for Coro. Within the several precautions and processes Coro put in place, there are also:

      • Regular security education sessions
      • Periodic schedule of Security Testing [External and Internal]
      • Automated enforcement of security analysis
      • Explicit security checklists to work against all code changes

      © 1996-2022 Bain & Company, Inc.