TaskRay Shared Responsibility Model
As an enterprise application that is installed and run entirely within your existing Salesforce instance, TaskRay follows a shared data security and privacy model that is subject to the same security, reliability, and control as all other Salesforce data.
As the customer, you are responsible for security and privacy in the application, i.e. for installation and configuration of TaskRay in your Salesforce instance and for setting visibility and access rights. This allows you to maintain complete control over your data—TaskRay cannot access or view any data customers have created or stored in our app.
View Customer Responsibilities
TaskRay customers are responsible for installation and configuration of TaskRay in their Salesforce instance and for setting visibility and access rights, including:
- Installation of the TaskRay managed package into Production and Sandbox instances of Salesforce.
- Configuration of the TaskRay Service within Salesforce
- Salesforce & TaskRay API Integration
- Configuration of (optional) Slack integration
- Configuration of Any Additional Connections
- Configuration of Users in Salesforce
Configuration of TaskRay Service within Salesforce
As a native Salesforce application TaskRay can take advantage of Salesforce customizations and automations. Our practice is to package common automations to give our customers a general solution or a starting point for a more customized solution. For more information, please visit our support site.
TaskRay leverages several optional features that can be configured by the customer’s internal Salesforce Admin team:
Invocable Apex Actions: TaskRay provides several invocable apex actions that can be called from Process Builders and Flows. For example, you can utilize an action to create deep clones of a project template to ensure it is scheduled correctly based upon the template and dates derived from the object triggering the clone (commonly the Opportunity Close data in Salesforce).
Process Builder: TaskRay suggests leveraging process builders as a declarative tool to clone projects as well as to perform simple data updates in custom scenarios. Customers are required to configure these process builders using best practices provided by TaskRay.
Flow: TaskRay may suggest that customers leverage flows as a declarative tool to clone more complex project templates or for scenarios requiring a project to be “Stitched” together from a variety of templates. Flows may also be prescribed for customers to perform more advanced automations for custom scenarios. Customers are required to configure these flows using best practices provided by TaskRay.
Apex: TaskRay-provided global Apex methods are called directly from Apex code written in customer orgs. This is only suggested in the most complex scenarios and it is the customer’s responsibility to develop this apex code as well as test cases to ensure the code will be performant and successful.
Public Sites: TaskRay provides an optional feature called “External Sharing” which utilizes Salesforce public site technology to allow customers to provide a direct link to a live “Plan View”. This feature allows you to provide a link to projects opted into “External Sharing” to your customers, allowing for a real time view of their projects. This optional feature leverages public sites and will provide public access to a subset of your TaskRay data.
Communities: TaskRay supports Salesforce Communities to allow your customers to log directly into a TaskRay Salesforce organization and participate fully in TaskRay projects. TaskRay Community setup mimics the Salesforce Community setup with some additional steps required for exposing TaskRay components to the Community. Customers are required to configure these communities using best practices provided by TaskRay.
Custom Fields and Objects: TaskRay supports the creation and linking of custom fields and objects to TaskRay Objects to support custom scenarios. Customers are required to configure these fields and objects using best practices provided by TaskRay.
Validation Rules: TaskRay supports the creation of custom Salesforce validation rules. These validation rules are created to support custom business logics. Customers are required to configure these validation rules using best practices provided by TaskRay.
Salesforce & TaskRay API Integration
TaskRay’s native app architecture allows customers to expose TaskRay information via Salesforce APIs. This allows customers to utilize existing Salesforce API connections, middleware, data backup, and data visualization tools with TaskRay data.
Configuration of (optional) Slack Integration
TaskRay has an optional feature which allows customers to connect TaskRay to their Slack workspace. This customization can expose TaskRay data to any user within your Slack workspace and allows customers to create tasks and display progress on TaskRay projects directly within Slack. Customers are required to configure this integration using best practices provided by TaskRay.
Configuration of Any Additional Connections
Customers are required to ensure any other connections to their Salesforce org which may be utilizing TaskRay data are appropriately configured. To ensure your TaskRay implementation is optimized for your specific use case, we provide documentation as well as guidance to your Salesforce administration team.
Configuration of Users in Salesforce
TaskRay user account management mirrors Salesforce user account management. In order to use TaskRay, a user must be configured in Salesforce and have the license and permissions specified above configured for that user. TaskRay data visibility is driven by two factors:
- Configuration of visibility of TaskRay data for internal and external Salesforce users (leveraging Salesforce configuration).
- TaskRay licenses must be assigned to individual users. (This does not apply in a Site License Scenario.) Salesforce Object Level Create, Read, Edit, Delete, and Field Level Security must be configured like any other custom or standard object in Salesforce. (We recommend utilizing either the TaskRay Standard or TaskRay Read-Only permission sets.)
TaskRay is developed and maintained to meet all of Salesforce’s information and data security standards. (The Salesforce security team conducts rigorous reviews of all native products, including TaskRay, before publicly listing them on AppExchange.)
View TaskRay Responsibilities
Salesforce Security Reviews & Compliance
TaskRay participates in periodic security re-reviews of the TaskRay application with the Salesforce security team. If any issues are found, Salesforce requires that they are addressed within 90 days to maintain a public listing on the Appexchange.
As a top Salesforce partner, TaskRay is made aware of any changes Salesforce is making before they are released—enabling us to ensure that TaskRay is always in compliance.
Application Lifecycle Management
Major Release Process (~3 times per year)
Upon development completion: TaskRay runs a final Salesforce security scan on the new release using tooling provided by the Salesforce security team.
6 weeks prior to Production upgrades: Email communication to TaskRay Admins containing release notes and release schedule.
3 weeks prior to Production upgrades (Wednesday or Thursday): Email communication to TaskRay Admins reminding them that Sandboxes will be upgraded on Saturday.
3 weeks prior to Production upgrades (Saturday): Push upgrade to all customer Sandboxes so customers can test the upgraded version with their customizations. At this time, it is also possible to opt into the upgraded version in your production org with a direct install link or an upgrade performed through the AppExchange.
3 weeks prior to Production upgrades (Saturday): Email communication to TaskRay Admins alerting them that the Sandbox upgrade was completed.
Week of Production upgrades (Wednesday or Thursday): Email communication to TaskRay Admins reminding them that Production will be upgraded on Saturday.
Week of Production upgrades (Saturday): Push upgrade to all customers. Email communication to TaskRay admins alerting them that the Production upgrade was completed.
Minor Release Process (bug fixes)
- Identify and deem issue critical for immediate patch.
- Analyze risk of pushing bug fix, determine any risk mitigation factors, and apply to bug fix planning.
- Perform development work to address issue.
- Create a new minor package version based on the last major release.
- Update minor package version release notes on support.taskray.com “What’s New” section.
- Push new minor package version to customers.
- We consistently receive 5-star reviews on the AppExchange calling out our documentation.
- Our extensive online documentation will help your Salesforce Administrator become a TaskRay Administrator.
- Customers have the ability to log unlimited support tickets.
- TaskRay provides email support for most issues.
- For complex support issues, we will set up a Zoom meeting.
- As with Salesforce, authorized users may grant TaskRay login access in order for our team to troubleshoot issues.
Salesforce is responsible for: platform applications, identity and access management; hardware, data center and disaster recovery; operating system, network and firewall configuration; server-side data encryption, data integrity and networking traffic protection; as well as TaskRay data encryption and data integrity authentication, data storage and service delivery. In other words, everything Salesforce does to protect your data on their platform applies in the exact same way to your data in TaskRay.
Please refer to Saleforce’s Security site for details.
TaskRay Access to License Management
TaskRay uses Salesforce’s License Management Application (LMA), this is a Salesforce-provided service for applications like ours. You may be familiar with this with other managed packages in Salesforce, it is how you assign licenses to any other Salesforce app. It reports to you how many licenses we have allocated you, and reports to us how many licenses you have assigned.
TaskRay Access to Customer Salesforce Data
The TaskRay application and all of the data within it does not leave your Salesforce org, which we do not have programmatic access to. The only access TaskRay would have to your data is if you granted TaskRay support login access (which is optional during support cases). If granted, this support login access allows a TaskRay rep to login to your Salesforce Org as the user who granted access. The only other data coming out of the Salesforce org would be anonymized product usage metrics we collect with a product analytics tool. These usage metrics help us understand which features are being utilized in the app to help with future improvements.
Want to see more?
If you want to learn more about how TaskRay can help you get every customer off to a good start, sign up for our next overview webinar.