Submission Process Office Hours (Security Review)

Submission Process Office Hours for Security Review are for partners interested in discussing the submission requirements & general logistics of the AppExchange Security Review. We can help with topics such as: 
  • Determining submission requirements
    • What reports & scan results must be provided? Which components & endpoints are they required for? 
    • What are the required fees? Will a distribution contract be required? 
  • Creating a full end-to-end test environment 
    • What components of the solution are in the scope of the security review? 
    • What kinds of test environments are required? How should they be provided? 
  • Clarifying Security Review logistics and other questions
    • What are some ways of preparing for the review? 
    • What happens if the app fails review? 
What You Need to Know
  1. Take the ISV Security Review and Develop Secure Web Apps Trailhead modules.
  2. Review http://p.force.com/security to fully understand the Security Review submission process. 
  3. Book an appointment with the Security Review Operations team (see calendar below). To book an appointment:
    • Select an open slot (titled "Security Review")
    • Fill out the following details in the Description section: 
      • Partner Company name
      • App name
      • Brief App Description
      • Package Name
      • Package ID
      • Topics you'd like to discuss
    • This will create an appointment slot in Google Calendar for the proposed date/time. 
    • To cancel, simply click into the existing appointment and select "Cancel Appointment". 
  4. Engage with our team and others partners in the Security Review Group.
Important Note: The Security Review Operations team is not able to review application code or advise on technical issues during these live office hours. If you have specific technical questions regarding application security, or if you would like to discuss the results of a previous security review, please book office hours separately with the Product Security Team. 



Additional Resources
Frequently Asked Questions (FAQ)

Q: Are there any pre-requisites for Submission Process Office Hours (Security Review)?
A: Yes, before signing up to attend, you must complete the  ISV Security Review Trailhead module. We also recommend completing the  Develop Secure Web Apps Trailhead module.

Q: Should I prepare and/or complete any material before joining these Office Hours?
A: Before signing up to attend, you must complete the  ISV Security Review Trailhead module. You don't need to prepare anything but you should be able to communicate to the team the general architecture of your solution, technologies used, and any external system integrations. This will help our team better understand your solution, and effectively advise you about your submission.

Q: I also heard about Security Office Hours. How are Submission Process Office Hours (Security Review) different from Partner Security Office Hours?
A:Partner Security Office Hours are for specific technical questions regarding security issues in their Force.com and/or web application. Security Review Submission Office Hours are for partners interested in discussing the submission requirements & general logistics of the AppExchange Security Review process (such as review scope, test environments, reports & scans, and other general logistics).

Q: Where can I learn more about the Security Review process for ISVs?
A:
See http://p.force.com/security to learn more (includes specific action items for partners). 

Q: What should I do if I have questions about these Office Hours?
A: If you have additional questions, please use the Security Review Group.