FSC × DORA Readiness Scorecard

A supervisory-aligned signal check of operational resilience evidence in Salesforce Financial Services Cloud.

This is not a sales form. No automated emails, no scoring gamification — just a directional signal aligned to supervisory expectations under DORA.

FSC maturity pre-qualification (without asking)

This scorecard assumes an FSC environment already supporting structured controls, auditability, and role-based process enforcement. It highlights where supervisory evidence may still be fragmented or externally dependent.

Can your FSC system extract immutable audit logs covering the last 12+ months?

Why this matters: Supervisors increasingly expect audit evidence to be tamper-resistant, complete, and historically accessible. The ability to produce immutable logs over time is a foundational indicator of control reliability, not just system configuration.

Is Salesforce Shield event monitoring integrated with your GRC or compliance system?

Why this matters: Operational resilience depends not only on detecting events, but on governed escalation and oversight. Integration with a GRC or compliance system signals that monitoring outputs are actively reviewed, retained, and linked to accountability structures.

Are approvals, escalations, and decisions timestamped and stored outside the operational org?

Why this matters: From a supervisory perspective, decision traceability is as important as the decision itself. Independent storage of approvals and escalations reduces reliance on operational systems and strengthens evidential integrity during audits or incident reviews.

Is there a real-time or batch sync pushing compliance data from Salesforce to external systems (e.g., ServiceNow, RSA Archer)?

Why this matters: DORA emphasises end-to-end visibility across the control landscape. Data synchronisation to external systems demonstrates that compliance information is consolidated, monitored, and reviewed beyond a single platform boundary.

Is there a clear mapping of DORA domains (ICT Risk, Incident, etc.) to Salesforce processes and evidence trails?

Why this matters: Supervisors do not assess controls in isolation — they assess regulatory coverage. Clear mapping between DORA requirements, operational processes, and supporting evidence enables faster, more defensible audit responses.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
// Verify all data-score attributes exist const radioGroups = [ "q1_immutable_audit_logs", "q2_salesforce_shield_integration", "q3_decision_traceability", "q4_external_compliance_sync", "q5_dora_domain_mapping" ]; console.log("=== VERIFYING DATA-SCORE ATTRIBUTES ==="); let allGood = true; radioGroups.forEach(name => { const radios = document.querySelectorAll(`input[name="${name}"]`); console.log(`\n${name}:`); radios.forEach(radio => { const score = radio.getAttribute('data-score'); const status = score !== null ? '✅' : '❌'; console.log(` ${status} ${radio.value}: data-score = ${score}`); if (score === null) allGood = false; }); }); console.log(`\n${allGood ? '✅ ALL ATTRIBUTES CONFIGURED CORRECTLY!' : '❌ SOME ATTRIBUTES MISSING - CHECK ABOVE'}`); ``` **Expected output:** ``` === VERIFYING DATA-SCORE ATTRIBUTES === q1_immutable_audit_logs: ✅ YES_IMMUTABLE_AUDIT_LOG: data-score = 1 ✅ NO_IMMUTABLE_AUDIT_LOG: data-score = 0 q2_salesforce_shield_integration: ✅ YES_SALESFORCE_SHIELD: data-score = 1 ✅ NO_SALESFORCE_SHIELD: data-score = 0 ... (etc for all 5 questions) ✅ ALL ATTRIBUTES CONFIGURED CORRECTLY!