- Request least-privilege source access appropriate to the agreed scope.
- Do not collect production credentials through website forms.
- Encrypt transfers and stored migration data.
- Restrict and audit access.
- Separate customer environments.
- Control Shadow Mode side effects.
- Define retention and deletion before extraction.
- Preserve evidence of mappings, reconciliation, exceptions, and approvals.
- Document subprocessors and deployment locations.
CRM Exit by Move Big Rocks
Security is part of the exit method
CRM exits involve customer histories, personal data, contracts, communications, files, permissions, and operational workflows. Security cannot be deferred until after the migration design.
01
Our approach
02
Business Case Generator and forms
The initial Business Case inventory and calculation run in the browser or local CLI. Values are sent only if the visitor explicitly requests a saved report or Audit. Website forms collect only qualification and response information; they do not accept CRM exports, customer records, passwords, or API tokens.
Public agent endpoints are read-only. They expose method, schema, source, claim, taxonomy, and synthetic example data. They do not accept private Business Case inputs.
A temporary agent review URL is created only after explicit consent. It is read-only, expiring, revocable, excluded from indexing and analytics, and served through redacted access logging. The user sees which fields it exposes before creating it.
03
Customer-specific security pack
Qualified projects can receive architecture, data flow, subprocessors, access controls, retention/deletion, incident response, backup/restoration, and deployment information appropriate to the proposed operating model.
04
Claims pending verification
Do not publish certification or regulatory-compliance badges until scope and evidence are approved. Insert security contact and vulnerability reporting process before launch.
Make the next decision