DSP and Pen testing for supporting agencies

Tim_Morgan · 24 November 2025 12:03

We are a consultancy supporting a provider to integrate with e-RS.

The provider uses Salesforce as a platform.

Should the data security-type sections of the API applications be answered as Salesforce, or as the provider?

i.e. Should Salesforce be able to demonstrate their DSP Toolkit credentials, or the provider? Should Salesforce demonstrate a penetration test results, or the provider?

Are either of these examples applicable as a requirement for us, as the supporting implementation consultancy?

zubeir.tai · 26 November 2025 15:27

Hi Tim - It would be the integrating party in all cases, i.e. the supplier providing the software solution.

From what you’ve stated, this sounds like Salesforce.

Tim_Morgan · 26 November 2025 16:36

Ok perfect thank you @zubeir.tai !

Topic		Replies	Views
Application-restricted Access eRS APIs - List of steps e-Referral Service FHIR API onboarding , api	3	781	17 November 2022
e-RS sandbox with UI for user familiarity e-Referral Service (e-RS)	4	26	19 November 2025
How do I integrate with the API Platform? e-Referral Service (e-RS) authentication , onboarding	2	680	4 March 2024
Test Data upon Registration e-Referral Service FHIR API testing , onboarding	2	40	13 November 2024
Trouble performing "e-RS worklist retrieval" API Platform testing	21	127	15 April 2025

DSP and Pen testing for supporting agencies

Related topics