DEV Community

Demo
Demo

Posted on • Originally published at orgdoc.dev

What Is a Salesforce Org Health Assessment? (And Why You Need One)

#salesforce #crm #admin #governance

Your Org Is Talking. Are You Listening?

Every Salesforce org tells a story. The number of custom objects, the sprawl of automation, the gaps in field utilization, the permissions that have drifted from their original intent — all of it paints a picture of how your org has been managed over time.

A Salesforce org health assessment is a structured evaluation of that picture. It examines your org's configuration, customization, data quality, security posture, and operational efficiency to identify risks, inefficiencies, and opportunities for improvement.

Think of it as a comprehensive physical exam for your Salesforce instance. You might feel fine — things are working, users are logging in, reports are running — but underneath the surface, there are almost certainly issues accumulating that will become painful if left unaddressed.

What a Good Assessment Covers

Not all health assessments are created equal. A cursory review of your Salesforce Optimizer report is not a health assessment. A vendor running a scan to upsell you on their product is not a health assessment. A genuine, thorough assessment covers the following domains:

1. Security and Access Model

This is the foundation. A proper security review examines:

  • Profiles and permission sets: Who has access to what? Are there users with Modify All Data or View All Data who shouldn't have it? Are permission sets being used intentionally or as ad-hoc fixes?
  • Sharing rules and org-wide defaults: Is your sharing model appropriate for your organizational structure? Are there sharing rules that were created for a specific situation and never cleaned up?
  • Login and session policies: Are session timeout settings, IP restrictions, and MFA configurations aligned with your security requirements?

  • Field-level security: Are sensitive fields (PII, financial data, competitive intelligence) properly restricted?

    2. Data Model and Architecture

    The data model is the skeleton of your org. The assessment should evaluate:

  • Object design: Are custom objects well-structured, or has the schema grown organically without architectural oversight? Are there redundant objects storing overlapping data?

  • Relationships: Are lookup vs. master-detail relationships used appropriately? Are junction objects clean or cluttered with unrelated fields?

  • Field utilization: What percentage of custom fields are actually populated and used? How many are stale?

  • Record volume and limits: Are you approaching any governor limits on data storage, API calls, or custom object counts?

    3. Automation Landscape

    Automation is where orgs accumulate the most technical debt. A thorough review maps:

  • All automation by object: Every Workflow Rule, Process Builder, Flow, and Apex trigger that fires on each object, including order of execution.

  • Conflicts and redundancies: Are multiple automations updating the same field? Are there recursive loops or unintended interactions?

  • Migration readiness: What percentage of your automation is on deprecated frameworks (Workflow Rules, Process Builder) versus current standards (Flow)?

  • Error handling: Do your automations fail gracefully, or do they surface cryptic error messages to users?

    4. Data Quality

    Data is the lifeblood of your CRM. The assessment should quantify:

  • Duplicate rates: What percentage of Accounts, Contacts, and Leads are duplicates? What's the downstream impact on pipeline and reporting?

  • Field completeness: For critical fields (industry, revenue, stage, close date), what's the fill rate? Where are the gaps?

  • Picklist consistency: Are picklist values standardized, or have free-text entries and legacy values created fragmentation?

  • Data decay: How quickly does your data go stale? What percentage of Contacts have bounced emails or disconnected phone numbers?

    5. User Adoption and Experience

    The best-configured org in the world is worthless if people aren't using it effectively. An assessment should examine:

  • Login frequency: What percentage of licensed users are logging in regularly?

  • Feature utilization: Are teams using the features you've built for them, or are they reverting to spreadsheets and email?

  • Page layout efficiency: Are page layouts cluttered with irrelevant fields, or streamlined for each role?

  • Mobile readiness: If your team works in the field, is the mobile experience functional?

    6. Integration Health

    Connected systems are a common source of hidden risk. The assessment should inventory:

  • All active integrations: Which external systems are connected, what data flows between them, and what credentials are they using?

  • API usage: Are you approaching API call limits? Are integrations making efficient use of bulk APIs where appropriate?

  • Error rates: What percentage of integration transactions are failing, and what happens to failed records?

  • Stale connections: Are there integrations to systems you no longer use that are still consuming API calls or creating records?

    When You Need an Assessment

    Certain events should automatically trigger an org health assessment:

  • Post-acquisition: Inheriting another organization's Salesforce instance or migrating users from a different CRM.

  • Before a major initiative: If you're about to implement CPQ, Revenue Cloud, or a large-scale custom build, you need to know the state of your foundation first.

  • After turnover: When key admins or developers leave, institutional knowledge walks out the door. An assessment captures the current state objectively.

  • Annually: Even stable orgs should be assessed yearly. Configuration drift is constant, and catching issues early is always cheaper than catching them late.

    What You Get Out of It

    A well-executed assessment delivers:

  • A prioritized findings report: Every issue ranked by severity, business impact, and remediation effort. No generic recommendations — specific, actionable findings tied to your org.

  • A remediation roadmap: A sequenced plan for addressing findings, with quick wins identified for immediate impact and larger initiatives planned over quarters.

  • Baseline metrics: Quantified measures of your org's current state — duplicate rates, automation complexity scores, field utilization percentages — that you can track over time.

  • Risk register: A clear accounting of security, compliance, and operational risks with recommended mitigations.

    Why External Assessment Matters

    Your internal team knows your org better than anyone. That's both an advantage and a liability. Familiarity creates blind spots. Workarounds that have been in place for years stop looking like workarounds. Configurations that were "temporary" three years ago have become invisible.

An external assessment brings fresh eyes, structured methodology, and cross-org benchmarking. Our team has assessed orgs across dozens of industries and company sizes. We know what good looks like, and we know where orgs typically hide their worst problems — because we've found them before.

If you'd like our team to assess your org, reach out at contact@orgdoc.dev.

Need a second opinion on your Salesforce org? Request a diagnostic.

Top comments (0)