As a financial services firm or any other industry using salesforce, there is always a concern whether your salesforce org is compliant and meets the industry compliance needs. So the question is what can you do quick within a short period of time to safeguard your org and then go through a detailed analysis . Here is 3 steps you can do to start on this.

1. Is your sensitive data compliant?

2. Do you have unwarranted data access ?

3. Excess system permission.

1. Is your sensitive data compliant?

Sensitive data  compliance means whether you are storing sensitive information and if so how are you storing the sensitive data . So for a start, you can take the lead, contact, account and opportunity object and identify all the fields which is sensitive and then start analyzing on how you are storing the data. The use of encrypted fields is highly recommended. So start with a list of sensitive fields, identify the objects where it is stored and make a comment on how you are storing them.

2. Do you have unwarranted data access ?

Unwarranted data access  means to check to ensure that your salesforce data is not accessible to the users who should not be seeing it in the first place.. To check for access compliance, start with profiles and roles and identify object permissions, app and field level permissions. This could be a daunting task to review if you have more than 50 profiles and permission sets and roles. So to make this simple, you can start a list of your profiles and identify permissions which the profile should not have, objects and fields it should not have and work your way through each profile to identify the exceptions.

3. Excess system permission

One of the common permissions which is always ignored is the system administrator profile and all the permissions it provides. If your org has more than 5 system administrators or your developers are system administrators in production, this would be a red flag which you need to know. So check for field update permissions and modify all data permissions and check all your profiles whether this permission is accessible. So systems permission compliance is a way to check for rogue permissions like modify all data accidentally provided to other profiles . So making a list of sensitive administrative permissions and identifying the profiles and permissions sets which have them would be a good starting point to clean them up.

So with this 3 point strategy of ensuring sensitive data is stored right, preventing unwanted access to all people and system permission compliance would ensure that your org is compliant.   I would appreciate if you could click like if you like my blog and feel free to email me at buyan@sforcemaximizer.com for a detailed analysis of your salesforce org for compliance.