360º Quality Audit
Audit9 provides two types of quality assurance engagement; the 360º architecture audit and the project quality checkpoint.
The 360º Architecture Audit provides peace of mind for Salesforce® customers through a comprehensive, expert and independent analysis of key risk areas and adherence to best-practice. All audits are undertaken by a Salesforce Certified Technical Architect (CTA).
The Project Quality Checkpoint covers all aspects of a planned or ongoing Salesforce implementation project with a view to identify risk or inefficiency related to the solution design options or build quality issues related to emerging technical components. Process aspects can also be assessed to identify deviations from best-practice.
The composition of each audit will be directed by the focus areas defined by the client, but in most cases covers the integrity of the solution design, appropriate mapping of requirements to platform features, quality of the point-and-click build, technical components and integration architecture. Salesforce Marketing Cloud quality audits are also undertaken.
The primary outcome of the audit will be a report of findings, which outlines adherence to best practice, security risk, ongoing maintainability/extensibility and scalability of the solution. The report may also cover tactical recommendations and strategic roadmap considerations.
The checklist below provides an illustration of the type of review areas covered.
√ Sharing Model. Role Hierarchy, Org-wide Defaults, Implicit-over-explicit Sharing, Public Groups/Manager Groups/Queues usage.
√ Functional Permissions. Profiles, Permission Sets.
√ Secure Environment. Org-access. IP restrictions, Network access, Connected App lock-down.
√ Secure Environment. My Domain, Identity Management, SSO.
√ Secure Environment. Session timeouts, password policies.
√ Solution Options. Key functional areas, Appropriate solutioning.
√ Data model. Object design, Relationship types, Indexing strategy. Performance considerations, Reporting considerations.
√ Business Logic. Validation rules, Workflow, processes, Entitlements, Assignment rules, Escalations etc.
√ Conventions / Maintainability.
√ Reports and dashboards.
√ Risk Areas.
√ Coding standards and quality.
√ Exception handling / logging.
√ Unit Tests. Quality, Logical Tests, Coverage.
√ Naming Conventions.
√ Risk Areas. For example, Standard Object Triggers.
√ Custom Interactions. Application blending/usability.
√ User Limits Analysis.
√ Edition Limits. Emails, Time-based workflow etc.
√ Future extensibility constraints.
√ Future scalability risk.
√ Physical Integration Architecture. Appropriate implementation. Patterns and conventions.
√ Tools and Technologies.
√ Platform limits.
√ Data Quality Process.
√ Reference Data Strategy.
√ Inappropriate use of platform features.
√ Reporting and analytics.
√ Technical skew.
√ Installed AppExchange packages.
√ Chatter implementation model.
√ Mobile deployment model (Salesforce1, Analytics App).
√ Salesforce1 browser app.
√ Release Management Process. Deployment methods, Source Code Control, Continuous Integration. Release approval.
√ Change Control. Effective management of change in a Salesforce environment.
√ Project Delivery Best Practice.
√ Development Process. Adopting technical Agile practices in a Salesforce environment.
√ Development Process. Project delivery with Scrum.