Skip to main content
All CollectionsSolution guidesUnderstand how the systems workMetadata analysis and management
Plan and execute scheduled maintenance of your Org capabilities
Plan and execute scheduled maintenance of your Org capabilities

MetaFields; Custom field on nodes, Custom fields on metadata; Classification; Documentation; Audit; Maintenance

Updated over a week ago

Why regularly audit your Salesforce Org using MetaFields?

In Salesforce's dynamic environment, maintaining the security and effectiveness of your Org is essential. Over time, business needs change and technology evolves, leading to features becoming obsolete or underutilized.

Access controls that were once appropriate may no longer align with current security policies. With each new Salesforce release, it’s crucial to ensure your configurations remain compatible and optimized.

Regular audits, using the new metafields feature, help keep your Salesforce instance robust, secure, and aligned with evolving business needs.

When to audit your Org using MetaFields?

Using MetaFields enhances your Metadata dictionary with custom information. And because we sync your metadata every day, it's like having always up-to-date, dynamic spreadsheet with all your Org intelligence.

The recommendations covered in this guide apply if any of the following scenarios applies to you:

  • Quarterly Compliance Audits: You want to regularly review profiles, permission sets, and object access to ensure alignment with organizational security policies.

  • Post-Release Adoption: In the week or two after the scheduled release, review if new salesforce metadata is being used by the business.

  • Post-Release Impact: Assess the impact of new Salesforce releases on existing capabilities and prepare for necessary adjustments.

  • Capability Usage Reviews: Periodically check if built-in business capabilities are still effective or have become redundant.

  • Security Policy Updates: Audit and align Salesforce configurations whenever there are changes to organizational security policies.

Prerequisites:

In order to follow this guide you need:

This solution guide covers use-case for using MetaFields functionality. You can learn more about setting it up here.

Decision Matrix: Unified vs. Specialized Custom Fields

Before creating custom MetaFields, decide whether to apply a unified set across all metadata types or to create specialized fields tailored to specific metadata types, such as access controls, objects, and automations.

Unified custom fields

  • Pros:

    • Simplicity: Easier to manage and apply consistently across all metadata types.

    • Consistency: Ensures uniform criteria for reviewing all metadata, simplifying reporting and analysis.

    • Scalability: Easier to scale without the need to manage multiple field sets.

  • Cons:

    • Lack of Specificity: May not capture nuances of different metadata types, leading to less actionable insights.

    • Overgeneralization: Important details specific to certain metadata types might be overlooked.

Specialized Custom Fields

  • Pros:

    • Tailored Reviews: Custom fields capture specific details relevant to each metadata type, leading to more accurate insights.

    • Enhanced Reporting: Granular data allows for targeted reporting and decision-making.

    • Focused Audits: Enables different teams to focus on their relevant components during audits.

  • Cons:

    • Complexity: Managing multiple sets of custom fields increases administrative overhead.

    • Inconsistency: Potential for inconsistent application of audit criteria across different metadata types.

    • Maintenance: Requires diligent maintenance and updates as business needs evolve.

MetaField definitions

If you opt for a unified set of custom fields, consider the following MetaFields applicable across all metadata types:

MetaField definitions for unified approach

  • Business value (Picklist)

    • Values: Valuable, Underutilized, Not used

    • Purpose: Tracks the current status of the capability or metadata component.

  • Compliance Status (Picklist)

    • Values: Compliant, Non-compliant, Needs Review

    • Purpose: Indicates compliance with current standards.

  • Sensitive Data Flag (Checkbox)

    • Purpose: Identifies whether the component involves sensitive information.

  • Last Reviewed Date (Date)

    • Purpose: Captures the date when the metadata component was last reviewed.

  • Next Audit Date (Date)

    • Purpose: Specifies the scheduled date for the next audit.

  • Impact Level (Picklist)

    • Values: High, Medium, Low

    • Purpose: Assesses the potential impact of removing item on business operations.

If you choose specialized fields, use these tailored metafields for key categories:

MetaField definitions for specialized approach

1. Access Controls (Profiles, Permission Sets, Roles)

  • Access Level (Picklist)

    • Values: Admin, Read/Write, Read-Only, None

    • Purpose: Specifies the access level granted.

  • Last Reviewed Date (Date)

    • Purpose: Captures the date when the metadata component was last reviewed.

  • Next Audit Date (Date)

    • Purpose: Specifies the scheduled date for the next audit.

  • Sensitive Data Access (Checkbox)

    • Purpose: Flags access to sensitive data.

  • Role Relevance (Picklist)

    • Values: Critical, Important, Non-Critical

    • Purpose: Categorizes the importance of the role.

2. Objects and Fields

  • Data Sensitivity Level (Picklist)

    • Values: High, Medium, Low

    • Purpose: Assesses the sensitivity of data stored.

  • Retention Policy (Picklist)

    • Values: Permanent, 1 Year, 5 Years, 10 Years

    • Purpose: Defines data retention duration.

  • Usage Frequency (Picklist)

    • Values: Frequent, Occasional, Rare

    • Purpose: Indicates how often the object or field is accessed.

  • Last Reviewed Date (Date)

    • Purpose: Captures the date when the metadata component was last reviewed.

  • Next Audit Date (Date)

    • Purpose: Specifies the scheduled date for the next audit.

  • Regulatory Compliance (Picklist)

    • Values: GDPR, HIPAA, None

    • Purpose: Identifies regulatory standards applicable to the data.

3. Automations (Apex, Flows, Processes, Workflows etc.)

  • Automation Complexity (Picklist)

    • Values: High, Medium, Low

    • Purpose: Rates automation complexity.

  • Business Impact (Picklist)

    • Values: Critical, Important, Non-Critical

    • Purpose: Assesses the impact on business processes.

  • Last Run Date (Date)

    • Purpose: Captures the last execution date.

  • Automation Owner (Text)

    • Purpose: Specifies the responsible individual or team.

  • Last Reviewed Date (Date)

    • Purpose: Captures the date when the metadata component was last reviewed.

  • Next Audit Date (Date)

    • Purpose: Specifies the scheduled date for the next audit.

Maintaining your Org using Elements

Step 1: Create custom view of metadata for specified components

Start by creating a custom view of metadata that includes the metadata types and their standard and custom attributes that you care about.

Even if you opted to have a unified set of MetaFields for maintenance across all metadata types, it is still recommended to have separate custom views of metadata for different groupings of metadata types.

Step 2: Classify metadata

Inspect the subset of metadata components defined in your list. Review the adoption data (like record counts), dependencies, documentation. You can also do that with the relevant business stakeholders.

Idea: you can classify objects, record types and major automations by which business function or stakeholder they apply to. You can then curate separate custom views of metadata by their respective departments.

Then it is easy to regularly sit down with the key stakeholder and review their usage of the platform.

Then use the 'Assessment' tab in the right panel. Fill the MetaFields with appropriate values.

Step 3: Taking action

What can you do if you find metadata component that, upon review, is no longer used or requires an update (for instance if an API version of an automation is outdated)?

Custom views of metadata come equipped with many single and bulk operations. You can raise user stories and document a task to deprecate or work on a given component. You can then pick up that story from your backlog and deliver it when there is capacity.

Step 4: Schedule regular reviews

When you finish the review, and there are many components that are still used by the business and work efficiently, you need to schedule the next regular maintenance review of your Org.

Using the 'Next review date' field you defined earlier, document the date when you plan to do the next review.

We recommend to do a maintenance review of your key Org capabilities once a quarter or once every 6 months.

Then create an event or a reminder in your calendar with that date for you and your team to remember to plan for that review.

You can create a custom view of metadata that includes all components that have a 'next review date' scheduled by specific timeframe. That way you will have a single list of all of your to-dos when the time comes.

Related Articles
Identify owners and stakeholders on key capabilities and metadata
MetaFields: set up custom fields on Salesforce metadata
Classify objects and fields that hold sensitive information and document who should have access to the data within
Plan a 'lift and shift' Org Merge without business process redesign
Identify and mitigate performance risks due to high record counts in Salesforce
Did this answer your question?