The 15-Point Salesforce Org Health Checklist Every Admin Should Run

Salesforce orgs accumulate technical debt quietly. Unused profiles, obsolete workflows, over-permissioned users, and deprecated automation pile up release after release until they start causing real problems - slow page loads, unexpected automation conflicts, and security gaps. This checklist covers the 15 most impactful areas to review, in order of risk.

Security

1. Review Profiles and Permission Sets

Pull a report of every profile and permission set in your org. Flag any profile with "Modify All Data" or "View All Data" that is assigned to non-admin users. Check for permission sets that grant admin-level access without a documented business justification. Every elevated permission should be traceable to a named role requirement.

2. Audit Inactive and Over-Permissioned Users

Run a last-login report. Any user who has not logged in for 90+ days should be reviewed - deactivate if they have left the organisation, or flag for IT if status is unclear. Also check for active users with System Administrator profiles who do not require full admin access. The principle of least privilege applies directly to Salesforce licences.

3. Check Organisation-Wide Defaults (OWDs)

Review the OWD settings for every key object. If Accounts, Contacts, or Opportunities are set to "Public Read/Write" without a clear reason, this is a security risk. OWDs should be as restrictive as the business process allows, with sharing rules used to open access selectively.

4. Review Connected Apps and OAuth Tokens

Go to Setup ? Connected Apps ? Manage Connected Apps and review every application with access to your org. Remove any app that is no longer in use. Stale OAuth tokens from deprecated integrations are a common and overlooked attack surface.

Technical Debt

5. Audit Active Workflows and Process Builders

Salesforce has deprecated Process Builder in favour of Flow. List every active Workflow Rule and Process Builder in your org. Assess which are genuinely in use, which are redundant, and which are candidates for migration to Flow. Process Builder automations running in production that nobody can explain are a support liability.

6. Review Apex Classes and Triggers for Coverage and Errors

Check code coverage for all Apex classes and triggers - anything below 75% is a deployment risk and indicates incomplete test coverage. Review the Apex Jobs log for recurring failures. A trigger that throws a handled exception on every save is still running and consuming governor limits.

7. Check for Duplicate and Conflicting Validation Rules

List all active validation rules per object. Look for rules that contradict each other, rules that reference fields no longer in use, and rules that were deactivated as a workaround for a data issue and never reinstated. Validation rules should be reviewed and documented at each release.

8. Identify Unused Custom Fields

Run a field usage report (available via Salesforce Optimizer or via SOQL on FieldDefinition). Fields with zero population across all records are candidates for deletion or archival. Unused fields add noise to page layouts, slow object loading, and complicate data models without delivering value.

Data Quality

9. Run a Duplicate Records Report

Use Salesforce's Duplicate Management rules or a SOQL query to identify duplicate Accounts, Contacts, and Leads. Duplicate records are the single biggest cause of CRM data quality complaints. A quarterly deduplication pass prevents accumulation.

10. Check Orphaned Records

Query for Contacts without an Account, Opportunities without a primary Contact role, and Cases without an Account or Contact link. Orphaned records indicate either a data entry problem or a broken integration that is failing silently.

11. Audit Data Storage Usage

Review data and file storage consumption under Setup ? Storage Usage. Orgs nearing their storage limit experience performance degradation and eventually block new record creation. Identify the largest contributors - often ContentDocument files, email attachments, or historical Activity records - and implement an archival strategy before hitting the limit.

Performance and Reliability

12. Review Scheduled Jobs

List all scheduled Apex jobs and flows. Verify each has a named owner, a documented purpose, and an active support path. Scheduled jobs that run in the early hours with no one monitoring them for failures are a common source of silent data errors.

13. Check API Usage Against Limits

Review your API call consumption under Setup ? System Overview. Orgs with heavy integration traffic can approach their daily API limit, causing integrations to fail silently during peak hours. If you are regularly exceeding 70% of your daily API limit, investigate which integrations are consuming the most calls and optimise their query patterns.

Governance

14. Verify Sandbox Refresh and Release Management Practices

Confirm that all configuration changes are developed in sandbox first and deployed via change sets or a CI/CD pipeline. Direct production configuration changes - even small ones - bypass testing and introduce uncontrolled risk. If your team is making changes directly in production, this is the most urgent governance issue to address.

15. Check That Salesforce Health Check Score Is Above 80

Salesforce provides a built-in Health Check tool under Setup ? Health Check. It scores your org's security configuration against Salesforce's recommended baseline. Aim for a score above 80. The tool highlights specific settings to fix and explains the risk associated with each gap - it is the fastest single view of your org's security posture.