Our Blog

As you build your Org, complexity grows and even simple development activity can get complicated. To make changes safely, you need to be able to see how Objects and fields are connected. For example, if you are going to make a change to a field in the Account Object, you need a list of all the reports, layouts, formula fields, dashboards, etc. that reference it — in other words, anything that could be affected when you make that change. 

Welcome back to the last installment in our three-part blog series, “When Salesforce Meets SOX!”  If you missed the earlier posts, here's part one, about access control, and part two, covering metadata. 

Today, we’re covering configuration data, with a specific focus on Salesforce CPQ and related applications.

Today in our ongoing look at SOX compliance in Salesforce, we’re talking metadata. We kicked off this blog series last week by discussing access control — if you missed that post, check it out here. 

To effectively meet SOX requirements for the Salesforce platform, it's critical that you narrow the scope of inquiry. System documentation and dependency analysis will help you understand which objects and automation touch revenue-related processes, but that’s only part of what your auditors are concerned about. They’ll also want to see that you have a system for monitoring and managing changes to that metadata.

We’re seeing more and more that SOX auditors are turning their attention to Salesforce systems. It’s a trend we’ve noticed for some time, but there’s still a lot of uncertainty about what’s in scope and what isn’t.

Part of the problem is that most of Salesforce — things like marketing operations, for example — don’t touch revenue-related data and, as a result, they aren’t of concern to SOX auditors. But apps like CPQ and Billing can impact rev ops. And increasingly, auditors are asking Salesforce teams to prove they’re managing them in a compliant manner. 

Between licensing fees, consultants' fees, auditors' fees and more, your ERP system is a big investment. If you're like a lot of our customers, you're under a lot of pressure to justify those costs and show a clear ROI for any software you purchase on top of it. 

How dependency reports saved a Strongpoint customer hours of work 

There's no question — 2020 was a year unlike any other. But amidst all the uncertainty, many of our customers have achieved some significant milestones. And as this crazy year draws to a close, we think it’s worth celebrating those successes!

Here’s a confession from the Strongpoint marketing department: We’re not that good at celebrating ourselves. Most of the time, we’re working hard, alongside our customer success and dev teams, to help companies improve their change management and compliance processes. We rarely have time to look back and recognize our successes. 

Last week, our resident Salesforce expert, Rick Roesler, hosted a crash course on auditing profiles and permission sets in your Org. If you missed the webinar, you can check it out here.

In this post, we’re sharing a short video from the session demoing some of the ways you can dig deeper into your access controls — and prove compliance to auditors.

No one knows what things will look like in six weeks, six months or six years’ time — in our newly uncertain world, the only constant will be constant change. Given this, it’s easy to look at the news and feel powerless. Our ability to deal with the small things — to make informed, effective decisions about our everyday processes — shapes our resilience to the big historical forces that are beyond our control”