Salesforce · · 12 min read

Salesforce Org Governance

What Salesforce governance is, why it matters as your org scales, the key governance areas every architect must address, and how to build and staff a Center of Excellence.

#salesforce #architecture #governance #coe #change-management

Part 106: Salesforce Org Governance

Welcome back to the Salesforce series. We have spent the last several posts exploring architecture patterns, integration strategies, and multi-org decisions. All of those topics assume something critical that most teams overlook: somebody is actually in charge of keeping the org healthy over time. That somebody — or more accurately, that process — is governance.

This post covers what governance means in the Salesforce context, why it becomes non-negotiable as your org scales, the key governance areas every architect needs to address, and how to build and staff a Center of Excellence that turns governance from a buzzword into a daily practice.

What Is Salesforce Governance

Governance is the set of policies, processes, standards, and decision-making structures that control how your Salesforce org is managed, changed, and grown. It answers questions like:

  • Who is allowed to create new custom fields?
  • What is the approval process for deploying Apex code to production?
  • How do we decide whether to build a feature natively or buy an AppExchange package?
  • Who owns the data model, and who gets a say when changes are proposed?
  • What happens when two teams want conflicting automation on the same object?

Without governance, every one of these questions gets answered ad hoc — usually by whoever shouts loudest or moves fastest. That works when you have five users and one admin. It does not work when you have five hundred users, three development teams, and an org that touches revenue, compliance, and customer communication.

Think of governance as the operating system for your Salesforce program. The platform itself provides the technical capabilities. Governance tells your organization how to use those capabilities responsibly.

Why Governance Matters as Orgs Grow

Small orgs can get away with a single admin making all the decisions. But orgs grow, and the problems compound in ways that are not immediately visible.

The Typical Lifecycle of an Ungoverned Org

  1. Year one. A solo admin builds the org. Everything is clean. Naming conventions are consistent because one person invented them. There is no technical debt because there has not been enough time to accumulate it.

  2. Year two. The business asks for more features. A second admin is hired. A consulting partner delivers a Sales Cloud implementation. Nobody documents the data model changes. Two different naming conventions now exist for the same object.

  3. Year three. Marketing wants Pardot. Service wants Case management. Someone installs three AppExchange packages without evaluating overlap. There are now fifteen process automations on the Account object, and nobody can trace which one fires first.

  4. Year four. A production deployment breaks a critical workflow. The root cause is a validation rule added by one team that conflicts with a flow built by another team. Both teams tested in their own sandboxes. Neither knew the other existed.

This is not a hypothetical. I have seen this exact pattern play out at multiple organizations. By year four, the cost of untangling the mess exceeds the cost of the original implementation. Governance prevents this by putting guardrails in place before the complexity spirals.

Real Examples of Governance Failures

Duplicate automation. A financial services company had twenty-seven automation rules on the Opportunity object — a mix of Workflow Rules, Process Builder flows, and record-triggered Flows. When a sales rep updated a single field, eleven automations fired in an unpredictable sequence. The result was corrupted data, incorrect email notifications, and a three-week remediation project.

Uncontrolled field creation. A healthcare company allowed any admin to create custom fields without approval. Over two years, the Contact object accumulated four hundred and twelve custom fields. Half were unused. A quarter had identical purposes with slightly different names. The Salesforce report builder became unusable because users could not find the fields they needed.

Shadow IT integrations. A retail company discovered that three departments had independently purchased middleware tools to integrate Salesforce with their ERP. None of the integrations knew about the others. Conflicting record updates created data integrity issues that took months to resolve.

Every one of these problems is a governance failure, not a technical failure. The platform worked exactly as designed. The organization just did not have processes to coordinate how people used it.

Key Governance Areas

Governance is not a single policy — it is a collection of disciplines. Here are the areas that every Salesforce architect needs to address.

1. Change Management

Change management governs how modifications to the org are proposed, evaluated, approved, and tracked. This includes:

  • Change request process. Every modification — whether it is a new field, a Flow, or an Apex class — should go through a formal request. The request does not need to be bureaucratic. A simple form that captures what is changing, why, who is affected, and what testing was done is sufficient.
  • Impact analysis. Before approving a change, someone should evaluate what else it touches. A new validation rule on Account might break an integration. A picklist value change might invalidate existing reports.
  • Environment strategy. Define which sandboxes are used for what. Developer sandboxes for individual work, a QA sandbox for integration testing, a staging sandbox for UAT, and production. Changes move in one direction only.

2. Release Management

Release management is the operational side of change management. It defines when and how changes are deployed.

  • Release cadence. Establish a regular deployment schedule — weekly, biweekly, or monthly. Emergency fixes get a separate fast-track process, but the bar for what qualifies as an emergency should be high.
  • Deployment process. Use change sets, Salesforce CLI, or a CI/CD tool like Copado or Gearset. The key is consistency — every deployment follows the same steps.
  • Rollback plan. Every release should have a documented rollback procedure. If the deployment breaks something, you need to know how to undo it within minutes, not hours.

3. Data Governance

Data governance ensures the accuracy, consistency, and security of the data in your org.

  • Data ownership. Assign a data steward for each major object. The steward is responsible for field definitions, picklist values, and data quality rules.
  • Data quality rules. Define what “good data” looks like. Required fields, validation rules, duplicate matching rules, and data enrichment processes all fall here.
  • Data retention and archiving. Salesforce storage is not infinite. Define how long records are kept, when they are archived, and where archived data lives.
  • Master data management. If Salesforce is not the system of record for a given data domain, governance must define which system is and how conflicts are resolved.

4. Security Governance

Security governance controls who can access what, and how access decisions are made.

  • Profile and permission set strategy. Define a standard approach. Most mature orgs use a minimum-access profile combined with permission sets that grant additional access based on job function.
  • Access review cadence. At least quarterly, review who has access to what. Deactivate users who have left the company. Remove permissions that are no longer needed.
  • Field-level security audits. Sensitive fields — Social Security numbers, salary data, health information — should be reviewed regularly to confirm that only authorized profiles can see them.
  • Login and authentication policies. MFA requirements, session timeout settings, IP restrictions, and login hour restrictions all belong here.

5. User Management

User management governance covers the lifecycle of Salesforce users from onboarding to offboarding.

  • Provisioning process. When a new employee needs Salesforce access, what happens? Who submits the request? Who approves it? What profile and permission sets are assigned by default?
  • Training requirements. New users should complete baseline training before receiving production access. This prevents the “I accidentally deleted all my accounts” scenario.
  • Offboarding process. When someone leaves the company, their Salesforce user should be deactivated promptly. Data ownership should be transferred. This is not optional — it is a compliance requirement in many regulated industries.

The Center of Excellence

A Center of Excellence (COE) is the organizational structure that makes governance operational. It is not a committee that meets once a quarter to rubber-stamp decisions. It is an active team — or at least a defined group of people with clear responsibilities — that runs the Salesforce program day to day.

When to Staff a COE

Not every organization needs a formal COE on day one. Here is a rough guide:

Org SizeRecommended Approach
Under 50 usersA single admin can handle governance informally. Document decisions in a shared wiki.
50 to 200 usersAssign governance responsibilities to two or three people. Hold a monthly governance meeting. Start formalizing key processes.
200 to 1,000 usersEstablish a formal COE with dedicated roles. Governance becomes a full-time concern.
Over 1,000 usersThe COE should be a funded team with its own budget, tools, and reporting line.

The trigger for formalizing governance is usually pain. When deployments start failing, when data quality complaints increase, when teams start stepping on each other — that is when leadership recognizes the need. Smart organizations get ahead of the pain by investing in governance before the crisis.

COE Structure and Roles

A well-structured COE typically includes the following roles:

COE Lead / Salesforce Program Manager. This person owns the overall Salesforce roadmap, coordinates across business units, and is the final decision-maker for platform-level changes. They report to IT leadership or a business sponsor.

Technical Architect. Responsible for the technical direction of the org. Reviews all architectural decisions — custom code vs. declarative, integration patterns, data model changes. This role is the gatekeeper for technical standards.

Release Manager. Owns the deployment pipeline. Manages the release calendar, coordinates sandbox refreshes, and ensures every deployment follows the approved process.

Data Steward. Owns data quality, data model documentation, and master data management. In larger orgs, there may be multiple data stewards aligned to specific business domains.

Business Analysts. Translate business requirements into platform requirements. They sit between the business users and the technical team, ensuring that what gets built actually solves the stated problem.

Security Lead. Owns the security model — profiles, permission sets, sharing rules, and compliance requirements. This role is especially critical in regulated industries.

Decision-Making Authority

One of the most important things the COE defines is who gets to decide what. A simple RACI matrix works well here:

  • Platform-level decisions (new objects, new integrations, new AppExchange packages): COE Lead and Technical Architect must approve.
  • Team-level decisions (new fields on objects the team owns, new reports, list views): Team lead can approve, but must follow naming conventions and documentation standards.
  • Individual changes (record updates, data imports, user permission requests): Follow the standard request process.

The key principle is that the blast radius of a change determines the approval level. A new field on a single object is low risk. A new integration that touches five objects and sends data to an external system is high risk and needs architect review.

Governance Frameworks and Documentation

Governance without documentation is just good intentions. Here are the artifacts every COE should maintain:

Org documentation. A living document — or better yet, a wiki — that describes the data model, automation inventory, integration map, and security model. Tools like Salesforce Inspector, Elements.cloud, or even a well-maintained spreadsheet can help.

Standards guide. Naming conventions for fields, objects, Flows, Apex classes, and permission sets. API naming standards. Code review checklists. This document should be the first thing a new team member reads.

Change request log. A record of every change made to the org, who requested it, who approved it, and when it was deployed. This is invaluable for troubleshooting and auditing.

Architecture decision records (ADRs). When the team makes a significant architectural decision — for example, choosing to use Platform Events instead of a polling-based integration — document the decision, the alternatives considered, and the rationale. Future team members will thank you.

Runbooks. Step-by-step procedures for common operational tasks: sandbox refreshes, data loads, production deployments, user provisioning, and incident response. Runbooks reduce the bus factor and make governance sustainable even when key people are unavailable.

Section Notes

  • Governance is not about slowing things down. It is about moving fast safely. A well-governed org deploys more frequently and with fewer rollbacks than an ungoverned one.
  • Start governance early. Retrofitting governance onto a mature, complex org is significantly harder than establishing it from the beginning.
  • The COE is not the police. Position it as a service organization that helps teams move faster, not a gatekeeper that blocks progress.
  • Documentation does not need to be perfect on day one. Start with the minimum viable governance and iterate.
  • If you are an architect or a senior admin, governance is your responsibility even if no one has given you the title. The org will not govern itself.
  • Governance applies to declarative tools just as much as code. An unreviewed Flow can cause just as much damage as an unreviewed Apex trigger.

In the next section, we will shift from organizational governance to a closely related topic: environment strategy and sandbox management. These two subjects are deeply connected — your sandbox strategy is one of the most visible outputs of your governance framework.

← Back to Salesforce Series