function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Krishna Reddy PKrishna Reddy P 

How to carry out health check and auditing of SAP to Salesforce Integration Project? Need important points to cover in the health check audit report. This implementation is more than one year old.

Hi,

How to carry out SAP to Salesforce Integration Project health check and auditing? It has live data updates from SAP and also has a payment gateway integration with Salesforce system and SAP. They have used Informatica as Middleware for integrating SAP and Salesforce.

Need important points to cover in the health check audit report. This implementation is more than one year old. 

Need it ASAP. 

Thanks in advance!

Best Regards,
Krishna
Best Answer chosen by Krishna Reddy P
Krishna Reddy PKrishna Reddy P
While collecting material from different sources for Healthcheck, below are some of the useful points that maybe of help, when somebody is carrying out a similar task.

The first step will be to submit for a checkmarx report which will call out any security gaps in the current code line - https://appexchange.salesforce.com/listingDetail?listingId=a0N300000018mjUEAQ&tab=r
Secondly you can install this app on the sandbox that will also call out any specific security loopholes from a configuration standpoint (Sharing, Permission etc.) - https://appexchange.salesforce.com/listingDetail?listingId=a0N300000018mjUEAQ&tab=r
 
The areas that can be covered in the health check report are:
 
Security & Administration:

Password policy
Session Settings
IP Restrictions
Login Access Policies
Permission Set
Profiles
Sharing Rules
With & Without sharing keyword used in APEX
Clickjack protection for VF pages
Authentication mechanism used for integrations i.e. OAUTH vs Username/Password. If its username/password, how is the password stored on the integration side, who has access to it and whether its encrypted. Are there API only userd defined for integration?
Integration flows
Profiles having View All data and Manage All data system permission and which users have those profiles.
Users having Sys Admin profiles
Roles & Public Groups
Permission allowed on the Connected Apps
Languages allowed

Results/exceptions from Checkmarx report. This will cover APEX, VF.
Results/exceptions from Security Health check App
Recommend changes and best practices.

Here are few relevant and free apps that can prove helpful to do the analysis of existing data & data model
 
Field Trip: With the customizations made in salesforce instance it becomes difficult to identify critical fields and its data quality. This utility lets you analyze the fields of any object, including what percentage of the records (or a subset of your records) have that field populated.
 
Salesforce Adoption Dashboards: The Salesforce Adoption Dashboards provide visibility to relevant user login history & trending, adoption of key features such as accounts & opportunities, and critical sales and marketing productivity enhancers.

Data Quality Analysis Dashboards: Very good data quality analysis app for on-going data quality maintenance. There are pre-set formulae for standard objects such as Account/Contact. However custom rules can also be setup as per business need

-Krishna