POLARIS by Northform Systems

SALESFORCE ORG HEALTH

ASSESSMENT

Acme Corporation

Production Instance

Executive Summary

Overall Health Score

6.2

C- Fair

Security

5.4

→

Code Quality

7.1

C+

↑

Automation

4.8

D-

↓

Architecture

6.5

→

Your Salesforce org shows signs of organic growth requiring strategic remediation

After comprehensive analysis of 847 components across your Salesforce production instance, we've identified a platform that functions adequately but carries significant technical risk. The overall health score of 6.2 reflects an org that has grown organically over several years without consistent architectural governance.

The most pressing concern is security posture, scoring 5.4. We identified 12 Apex classes that bypass field-level security checks, creating potential data exposure risks. Additionally, the automation landscape shows signs of conflict, with multiple competing triggers and flows on key objects like Account and Opportunity.

The positive news: your core code quality is reasonable at 7.1, and there's evidence of good patterns in newer development. With focused remediation over 2-3 sprints, the critical issues can be addressed while establishing guardrails to prevent regression.

Key Metrics

847

Components Analyzed

Critical Issues

High Priority Issues

4-6 sprints

Estimated Remediation

Health Score Dashboard

Security & Compliance

→ Stable

5.4

Significant FLS and CRUD gaps require immediate attention

0 5 10

Code Quality

↑ Improving

7.1

C+

Solid foundation with opportunities for consistency

0 5 10

Automation Health

↓ Declining

4.8

D-

Competing automations creating execution conflicts

0 5 10

Architecture & Patterns

→ Stable

6.5

Partial adoption of patterns, inconsistent implementation

0 5 10

Technical Debt

→ Stable

5.9

D+

Accumulated debt in legacy components needs remediation

0 5 10

Score Legend

8-10 Excellent

7-7.9 Good

5-6.9 Fair

3-4.9 Poor

0-2.9 Critical

Priority Findings

The following findings represent the highest-priority issues identified during our assessment. They are ordered by severity and business impact, with recommended remediation for each.

Field-Level Security Bypass in Apex

12 Apex classes perform SOQL queries and DML operations without enforcing field-level security, potentially exposing sensitive data.

Impact

Users may access or modify fields they shouldn't have permission to see or edit, creating compliance and data security risks.

Affected Components

AccountService ·ContactHelper ·LeadProcessor +9 more

Recommendation

Implement Security.stripInaccessible() or WITH SECURITY_ENFORCED clause on all SOQL queries. Consider creating a centralized security utility class.

Hardcoded Credentials in Integration Class

PaymentGatewayService.cls contains a hardcoded API key on line 47.

Impact

Credential exposure in version control, inability to rotate keys without deployment, security audit failures.

Affected Components

PaymentGatewayService

Recommendation

Move credentials to Named Credentials or Custom Metadata. Rotate the exposed key immediately.

Automation Collision on Account Object

Account has 7 competing automations (2 triggers, 3 flows, 1 process builder, 1 workflow) with no clear execution governance.

Impact

Unpredictable behavior, potential infinite loops, difficult debugging, governor limit risks during bulk operations.

Affected Components

AccountTrigger ·AccountAfterTrigger ·Account_Assignment_Flow +4 more

Recommendation

Consolidate into single trigger framework entry point plus record-triggered flows. Migrate legacy process builder and workflow.

Duplicate Business Logic Detected

Account revenue classification logic duplicated across 3 classes with slight variations.

Impact

Maintenance burden, risk of inconsistent behavior, bugs when updating one location but not others.

Affected Components

AccountService.classifyByRevenue() ·AccountTriggerHandler.setAccountTier() ·AccountBatchProcessor.determineSegment()

Recommendation

Extract to single AccountClassificationService with standardized tiers. Update all callers.

Inconsistent Trigger Pattern Usage

34 triggers using 4 different patterns: direct logic (12), handler classes (15), framework dispatch (5), mixed (2).

Impact

Difficult onboarding, inconsistent error handling, no centralized bypass mechanism, testing complexity.

Affected Components

All triggers

Recommendation

Standardize on single trigger framework (recommend adopting the TriggerDispatcher pattern already present in 5 triggers). Migrate others incrementally.

Security & Compliance

Findings Overview

FLS Violations

CRUD Violations

Sharing Concerns

Credential Exposure

FLS Violations

12 issues

Component	Severity	Lines
`AccountService`	Critical	23, 45, 67
`ContactHelper`	Critical	12, 89
`LeadProcessor`	Critical	34, 56, 78, +1 more
`OpportunityManager`	High	112
`CaseHandler`	High	45, 67
`QuoteBuilder`	High	23, 89, 134

Recommendations

Implement FLS Utility Class

Medium

Create centralized security utility using Security.stripInaccessible() for all DML operations.

Add SOQL Security Enforcement

Medium

Add WITH SECURITY_ENFORCED to all SOQL queries, or implement query wrapper.

Migrate Credentials to Named Credentials

Small

Remove hardcoded credentials and implement Named Credentials for all integrations.

Code Quality

Code Metrics

187

Apex Classes

Triggers

45,230

Lines of Code

78%

Test Coverage

242

Avg LOC/Class

Classes >500 LOC

8.2

Avg Complexity

Large Classes Requiring Attention

Class	LOC	Complexity	Recommendation
`AccountMegaHelper`	1247	34	Split into domain-specific services
`LegacyIntegrationManager`	892	28	Refactor to modern callout patterns
`OrderProcessingEngine`	756	22	Extract order validation and fulfillment
`ReportingUtils`	689	19	Separate report types into individual classes

Duplicate Code Analysis

4 Exact Duplicates

12 Near Duplicates

Example Duplications

AccountService.classifyByRevenue() ↔ AccountTriggerHandler.setAccountTier()

94% similar · 23 lines

ContactHelper.formatAddress() ↔ LeadProcessor.buildAddress()

87% similar · 15 lines

Static Analysis Summary

3 Critical

27 High

145 Medium

312 Low

Top Rules Triggered

Rule	Count	Severity
`ApexCRUDViolation`	12	Critical
`CyclomaticComplexity`	8	High
`AvoidDeeplyNestedIfStmts`	23	Medium
`ApexSOQLInjection`	2	Critical
`FieldDeclarationsShouldBeFirst`	45	Low

Recommendations

Refactor Large Classes

Large

Break down 8 classes exceeding 500 LOC into focused, single-responsibility services.

Consolidate Duplicate Logic

Medium

Extract duplicated code into shared utilities, starting with the 4 exact duplicates.

Improve Test Coverage

Medium

Increase coverage from 78% to 85%+, focusing on bulk and negative test scenarios.

Automation Health

Automation Inventory

Triggers

Flows

Process Builders

Workflow Rules

Objects at Risk

The following objects have multiple competing automations that may cause conflicts or unpredictable behavior.

Account

7 automations

Critical

Triggers: AccountTrigger,AccountAfterTrigger

Flows: Account_Assignment_Flow,Account_Enrichment_Flow,Account_Scoring_Flow

Process Builders: Account_Update_Process

Workflow Rules: Account_Status_Workflow

Opportunity

5 automations

High

Triggers: OpportunityTrigger

Flows: Opp_Stage_Flow,Opp_Notification_Flow

Process Builders: Opp_Team_Assignment

Workflow Rules: Opp_Close_Date_Alert

Case

4 automations

Medium

Triggers: CaseTrigger

Flows: Case_Escalation_Flow,Case_Assignment_Flow

Workflow Rules: Case_SLA_Alert

Legacy Automation Migration

Salesforce is deprecating Process Builders and Workflow Rules. The following need to be migrated to Flows.

23 Process Builders

45 Workflow Rules

Migration Complexity

Simple

Medium

Complex

Recommendations

Consolidate Account Automation

Large

Reduce 7 automations to 1 trigger (with framework) + 2 record-triggered flows. Estimated 40 hours.

Migrate Process Builders

Large

Convert 23 Process Builders to Flows before Salesforce deprecation deadline.

Migrate Workflow Rules

Large

Convert 45 Workflow Rules to Flows, starting with high-priority objects.

Architecture & Patterns

Pattern Detection

Trigger Framework

Detected

Type: TriggerDispatcher (partial)

Usage: 15% of triggers

Consistency: poor

Service Layer

Detected

Classes: 23

Coverage: 12%

Consistency: moderate

Selector Pattern

Detected

Classes: 8

Coverage: 4%

Consistency: poor

Domain Layer

Not Found

No domain layer pattern detected. Consider implementing for complex business logic.

Naming Inconsistencies

Mixed use of 'Helper', 'Service', 'Manager', 'Util' suffixes
12 classes with no architectural suffix
Inconsistent method naming (camelCase vs PascalCase)

God Classes

These classes have grown too large and handle too many responsibilities. They should be refactored into smaller, focused classes.

AccountMegaHelper 1247 LOC

Responsibilities: CRUD, validation, enrichment, scoring, notifications

Utilities 678 LOC

Responsibilities: Mixed concerns across all domains

Recommendations

Standardize Trigger Framework

Large

Adopt TriggerDispatcher pattern org-wide. Migrate existing triggers incrementally.

Establish Naming Conventions

Small

Define and document naming standards. Refactor over time during normal maintenance.

Break Up God Classes

Large

Split AccountMegaHelper into AccountService, AccountValidator, AccountEnrichmentService.

Technical Debt

Debt Summary

234 Total Items

12 Critical

34 High

89 Medium

99 Low

480 Estimated Hours

12-15 Estimated Sprints

Debt by Category

Security 24 items

80h

Code Quality 67 items

120h

Automation 68 items

160h

Architecture 45 items

80h

Documentation 30 items

40h

Quick Wins

Low-effort improvements that can be addressed immediately for quick impact.

✓ Remove 89 unused custom fields

4 hours · Reduced clutter, better performance

✓ Add missing null checks (23 locations)

2 hours · Prevent runtime exceptions

✓ Replace hardcoded IDs (34 locations)

6 hours · Environment portability

✓ Add error logging to integration classes

8 hours · Better debugging

Strategic Roadmap

We recommend a phased approach over 4 quarters, prioritizing security and stability before architectural improvements.

6.2 Today

8.1 Target

Estimated Timeline: 16-20 weeks · Investment: 10-12 sprints

Security Hardening

4 weeks

Address critical security vulnerabilities and establish security patterns.

☐ Implement FLS/CRUD security utility
☐ Update all Apex with security enforcement
☐ Move credentials to Named Credentials
☐ Audit and consolidate profiles

Automation Consolidation

6 weeks

Reduce automation complexity and eliminate conflicts.

☐ Implement trigger framework
☐ Consolidate Account automations
☐ Consolidate Opportunity automations
☐ Begin Process Builder migration

Code Quality

6 weeks

Improve maintainability and eliminate technical debt.

☐ Refactor god classes
☐ Eliminate duplicate code
☐ Improve test coverage to 85%
☐ Complete Process Builder migration

Architecture & Polish

4 weeks

Establish sustainable patterns and documentation.

☐ Complete trigger framework adoption
☐ Document architecture standards
☐ Complete Workflow Rule migration
☐ Establish ongoing governance

Appendix

Methodology

This assessment was conducted using Polaris, Northform Systems' proprietary Salesforce analysis platform.

Analysis Components

Static code analysis using PMD with custom Salesforce ruleset
Automated pattern detection and architectural analysis
AI-assisted code review for complex findings
Automation dependency mapping and conflict detection

Limitations

Analysis based on metadata snapshot; runtime behavior may vary
Test coverage numbers from Salesforce metadata; actual coverage may differ
Some complex issues require manual verification during consultation

Glossary

FLS: Field-Level Security - Salesforce mechanism controlling field visibility by profile
CRUD: Create, Read, Update, Delete - Object-level permissions in Salesforce
Governor Limits: Salesforce-imposed limits on resource consumption per transaction
Apex: Salesforce's proprietary programming language for custom business logic
SOQL: Salesforce Object Query Language - SQL-like language for querying Salesforce data
DML: Data Manipulation Language - Operations that insert, update, delete, or undelete records