As a Salesforce Administrator, one of our jobs is to assure our respective organizations have their data safely stored and recoverable. It’s possible that our responsibilities include ALL of the data in the organization, not just Salesforce. This blog will investigate some global backup considerations along with Salesforce specific ones.
With that said, I advocate that all of my clients (and you) double check your data backup strategy. There’s two types of events which should be considerred:
#1 – System Failure/Disaster. This is highly unlikely but still worth planning for. A system failure would be a situation where a building burns down, a hard disk fails, or in an unlikely scenario, a cloud data source loses availability.
#2 – Versioning Error. This is a lot more common than we’d like to admit. These type of errors are often surprises. Imagine, an accidental deletion of one account. An accounting error that goes undetected for 6 months. A bad data load that overwrites key fields and goes unnoteiced. It’s possible to detect an error that happened in the past and doing a restore or partial restore of data is needed. Having those incremental versions of data give you the ability to fix this, or at least diagnose what happened and when.
Customer Company Tour Updates
Belts and Suspenders – Strategy for Backing up and Maintaining your Salesforce Data
As a Salesforce Administrator or Consultant, maintaining system continuity is paramount and critical to our mission. Much as we put our trust that Salesforce will be available to users to do their day to day jobs, our users put their trust in us to assure their data will be available and as-expected.
There are two types of data loss which are worth considering:
#1 – Catastrophic Data Loss. Your server blew up or database became corruped. A huge swath of data goes missing.
#2 – “Sneaky” Data Loss. An integration slowly modifies data. One record is accidentally deleted. Attachements are purged by accident.
Salesforce is a fantastic, robust platform which has many internal controls to mitigate data loss in scenario #1. However, managing #2 rests solely on your shoulders. And, by mitigating #2, you’re also creating ample recovery options in the super rare instance of a catastrophic incident.
So without further ado I’d like to present a quick risk analysis worksheet and some copy which can become a sample Data Protection plan. Do this, and you’ll assure disaster recovery, business continuity, and potentially be a hero to your boss when you tell them what you did, proactively.
Data Protection Plan
This Data Protection Plan purpose is to inventory data locations, risks, and share mitigation plans to minimize risk.
Data Store Inventory
Conduct a data inventory. Determine what data lies within your jurisdiction and per identified data store, brainstorm potential risks with the data.
|1||Salesforce Data||All the relational table data inside of Salesforce. Updated constantly.|
|2||Salesforce Attachments||Salesforce Attachments which are stored separately. Updated Periodically.|
|3||Local Proposals||Users create a lot of .doc files which may not be located on the network/cloud storage. Updated monthly.|
|4||Backup Files||When I create backups, they are currently stored in the <<Location Details>>. Backups may also contain PHI or PII.|
|5||Integrated App Data?||My accounting system talks to Salesforce, that data is backed up <<Location Details>>|
|6||Sandbox Data||While Sandbox Data is not a risk for loss, from a compliance perspective it may represent a proflifeation of PHI or PII.|
|7||Salesforce Metadata and Configuration||Crazy Vendors in there changing things|
For each identified data source, catalogue the risks associated with that data. Common risk factors are shared below for consideration. Keep the same numbering scheme from the inventory table for continuity.
- Salesforce Data
- User Error
- Accidental Deletion of Records
- Workflows and Automations modifying field values
- Crazy vendors in there doing things in the org
- Integration with the Accounting system modifies records
- Data contains PHI
- Service outage
- Salesforce Attachments
- Salesforce Data
- Mitigation – It has been determined that using the weekly storage export service is a viable mitigation to all known risks. As data criticality is low in the system, the weekly storage export will be downloaded, and stored in a secure, encryped cloud folder. This folder will only be available by business management and the Salesforce Admin team.
- Measurement – KPI for % of weeks covered by backups.
- Salesforce Attachments
- Local Proposals
- Mitigation – Sales Reps are being trained to validate that proposals are uploaded to Salesforce as attachments, which have mitigated risk in 2A.
- Measurement – Validate that 100% of Opportunities have attached proposals. Coach sales team members who are not attaching Proposals to Opportunities.
Some Common Risks
User Error – Users delete or edit data inappropriately Integrations – An integration is modifying data continually or in batches Automations – Workflow Rules are active which modify data Ongoing Deployments – New Deployments may introduce new automations which may impact data Data Load Operations – Regularly scheduled data load operations may corrupt data with a bad file Physical Infrastructure Issues – If files are stored locally, and the machine breaks, the data is gone Accessibility Issue – If the internet goes down or a service goes down, data is not accessible Bad Actor/Malicious Users – If you consider this a risk, enhanced backup operations may be required
For each identified Risk, build out a mitigation strategy. One mitigation may cover multiple Risks. Create a way to measure each mitigation. (i.e. a mitigation not implemented/maintained does not mitigate the risk)
Risk Mitigation Review:
When this plan is done, show it to your supervisor. Review quarterly at a minimum and validate mitigation measurements.
Salesforce has many backup tools and options. There are many free and paid options available. For free data management tools, check out this fantastic article here
For paid and enterprise/enhanced options, there are many apps available on the AppExchange
For another great document idea to share with your boss – Check out my blog The Document Every Salesforce Admin Should Create