Secure Your Org with Salesforce Health Check

Share this article...

Salesforce org security should be the highest priority, but often gets left on the back burner in favor of configuration changes. Although Salesforce offers one of the most secure cloud platforms on the market, there are still many settings and parameters that Administrators can activate and adjust to guarantee a protected Salesforce org.

To assess org security and suggest ways to improve, Salesforce added Health Check. The tool evaluates your instance of Salesforce and sets your security settings to industry standards. Interested? Let’s dive in!

Salesforce Health Check

If you feel a bit out of depth when it comes to Salesforce security, don’t worry– they have done a lot of the heavy lifting for you! Salesforce comes with default security settings set up (which you can adjust to suit your business), as well as the ability to run a security Health Check and offer recommendations on how you can improve security.

In Setup, head over to Security > Health Check. Here, there will be an overview and assessment of your current security set-up.

You’ll receive a score out of 100 grading your org’s health when compared to Salesforce’s recommended settings. The more restrictive your settings, the higher the score.

Security settings are categorized as “High-Risk”, “Medium-Risk” and “Low-Risk;” these will guide you on what to tackle first.

Within each section, you’ll have settings to review that are also categorized into statuses such as “Critical”, “Warning” and “Compliant.”

The types of recommendations include:

  • Password Policies
  • Session Settings
  • Network Access

Click the Fix Risks button to get started adjusting your settings.

You don’t need to meet the industry standards but it is advisable. There are some occasions where you may not want to adjust your settings to match Salesforce’s recommendations. A great example is the ability to login as another user.

Salesforce recommends this setting is disabled; however it is an extremely useful feature when troubleshooting issues so you may choose to leave it enabled.


The Health Check tool is a great Salesforce feature that can help you establish your org’s security and review suggestions for improvement. Don’t forget, a Health Check is not a one-time Admin task! Industry standards change (as do your security requirements), and Salesforce is updated three times per year, so be sure to build running a health check into your Admin schedule. Perhaps use the Health Check tool monthly or quarterly and reassess your score and needs?

READ MORE: How to Perform a Salesforce Health Check

One thought on “Secure Your Org with Salesforce Health Check

Add Comment