My slides for my "Five Minute Feature" on Org Reviews/Audits. To watch the full presentation:
http://www.radnip.com/salesforce-org-review-francis-five-minute-feature/
3. • Who are your administrators?
• What is an administrator?
• Modify all / View all Data?
• Export Data?
• API Access?
• View Setup?
• Manage Remote access?
• Password never expires?
• Author Apex?
• View All Users?
• Perm-comparator
https://perm-comparator.herokuapp.com/
Profiles
Security
6. • Run all Unit Tests
• Critical Updates
• Salesforce Security Scanner
http://security.force.com/security/tools/forcecom/scanner
Code
Security
7. • Licenses
• Not using any?
• Users that should be inactive?
• Could you use cheaper licenses?
• Data & File storage
• External Objects?
• Amazon S3 Salesforce apps for files?
Org Review
9. • Reports & Dashboards
Really? JUST DELETE THEM!
10. • Reports & Dashboards
• Unused Apps
• If its been inactive for a year do you REALLY need it?
• Workflows
• Validation Rules
• Old page layouts & Record Types
Really? JUST DELETE IT!