The document discusses quality control (QC) and quality assurance (QA) in the context of Salesforce development, focusing on processes, benefits, and standards aimed at maintaining high-quality products and services. It outlines the importance of peer and independent reviews to identify issues early, alongside the need for consistent development standards. Additionally, the document provides links to various tools and resources that aid in ensuring security and coding standards compliance.

1. Quality Control in Development
​ Christine Talbot
​ Senior Program Architect
​ ctalbot@salesforce.com

2. Welcome!

3. ​ Christine Talbot
​ Senior Program Architect
​ Salesforce
Welcome!

4. ​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties
materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed
or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-
looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any
statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new,
planned, or upgraded services or technology developments and customer contracts or use of our services.
​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new
functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our
operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any
litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our
relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our
service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger
enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our
annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter.
These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section
of our Web site.
​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available
and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features
that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Safe Harbor

5. Introduction to Quality Control

6. ​ Quality Control (Noun)
A system for verifying and maintaining a desired level of quality in an existing product or service
by careful planning, use of proper equipment, continued inspection, and corrective action as
required.
​ Quality Assurance (Noun)
​ A system for ensuring a desired level of quality in the development, production, or delivery of
products and services. A planned and systematic pattern of all actions necessary to provide
adequate confidence that the product optimally fulfils customers’ expectations, i.e. that it is
problem-free and well able to perform the task it was designed for.
What is It?
Quality Control

7. Comparison
Quality Control

8. ​ Proactive & Early Identification
• Business Requirements
• Governor Limits
• Architecture Decisions
• Development Standards
• Test Classes
• Code Structure
• Naming Conventions
• Security
What is It?
Quality Control

9. What is the Process?
Quality Control
ProductionQA
Testing
Migrate MigrateTasks

10. When?
Quality Control
Dev SB3
Dev SB2
Dev SB1
Proj2
Shared
Dev SB
Source
Control
QA/UAT
Integration
Partial SB
Staging
Full SB
PROD
Dev SB3
Dev SB2
Dev SB1
Proj1
Shared
Dev SB
Develop
Dev / Integration
Test
QA / System
Test
UAT / Staging
/ Performance
Test
Full Sandbox
Partial or Full Sandbox
Dev Pro Sandbox
Dev Pro Sandbox
Dev Sandboxes
Dev Sandboxes
Production Org

11. ​ Reduction in Cost to Fix
• Early identification of Bugs
​ Minimization of Maintenance Cost
• Use of click-config options when possible
​ Future-Proof Code
• Robust test classes for automated regression testing
​ Minimize Security Risks & Governor Limit Issues
• Best practices, security risks, and limits are reviewed
​ Self-Documentation & Easier Enhancement Ability
• Naming conventions, comments, and best practice standards implemented
What are the Benefits?
Quality Control

12. Peer Reviews

13. ​ An evaluation of a person's work or performance by a group of people in the same team
​ Who: Developer within same team
​ What: Full review, with extra focus on Business Requirements and Architecture, in context, for a
specific build request
​ Why: Early detection & remediation of issues
What is It?
Peer Reviews

14. ​ Does it meet the business requirements specified?
​ Is it possible to accomplish with click-config?
​ Does it meet the development standards and best practices?
​ Are sufficient and appropriate test classes created for the classes & methods?
​ Do the test classes run successfully?
​ Is the code structured reasonably?
What do you look for?
Peer Reviews

15. ​ Does not meet all requirements for component
​ Insufficient test classes and scenarios
​ Could be accomplished with other functionality
​ Does not follow development standards or best practices
​ Hits governor limits
​ Has security issues
What are some common issues found here with Salesforce development?
Peer Reviews

16. Independent Reviews

17. ​ A review performed by competent, objective reviewers who are independent of the developer
​ Who: Reviewer outside of development team
​ What: Detailed review with extra focus on standards, architecture, limits, best practices for an
entire initiative’s build (potentially multiple developers)
​ Why: Ensures all changes follow best practices and standards, and have appropriate test classes
for future issue detection
What is It?
Independent Reviews

18. ​ Is it possible to accomplish with click-config?
​ Does it meet the development standards and best practices?
​ Are sufficient and appropriate test classes created for the classes & methods?
​ Do the test classes run successfully?
​ Is the code structured reasonably?
​ Are there security issues?
​ Are there governor limit issues?
What do you look for?
Independent Reviews

19. ​ Test Class coverage insufficient
​ Uses “without sharing” for no reason
​ Uses “seealldata” for no reason
​ Doesn’t utilize a Test Data Factory & @isTestSetup
​ Incorrectly uses / places the startTest / stopTest methods
​ SOQL or DML or @future calls inside loops
​ No or insufficient assert statements
​ Lingering Debug statements
​ No or insufficient Comments
​ Invalid naming conventions used
​ Could be accomplished with other functionality
What are some common issues found here with Salesforce development?
Independent Reviews

20. How to Get Started

21. ​ These standards will provide:
• A standard configuration guideline for Salesforce
• A standard guideline for Apex and Visualforce development
• Hints and tips and best practices for development.
• Easier maintenance/enhancement through consistent standards.
• Consistency with Java programming language naming conventions
​ The standards should be applied to all new development work and should be introduced to
existing projects as far as is practically possible.
Creating Development Standards
How to Get Started

22. Example
Development Standards

23. Formalizing the Review Request
Process

24. ​ Create an app:
• Developers submit Review requests
• Reviewers leverage Excel template for Review
• Reviewers upload Review results
• Reports analyze developer effectiveness
Formalizing the Review Request Process
​ How?

25. Demo of Package
Formalizing the Review Request Process

26. Summary

27. ​ What is Quality Control?
​ What are the benefits of implementing Quality Control?
​ When should reviews be done?
​ What is involved with Peer Reviews?
​ What is involved with Independent Reviews?
​ How do you get started?
​ How do you track and formalize this process?
What did we cover?
Summary

28. Questions?

29. • Free security tool at http://security.force.com/security/tools/forcecom/scanner to identify potential
security risks
• Additional security best practices available at http://security.force.com
• Free CodeScan Apex PMD Eclipse plugin from http://codescan.villagechief.com/eclipse/ to identify coding
standards discrepancies within apex code
• Java Code Conventions http://www.oracle.com/technetwork/java/codeconventions-150003.pdf
• Understanding Execution Governor & Limits
http://www.salesforce.com/us/developer/docs/apexcode/index_Left.htm#StartTopic=Content/
apex_gov_limits.htm
• Apex Code Cheat Sheet
https://ap1.salesforce.com/help/pdfs/en/salesforce_apex_developer_cheatsheet.pdf
• Visualforce Cheat Sheet
https://ap1.salesforce.com/help/pdfs/en/salesforce_visualforce_developer_cheatsheet.pdf
• Sample Review Results App (with Excel Template & Standards Template):
https://na16.salesforce.com/packaging/installPackage.apexp?p0=04ti0000000gUmO
Mentioned during Discussion
Useful Tools

30. Thank you

31. Share Your Feedback, and Win a GoPro!
3
Earn a GoPro prize entry for each completed
surveyTap the bell to take a survey2Enroll in a session1