Real-Life Salesforce Architecture Review Checklist I Actually Use

Salesforce Architecture Review Checklist

Checklist:

• Is this request solving a tangible business need?
• Is there an existing feature that does this already?
• Can the business explain the value in one sentence?

🧠 Real Scenario:

Client: “We want a custom approval flow for expense requests.”

Me: “Why not use native Approval Processes?”

Client: “Because we didn’t know that existed…”

Lesson: Most technical debt starts when we build before we ask.

Checklist:

• Are there Flows and Apex Triggers running on the same object?
• Is everything bulk-safe? No SOQL/DML in loops?
• Are async options used appropriately? (Queueable, Batch, Platform Events)

🧠 Real Scenario:
A Flow saved a record, which triggered Apex, which re-fired the same Flow = infinite loop.
We found this during a UAT dry-run. Debug logs were longer than my coffee break.

Tip: Use Entry Criteria, Asynchronous Paths, and Trigger Frameworks smartly.

Checklist:

• Are custom objects justified or overkill?
• Is the parent-child relationship modeled correctly?
• Are we overusing formula fields and cross-object references?
• Are field names and descriptions meaningful?

🧠 Real Scenario:

Found 7 custom objects named: Customer_Info_1, Customer_Info_2, and so on.
None were being used. They were “temporary.” That was 2 years ago.

Tip: Install "Field Trip" or run Optimizer report regularly.

Checklist:

• Apex is bulkified and governor-limit safe
• Code is modular — logic is in handlers, utilities, services
• No hardcoded IDs, RecordTypeIds, UserIds
• Null checks and try-catch used wisely

🧠 Real Scenario:
Hardcoded RecordTypeId caused a deployment failure to UAT.
UAT had different IDs — of course.

Quick Fix: Use Schema.SObjectType.Account.getRecordTypeInfosByName().get('Customer').getRecordTypeId();

Naming Convention Tip: AccountTriggerHandler, OpportunityService, CaseBatchJob — name things like you’ll hand it to another developer in 6 months (because you will).

Checklist:

• FLS and CRUD enforced manually in Apex & LWC
• Proper Sharing Settings respected (Use with sharing)
• Sensitive fields (like Salary, Aadhar, PAN) are protected
• No unnecessary use of “Modify All Data” or System Mode

🧠 Real Scenario:

Sales team in Mumbai could access salary details of employees in Pune.
Why? Because someone used “without sharing” and skipped field-level checks.

Fix: Use Security.stripInaccessible() in Apex + use permission sets for least privilege.

Checklist:

• At least 85% test coverage with real business scenarios
• Test data created using @testSetup methods
• Negative tests written (e.g. null, empty string, no records)
• External calls (Named Credentials, HTTP) mocked using HttpCalloutMock

🧠 Real Scenario:

A flow that called an external system failed in Production because the API key expired.
No one tested that failure path.

Tip: Use mocks + retry mechanisms. Also log errors in custom Error_Log__c object for monitoring.

Checklist:

• Report Types created for all major objects
• Important fields are field-tracked
• Data is stored in a way that’s reportable (not only in long text area or attachments)
• There’s a dashboard for each module/feature launched

🧠 Real Scenario:

Built a lead scoring model… but no report on how scores were trending.
Sales team: “Cool, but how do we trust the score?”

Fix: Build a “Lead Health Audit” dashboard that compares old vs. new scores.

Checklist:

• Flows, Apex, Rules, Reports follow naming standards
• Every automation is documented with purpose, owner, last updated date
• Field labels and help texts are user-friendly
• A short Loom or Notion doc explains how the feature works
• Feature flags or Custom Metadata used for toggling logic

🧠 Real Scenario:

Had a process named: “DoNotDelete_UseThisMainFlow_New2”.
No one knew what it did. When we deleted it — guess what — the portal broke.

Tip: Own less, maintain better. Keep your metadata meaningful.

Salesforce Best practices for architects

Salesforce Technical Review Checklist

Salesforce design review process