Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community

Org Configuration Rules

2 min read

The following table shows the list of Salesforce Org Config rules that are checked by Quality Clouds.

Best Practice DescriptionSeverityImpact Area
Ratio of Custom Objects to Standard Objects – HighHigh (if ratio is over 30%)Manageability
Ratio of Custom Objects to Standard Objects – MediumMedium (if ratio is over between 20% 30%)Manageability
Ratio of Custom Objects to Standard Objects – LowLow (if ratio is between 10% and 20%)Manageability
Too many Apex Classes (Over 50 – Does not include Test Classes or Downloaded Apps)MediumManageability
Too many Roles (over 20)MediumManageability
Too many branches on Role HierarchyMediumManageability
Too many Custom Reports over used objectsMediumManageability
Too much Views over used objectsMediumManageability
Too many Profiles and Permission SetsMediumManageability
Avoid having more than one Apex Trigger per ObjectMediumManageability
Too many Reports and Views without folder assignedMediumManageability
The percentage of asynchronous classes is too HighLowManageability
The instance has more than 5.000 lines od APEX codeWarningManageability
Coverage of Unit Tests is less than 75%WarningManageability
Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is disabledMediumSecurity
Cross-Site Request Forgery (CSRF) protection on POST requests on non-setup pages is disabledMediumSecurity
Clickjack protection for non-setup Salesforce pages is disabledMediumSecurity
Clickjack protection for customer Visualforce pages with standard headers turned on is disabledMediumSecurity
Clickjack protection for customer Visualforce pages with standard headers turned off is disabledMediumSecurity
Clickjack protection for setup pages is disabledMediumSecurity
The browser is not prevented from inferring the MIME type from the document content and from executing malicious filesMediumSecurity
Cross-domain session information is exchanged using a GET request instead of a POST requestMediumSecurity
Protection against reflected cross-site scripting attacks is disabledMediumSecurity
The IP addresses in Login IP Ranges are enforced only when a user logs inMediumSecurity
There is no sessions time out for inactive usersMediumSecurity
Visualforce, Salesforce sites, or Communities must use HTTPSMediumSecurity
Prevent Unauthorized used of session IDMediumSecurity
HTTPS is not required to log in to or access SalesforceMediumSecurity
Inactivity Time WarningWarningSecurity
Session Policy – Enable Content Security PolicyMediumSecurity
Password policy complexity too weak – No restrictionsHighSecurity
Password policy complexity too weak – Alphanumeric restriction onlyHighSecurity
Password Policy Expiration too weak – NeverMediumSecurity
Password Policy Expiration too weak – Six monthsMediumSecurity
Password Policy Expiration too weak – One yearMediumSecurity
Password Policy Repetition is too weakMediumSecurity
Password Policy Max Login Attempts too wideMediumSecurity
Password Policy Minimum Password Length too weakHighSecurity
Password Policy: Obfuscate the Secret AnswerMediumSecurity
Password Policy Password Hint contains passwordMediumSecurity
Avoid using the Attachments ObjectMediumManageability
Updated on March 21, 2025
Was it helpful ?

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .