Salesforce Health Check: Free vs Paid Audit
Salesforce ships a built-in Health Check tool. It's free, takes 5 minutes, and gives you a security score out of 100. It's also incomplete — Salesforce's tool only audits security baseline settings, not the broader org issues that cause most problems.
This guide explains what the free Health Check covers, what it misses, and when a paid audit is worth it.
Estimated read time: 6 minutes
What Salesforce Health Check (free) covers
Setup → search Health Check → click into the tool. Scores 0-100 against Salesforce's security baseline.
Categories audited:
- Password policies (length, complexity, expiration)
- Session settings (timeout, IP restrictions)
- Network access (login IP ranges)
- Certificate and key management
- Sharing settings (OWDs flagged if too permissive)
- Login flow (MFA, identity verification)
- High-risk settings (e.g., "Modify All Data" granted broadly)
Score interpretation:
- 90-100: Excellent baseline security
- 70-89: Good, minor remediation needed
- Below 70: Several baseline issues
What free Health Check misses
Salesforce's tool only checks security baseline. It doesn't audit:
- Data quality — duplicates, completeness, validation gaps
- Automation health — broken flows, recursion, deprecated process builders
- Reports and dashboards — unused, stale, inaccurate
- User adoption — license utilization, login patterns
- Performance — slow queries, unbatchable Apex, governor limit risk
- Profile/permission proliferation — too many profiles, overlapping permission sets
- Custom objects — unused objects, fields with no data, schema drift
- Integration health — failed API calls, expired credentials, deprecated endpoints
- Email deliverability — sender reputation, DKIM/SPF/DMARC misconfiguration
- Storage usage — files, attachments, archive strategy
These are the issues that actually cause problems day-to-day.
RevKit's audit options
We offer three audit tiers, all fixed-price, all delivered in 48 hours:
AI Org Audit — $799
- Full-org scan against 12-point checklist
- Ranked findings with severity
- PDF report
- Recommendations per finding
Security Audit — $1,499
- Deep security review (OWDs, profiles, permission sets, FLS, sharing rules, login policies)
- Compliance checks (SOC 2, HIPAA, GDPR)
- Health Check remediation plan
Custom Audit — from $2,500
- Full org review including data, automation, reports, performance
- Integration health check
- Stakeholder interviews
- Customized remediation roadmap
How to choose
Three questions:
- Do you need compliance documentation only? → Free Health Check is enough.
- Do you need actionable findings on the broader org? → Paid audit ($799-$1,499 for most orgs).
- Is this part of a larger transformation? → Custom audit with stakeholder interviews ($2,500+).