Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CRM backups or audit trails? Yes, please

David Taber | July 31, 2015
You’d think that either thorough backups of your CRM system or full audit trails would be enough to keep you out of trouble. Life should be so simple.

Archive copies for audits, compliance and legal discovery. I am an expert witness, and I can assure you that almost nobody keeps all the data they should to help them prosecute or defend a legal matter three to six years in the future. And yes, that's typically when it will happen. You want to make sure you have data to prove your point in wrongful-termination, IP theft, abusive sales tactics, stockholder complaints and other suits that may come your way. 

The first level of defense is a complete image of data and metadata on write-once media (that assures nobody tampers with/discredits your data). A weekly data and metadata export saved on a DVD or two will do the trick--and don't throw them away until they're seven years old. There are also automated third-party cloud backup solutions to address this requirement. But then there are those two SFDC mystery tables I've mentioned above that aren't available via the API. These you can dump manually: the login history and setup audit trail can be exported to a CSV file and must be exported to write-once media at least every 180 days (as data older than that falls over the storage horizon). So what do you do if you've got a legal action and you didn't store the archive images?  Well, in the land of SFDC they may be able to recover it from their internal data streams (used to populate their DR sites, etc.). But to get that recovery done is a consulting project that may end up costing thousands of dollars per relevant object recovered. And that's if it can be recovered. No, I am not kidding. So...go back to the top of this section and do the right thing from this moment on.

Audit trails to reconstruct the evolution of records. All the discussion so far has been about static snapshots in time, and the techniques provide little in the way of timeline or sequence of changes. The "whodunit" analysis requires field name, before value, after value, changerID and time of change. Salesforce does provide field-level audit trails that fill the bill nicely, but by default you get only 20 of them and they're not guaranteed to stay around make sure you backup those history tables along with the rest of the data. But even if you have all the limits removed or write your own audit-trail enhancements, audit trails are only really practical for analytics. I know of no products that can use audit trails to "play the system state forward" from a backup image to a specified point in time. I'm sure you could write something for that and maybe your data warehouse team would love this project, but it's a significant R&D effort. The situation is far bleaker regarding metadata the changes aren't recorded with enough detail to "play the system configuration forward" from a snapshot.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.