Automated Task Management for ISO 27001 Compliance

Building on my experience supporting the Salesforce Help Desk, I was soon trusted with my first automation project—an enhancement to HR tickets for employee lifecycle events—tied to the company’s pursuit of ISO 27001 certification.

In addition to this hands-on project work, I also served as the Salesforce SME on the company’s ISO 27001 security committee, providing input on the platform’s access controls, field-level encryption capabilities, and overall data security posture, including encryption of data in transit and at rest.

What I Built

I created three workflow rules in Salesforce—triggered when an employee was hired, terminated, or transferred. Each workflow automatically generated and assigned a set of tasks to the relevant individuals. These tasks included essentials like:

• Reviewing and adjusting user access and permissions across the company’s technology platforms

• Completing other role-specific onboarding or offboarding activities required for compliance

By automating these task assignments and linking them to the original ticket, the company could ensure timely execution and maintain a clear audit trail.

Key Takeaways & Lessons Learned

This project gave me practical experience following the Salesforce development lifecycle from start to finish:

🌸 Requirements Gathering:
I reviewed the requested automation carefully to ensure I fully understood the triggers and expected outcomes for each employee event (hire, term, transfer).

🌸 Design:
I planned the workflow structure—including entry criteria, task creation, and assignment—documenting the design decisions to ensure clarity and maintainability.

🌸 Development:
I built the automation in Salesforce using Workflow Rules, keeping the configuration simple, readable, and aligned with the company’s process needs.

🌸 Testing:
I thoroughly tested each scenario in a sandbox environment, verifying that the correct tasks were created and assigned as expected before deploying to production.

🌸 Deployment:
After confirming successful sandbox testing, I attained stakeholder approval, moved the automation into production, and monitored it closely to ensure proper function in the live environment.

Reflections

At the time this solution was built, Workflow Rules were the best tool for the job. It was Salesforce best practice to meet requirements with the simplest tool available. Since the automation needs were straightforward (creating and assigning tasks), Workflow Rules were an appropriate choice.

If I were building this today, I would use Flow, which offers greater flexibility and allows for a single, consolidated automation rather than multiple separate processes—resulting in a cleaner, more maintainable solution.