Services Hourly Consulting Quick Start Health Check Implementation Recovery
Capabilities Core Salesforce Agentforce AI Consulting Data & Analytics Integrations Custom Development
Financial Services Banking & Lending Wealth Management Credit Unions Insurance
Everything Else SaaS & Tech Professional Services Manufacturing Nonprofit & Education
Blog Latest Posts
Tools Health Score Quiz Agentforce Readiness ROI Calculator Org Health Checklist Implementation Recovery Checklist LAT Extension
Connect Contact Us Partner With Us FAQ
Company About Lovalto Team
← Back to The Lo-Down Governance

Keep a Salesforce change log.

Jun 12, 2026
7 min read
Evan Eichert
Salesforce change log Salesforce governance Setup Audit Trail Salesforce admin release management

Small Salesforce teams need a change log that records why production changes happened, who approved them, what was tested, and how to reverse them.

Key takeaways

  • Record the business reason for every production change.
  • Include affected metadata, test evidence, and rollback plan.
  • Use Setup Audit Trail for evidence, not memory.
  • Require a change log entry before closing production tickets.
  • Review the log weekly for missing approvals and repeated fixes.

Small Salesforce teams do not need a release office. They do need a written record of production changes.

Salesforce records useful audit data. SetupAuditTrail can show many setup changes, who made them, and when they happened. It does not explain the business reason, ticket context, affected users, testing performed, approval path, or rollback plan.

That gap gets expensive when the org has external intake, telephony, compliance fields, backup tools, Shield, managed packages, or multiple consultants touching the same environment. The problem is not intent. The problem is memory.

A small team can fix that with one habit: every production change gets a plain-English change log entry.

What is a Salesforce change log?

A Salesforce change log is a human-readable record of production changes, organized by date, owner, business reason, affected metadata, testing, and rollback plan.

It is not a replacement for version control, deployment history, or SetupAuditTrail. It sits above those records. It tells an admin, operations lead, consultant, or auditor what happened in language they can use.

A useful entry answers seven questions:

  • What changed?
  • Why was the change needed?
  • Who requested it?
  • Who approved it?
  • Which objects, fields, flows, permissions, or integrations were affected?
  • Where was it tested?
  • How would the team reverse or disable it?

The last question matters. Many Salesforce changes are easy to make and harder to unwind.

A validation rule can block intake. A flow update can change Case assignment. A permission set update can expose restricted fields. A phone formatting change can affect click-to-call behavior in a CTI tool. A picklist value change can break a report filter, integration mapping, or automation branch.

The change log does not need special tooling. A Google Sheet, Confluence page, Notion page, or Salesforce custom object can work. The format matters less than the habit.

For most small and mid-market teams, start with these fields:

  • Date deployed
  • Environment
  • Requestor
  • Approver
  • Owner
  • Ticket link
  • Change type
  • Affected metadata
  • Business reason
  • Test evidence
  • User impact
  • Rollback plan
  • Post-deployment check
  • Related release note or vendor note

Keep the language plain. “Updated Case_Status__c picklist values for the Retool intake process” is useful. “Case process cleanup” is not.

Why is Setup Audit Trail not enough?

Setup Audit Trail records many setup events, but it does not capture the full decision record behind a Salesforce change.

That distinction matters. Audit data tells you an event happened. A change log explains the operating decision.

For example, Setup Audit Trail may show that an admin changed a flow, edited a field, or updated a permission set. It will not reliably answer:

  • Was this requested by sales, service, compliance, or IT?
  • Was the change tied to a production incident?
  • Did the team test the external portal, CTI behavior, or downstream reporting?
  • Was the change intended to be temporary?
  • Which users were notified?
  • Which consultant or admin had the context?
  • What should be checked if cases stop routing correctly?

Salesforce also places limits around native audit and history records. Setup Audit Trail is not a permanent documentation system. Field History Tracking has retention rules and must be enabled on specific fields. Deployment history shows deployment activity, not the business decision behind it.

This is where teams get surprised. They assume Salesforce is “tracking changes,” then discover it is tracking a different layer than the one they need.

Use native audit tools for evidence. Use the change log for memory.

A practical governance pattern looks like this:

  1. Ticket records the request and acceptance criteria.
  2. Sandbox testing records the test outcome.
  3. Deployment tool records the metadata move.
  4. Setup Audit Trail records setup activity.
  5. Change log records the business context.

None of those layers replaces the others.

What should admins put in a Salesforce change log?

Admins should record the minimum information needed to support, audit, and reverse the change later.

Do not turn the change log into a novel. If every entry takes 30 minutes, the habit will die. The right entry usually takes 3 to 7 minutes after deployment because the details already exist in the ticket.

Use this format as a starting point.

Example entry

Date deployed: 2026-06-12
Environment: Production
Requestor: Service operations
Approver: Head of operations
Owner: Salesforce admin
Ticket: CU-12345
Change type: Flow update
Affected metadata: Case, Case_Assignment_Flow, Support_Tier__c, Origin
Business reason: Route external portal cases to the correct support queue by support tier.
Test evidence: Tested 6 case creation paths in full sandbox. Confirmed queue assignment, email alert, and required fields.
User impact: New portal cases may route to 3 queues instead of 1 shared queue.
Rollback plan: Deactivate version 14 and reactivate version 13 of Case_Assignment_Flow.
Post-deployment check: Create 3 test cases from the portal and confirm queue assignment.

That entry is short. It gives the next person enough context to work safely.

Use controlled values for change type. These are usually enough:

  • Flow
  • Validation rule
  • Permission
  • Field
  • Page layout or Lightning record page
  • Integration
  • Data load
  • Managed package
  • Report or dashboard
  • Email or notification
  • Security or compliance
  • Release update

Be specific in Affected metadata. Name the object and API names where possible. Write Contact.MobilePhone, Case.Origin, or Do_Not_Call__c instead of “contact fields.”

For integrations, include the connected system. If the change affects Talkdesk, Retool, OwnBackup, Shield, a direct mail tool, or another external service, say so.

Small teams often lose time because they treat “Salesforce change” and “integration change” as separate records. They are not separate to the user.

How should a small team maintain the change log?

A small team should update the change log as part of the release process, not as a cleanup task later.

Put the change log at the end of every production deployment. It should sit in the same checklist as smoke testing and user communication.

A lean process can look like this:

  1. Request comes in through a ticket, email, or meeting note.
  2. Admin or consultant writes acceptance criteria.
  3. Change is built in sandbox.
  4. Change is tested against the affected workflow.
  5. Approver confirms the change is ready for production.
  6. Change is deployed.
  7. Smoke test is completed in production.
  8. Change log is updated before the ticket is closed.

The key rule is simple: no closed ticket without a change log entry for production changes.

There are exceptions. You do not need a full entry for every report filter change or personal list view. But if the change affects shared business process, security, automation, integrations, data quality, or compliance, it belongs in the log.

Use a short weekly review if the org changes often. Fifteen minutes is enough. Review what changed, what is pending, what failed testing, and what needs communication. This is also where you catch changes that happened outside the process.

For consultants, the change log reduces dependency. The client should not have to ask, “What did you change last month?” The answer should already exist.

For internal admins, the change log protects focus. If a manager asks why a flow behaves a certain way, the admin can point to the decision record instead of reconstructing history from memory.

For auditors and compliance reviewers, the change log shows control. It does not replace formal controls, but it shows the team has a repeatable habit.

A good change log also improves release planning. After 60 to 90 days, patterns become visible:

  • Too many urgent production fixes
  • Repeated changes to the same flow
  • Permission changes without clear approval
  • Data loads that should use a staging object
  • Integration changes missing post-deployment checks
  • Reports used as operational controls

Those patterns tell the team where to invest next. The answer may be better sandbox testing. It may be version control. It may be fewer direct admin changes in production. It may be a clearer intake form.

Start with the change log before buying heavier tooling. Small teams need discipline before process software.

What can admins do this week?

Admins can create a shared change log, add the fields above, and require one entry for every production change that affects users, data, automation, security, or integrations.

Do not backfill the last 3 years. Start with the next production change. Add a link to the change log in your deployment checklist. Add a checkbox to the ticket: “Production change log updated.”

Then review the log once a week for 15 minutes.

The practical takeaway: write down the decision, not only the deployment. Future you will need the reason, not only the timestamp.

Need Expert Salesforce Guidance?

Whether you're planning a new implementation, need a health check, or want to optimize your existing org, we're here to help.

Get in Touch