Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Salesforce Administrator
hard

How would you enforce data classification and audit access using Shield, Event Monitoring, and related tools?

Data classification and audit aren't a single feature — they're a layered set of platform controls.

Data Classification (the metadata) lives on every field in Object Manager. You assign each field a Compliance Categorization (PCI, PII, HIPAA, GLBA, etc.), a Data Sensitivity Level (Public, Internal, Confidential, Restricted, Mission Critical), and a Data Owner. This metadata is reportable but doesn't enforce anything by itself — its purpose is to give you (and tools downstream) the information to enforce policy.

Salesforce Shield is a paid suite that adds three things:

  • Platform Encryption — encrypts data at rest using tenant-managed keys. Lets you encrypt selected standard fields (Account.Name, Contact.Email), all custom field types that support it, and files. Critical caveat: encrypted fields can break some declarative features (formulas referencing them, certain SOQL filters), so you don't blanket-encrypt — you encrypt the fields the classification metadata flagged as Restricted/Mission Critical.
  • Field Audit Trail — extends field history retention from 18-24 months to 10 years, and stores it in a separate, queryable archive.
  • Event Monitoring — produces detailed event log files of API calls, logins, report exports, file downloads, URI clicks, Apex executions, and more. Files are typically delivered hourly to a separate SObject or to S3 via a connector. This is what gives you "who exported this report at 3am" granularity, which standard audit logs can't.

Transaction Security Policies sit on top of Event Monitoring streams to block or flag in real time. Example: block any user trying to export a report containing PCI data from outside the corporate IP range — Shield evaluates the event, matches the policy, and intervenes.

Event Monitoring Analytics App turns the raw log files into pre-built dashboards (login geo distribution, report export anomalies, slow Apex). For orgs without Shield, Setup Audit Trail gives you a 6-month log of metadata changes — useful but much shallower than Event Monitoring.

A working policy looks like: classify your sensitive fields once, encrypt only the truly sensitive ones via Shield, route monitoring data into a SIEM, and back it with Transaction Security Policies for the high-risk operations.

Why this answer works

This question is asked by mature security-conscious organisations and especially in regulated industries. The interviewer wants to see you can compose multiple features into a policy, not just describe each. Mentioning Transaction Security Policies and the encryption side-effects (formulas/SOQL) signals real Shield experience.

Follow-ups to expect

Related dictionary terms