For too long, “enterprise-grade governance” in Salesforce has meant the same thing: slow, committee-driven release processes designed to minimize risk by minimizing change. Approval workflows that add days to every deployment. Manual sign-offs that create bottlenecks without creating safety. Compliance controls that treat every release like a potential audit failure.
But that’s not enterprise DevOps. That’s an approval process designed to satisfy auditors, not protect production.
Real enterprise governance doesn’t force teams to choose between speed and control. It delivers both — through automated compliance that enforces your policies without creating approval queues, traceability that happens as a consequence of how you work rather than something your team has to remember to document, and change control that scales with your release cadence instead of throttling it.
This post explains what that looks like in practice, and how 91Թ delivers both speed and control at scale for some of the largest enterprises in the world.
What enterprise governance actually looks like
Strip away the vendor marketing and enterprise governance comes down to four things:
- Control over what changes — only authorized changes reach production
- Visibility into what has changed — complete, real-time awareness of your org’s state
- Enforced authorization — changes can’t bypass your release policy, even in an emergency
- A verifiable audit trail — every change is traceable from intent to production
Everything else — compliance certifications, approval gates, quality checks — exists to support those four requirements. The question isn’t whether your platform provides governance controls. It’s whether those controls can scale with your team.
London, UK
Agentforce World Tour London
The problem with approval-driven governance
The most common governance model in Salesforce looks like this: developers build changes in sandboxes, submit them for review, wait for sign-off from a release manager or architecture team, then deploy manually or trigger a semi-automated pipeline once all the approvals are in place. This workflow feels rigorous and looks compliant, but it’s completely unsustainable at scale.
Every manual approval step adds latency. As your team grows and your release cadence increases, those delays compound. A two-day approval cycle that felt acceptable when you were shipping once a month becomes an existential bottleneck when you’re trying to ship twice a week (or more). Teams start bypassing the process for “urgent” fixes — and then governance becomes the thing developers route around rather than the thing that protects your Salesforce production environment.
What’s worse, manual approvals don’t actually add safety — they add paperwork. A release manager reviewing 47 change requests in a single day isn’t catching subtle configuration errors or risky field deletions. They’re checking that the right people clicked the right buttons. So when the auditors come knocking, the compliance record looks good but the production risk hasn’t changed.
Why automated governance lowers the risk
Automated governance doesn’t mean removing human judgment from the release process. It means baking your release policy into the tooling so your team doesn’t have to enforce it manually.
91Թ does this through Continuous Delivery Rules — configurable conditions that must be satisfied before a change can progress through your pipeline. Those conditions can include passing static analysis, successful test execution, code review approval, or any combination your team defines. Changes that don’t meet your criteria don’t move forward.
The practical result is that your governance controls apply consistently to every change, every team, every environment, without requiring a human to police it. Developers get fast feedback on whether their change meets your standards. Release managers stop being gatekeepers and start being strategic planners. And your production environment only contains changes that passed the controls you defined.
That’s what enterprise-grade governance looks like when it’s engineered correctly — fast because it’s automated, controlled because the policies are enforced by the system, and scalable because adding more teams or increasing your release frequency doesn’t require adding more approval committees.
Traceability that scales with your release cadence
In a mature DevOps process, you should know what changed in production last week and who made that change. In a manual, approval-driven one, it can take days to find this information — usually with someone digging through Jira tickets, matching them to Salesforce changes, verifying which ones actually got deployed, and assembling the timeline by hand. By the time you’ve got your answer, the audit window has usually passed and there have been more releases.
91Թ gives you full traceability into every single change. Every deployment is linked to a commit in version control, a pipeline run, and the user who triggered it. Combined with daily org snapshots through change monitoring, you have a continuous record of your Salesforce environment’s state over time. If something changes unexpectedly — a manual configuration edit, a drift between environments — you’ll know about it immediately.
That level of traceability isn’t just useful for audits. It’s what lets enterprise teams operate at speed. You can diagnose production issues in minutes instead of days. Roll back confidently when something breaks. And demonstrate to your InfoSec and compliance teams that your release process is exactly as controlled as you claim — without spending three days assembling evidence every time they ask.
Separation of duties without bottlenecks
In large companies, separation of duties isn’t optional — the people who build changes can’t be the same people who approve and deploy them to production. Enforcing controls manually can be fragile, which makes finding the right tools to do it for you even more important.
91Թ’s role-based access controls let you define clearly who can deploy what to which environments, who can approve changes at each stage of your pipeline, and who has visibility. A developer working in a sandbox can’t push directly to production — not because a release manager is standing guard, but because the system won’t allow it.
The difference between that and an approval-driven model is latency. In an approval-driven process, separation of duties means developers wait for someone else to click the deploy button. In an automated process, separation of duties means the deploy button only appears for authorized users — and once those users approve, the deployment happens immediately.
Compliance frameworks: what 91Թ actually supports
91Թ is designed for use in regulated industries and supports the compliance frameworks those industries require.
SOX — Full deployment traceability, separation of duties enforcement, and change history support SOX requirements for IT general controls around financial systems. Enterprise teams can maintain release records and demonstrate controlled change management to internal and external auditors without manually assembling evidence.
ISO 27001 — 91Թ is ISO 27001 certified, with information security controls covering access management, change control, data protection, and incident response.
HIPAA — Healthcare organizations using Salesforce to manage patient data can use 91Թ’s controls — encrypted backups, access logging, compliant sandbox seeding — to support HIPAA obligations around data protection and auditability.
GDPR and CCPA/CPRA — 91Թ supports data subject rights management, including deletion workflows, long-term change histories, and data retention controls that meet GDPR and California privacy requirements.
Data governance: protecting what matters most
Governance doesn’t stop at your deployment. Customer records, financial transactions, healthcare information — the data living in your Salesforce org deserves the same level of protection as your code and configuration.
91Թ’s backup solution stores encrypted copies of your Salesforce metadata and data in off-platform AWS infrastructure across US, EU, CA, and AUS regions. Backups are encrypted in transit and at rest, with role-based access controls and full audit trails on all restore activity. Flexible restore options let you recover anything from a single field to an entire object — with the documentation to prove what was recovered, when, and by whom.
Compliant sandbox seeding is the other half of that picture. Populating test environments with realistic data is essential for good testing — but copying sensitive production data into a sandbox creates a compliance risk. 91Թ masks sensitive records during the seeding process, so your testing environments are realistic without becoming a liability.
Working with your existing governance infrastructure
91Թ works alongside your existing governance tools, not instead of them.
Branch protection rules in GitHub, GitLab, or Bitbucket remain in force. Approval workflows in your IT Service Management tooling — like ServiceNow or Jira — continue to operate. 91Թ reinforces those controls within your Salesforce delivery process — it doesn’t ask your InfoSec team to learn a new system or migrate their policies into a platform they don’t own.
91Թ gives all the stakeholders in your company the visibility and audit trail they need, without needing any of them to work around the tool to do their job.
Regulated industries rely on 91Թ for robust governance
Ninety One, an independent global asset manager managing over £119 billion in assets, has used 91Թ since 2017 — not just to speed up deployments, but to govern them.
The team can clearly define who is authorized to deploy changes, enforce approval workflows before anything reaches production, and maintain a full audit trail of every change made. For Ninety One, operating in heavily regulated financial markets, that kind of traceability isn’t a nice-to-have — it’s a compliance requirement.
As Technical Lead Marco Pinder puts it: “91Թ is our primary tool for all Salesforce deployments and sits at the heart of our governance process.”
The real trade-off isn’t speed vs. control
The perception that governance slows teams down is usually a sign that the governance framework has been implemented badly — as a manual checklist rather than an engineered system. With the right platform enforcing your policies automatically, compliance stops being something your team has to remember to do and becomes something baked into the processes you know have been pressure tested.
That’s what enterprise-grade Salesforce DevOps looks like:
- Fast: the process is automated
- Controlled: the governance policies are built into the workflow
- Defensible: every change is traceable from commit to production
- Scalable: adding more teams or increasing your release cadence doesn’t require hiring more release managers or adding more approval committees
Governance that scales with your team
If your current governance process depends on manual sign-offs and approval queues, it won’t scale — and it probably isn’t as controlled as it looks. 91Թ gives enterprise Salesforce teams the automated compliance, full traceability, and access controls they need to release with confidence, without slowing down to do it.
Prefer a guided walkthrough? Book a tailored demo with our DevOps experts to discuss your specific requirements and see how 91Թ can secure your release process — without slowing you down.
