change-advisory-board-process
Use when designing, implementing, or auditing a Change Advisory Board (CAB) process for Salesforce deployments — covering change classification (standard, normal, emergency), required approvals, deployment gate sequencing, and integration with external ITSM tooling. NOT for record-level approval workflows (use Salesforce Approval Processes for business-object approvals), NOT for detailed pipeline automation scripting (see devops-process-documentation or pre-deployment-checklist), and NOT for Salesforce DevOps Center pipeline configuration.
Best use case
change-advisory-board-process is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when designing, implementing, or auditing a Change Advisory Board (CAB) process for Salesforce deployments — covering change classification (standard, normal, emergency), required approvals, deployment gate sequencing, and integration with external ITSM tooling. NOT for record-level approval workflows (use Salesforce Approval Processes for business-object approvals), NOT for detailed pipeline automation scripting (see devops-process-documentation or pre-deployment-checklist), and NOT for Salesforce DevOps Center pipeline configuration.
Teams using change-advisory-board-process should expect a more consistent output, faster repeated execution, less prompt rewriting, better workflow continuity with your supporting tools.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
- You already have the supporting tools or dependencies needed by this skill.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/change-advisory-board-process/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How change-advisory-board-process Compares
| Feature / Agent | change-advisory-board-process | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when designing, implementing, or auditing a Change Advisory Board (CAB) process for Salesforce deployments — covering change classification (standard, normal, emergency), required approvals, deployment gate sequencing, and integration with external ITSM tooling. NOT for record-level approval workflows (use Salesforce Approval Processes for business-object approvals), NOT for detailed pipeline automation scripting (see devops-process-documentation or pre-deployment-checklist), and NOT for Salesforce DevOps Center pipeline configuration.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Change Advisory Board Process This skill activates when a team needs to define, implement, or audit a Change Advisory Board (CAB) process for governing Salesforce deployments. It covers ITIL-derived change classification, multi-stakeholder approval design, deployment gating against external ITSM tooling, and coordination with Salesforce's seasonal release upgrade calendar. --- ## Before Starting Gather this context before working on anything in this domain: - Confirm whether the organization already has an enterprise ITSM platform (ServiceNow, Jira Service Management, etc.) — the CAB process must integrate with it, not replace it. - Identify which Salesforce metadata types are in-scope for high-risk classification: Profile/Permission Set changes, Sharing Rules, Validation Rules affecting critical objects, Flow/Process Builder automation, Named Credentials, Remote Site Settings, and any Connected App OAuth scopes. - Establish the next Salesforce seasonal release dates (Spring, Summer, Winter). The sandbox preview window opens approximately 4–6 weeks before the production upgrade, and the production upgrade is rolled out in three waves over several weekends. Deployments staged in or near this window may encounter platform-behavior drift between sandbox and production. - Confirm whether regulated-industry requirements apply (GovCloud for US Federal/HIPAA orgs applies additional Significant Change Notification obligations to the Salesforce trust team). --- ## Core Concepts ### Change Classification Tiers ITIL defines three change tiers that map cleanly to Salesforce deployment governance: - **Standard change** — pre-authorized, repeatable, low risk. Examples: adding a custom field to a non-critical object, updating a report or dashboard, activating a cloned email template. No CAB meeting required; implementation follows a pre-approved runbook. - **Normal change** — requires full CAB review before deployment. Examples: any modification to Profiles or Permission Sets, Sharing Rule changes, Flow deployment to production, new Named Credential or Remote Site Setting, any integration endpoint change. Approval requires sign-off from at least the Salesforce Admin, the relevant Business Owner, and Security/IT where permissions or data access changes are involved. - **Emergency change** — unplanned fix required to restore service or prevent imminent harm. Routed to an Emergency CAB (ECAB), a smaller rapid-response quorum (typically 2–3 approvers rather than the full board). ECAB approvals require a mandatory post-implementation review within 5 business days. ### CAB Runs Outside Salesforce Salesforce does not ship a native CAB feature. The CAB meeting, change ticket lifecycle, and deployment gate enforcement all live in the organization's ITSM platform (ServiceNow, Jira Service Management, Freshservice, etc.). The deployment toolchain (Salesforce CLI, Copado, Gearset, DevOps Center) must be configured to require a valid approved change request number before a production deploy can execute. The CAB process governs when a deployment is authorized; the deployment tool executes it. Attempting to implement CAB governance using Salesforce-native Approval Processes is an anti-pattern (see llm-anti-patterns.md). Approval Processes govern record-level business workflows with no pipeline awareness. ### Seasonal Release Upgrade Windows Salesforce upgrades sandbox environments approximately 4–6 weeks before the corresponding production upgrade. The production upgrade rolls out in three weekend waves. Teams must: 1. Block deployments during the sandbox preview window unless they have been explicitly tested against the preview release. 2. Treat the 7-day period immediately before each production upgrade wave as a soft freeze for anything other than emergency changes. 3. Account for sandbox-to-production behavior drift: a deployment that passes in a pre-upgrade sandbox may fail or behave differently in a post-upgrade production org. The Salesforce Trust calendar (trust.salesforce.com) publishes upgrade dates. The CAB change calendar must incorporate these dates. ### High-Risk Metadata Types Certain metadata types carry inherently higher risk and must always route through a normal (or emergency) CAB, never be pre-authorized as standard changes: | Metadata Type | Risk Reason | |---|---| | Profile / PermissionSet | Can grant or revoke access at scale instantly | | SharingRules / OWD | Changes visibility of records org-wide | | Flow / ProcessBuilder | Can trigger automation loops or mass DML | | NamedCredential / RemoteSiteSetting | Opens or closes external network access | | Connected App OAuth scopes | Changes what external systems can access | | ValidationRule (on critical objects) | Can silently block data entry for users | | CustomMetadata / CustomSetting | Can alter behavior of Apex and automations globally | --- ## Common Patterns ### Pattern 1: ITSM-Gated Pipeline Deploy **When to use:** When the organization uses a CI/CD pipeline (GitHub Actions, Copado, Gearset) and wants CAB approval to be a hard gate before production deploys are allowed. **How it works:** 1. Developer or admin raises a change request in the ITSM tool (e.g., ServiceNow), providing metadata scope, risk classification, rollback plan, and test evidence. 2. The ITSM tool routes the ticket to the appropriate CAB queue based on the change tier. 3. CAB approvers review asynchronously or in a scheduled meeting and set the change request status to Approved. 4. The deployment pipeline checks the ITSM API for the approved change request number before allowing the production deploy step. If the ticket is not in Approved state, the pipeline fails-fast with a descriptive error. 5. Post-deployment, the pipeline updates the change request status to Implemented and attaches a deployment log. **Why not the alternative:** Relying on informal email or Slack approvals creates no audit trail, fails compliance audits, and has no enforcement mechanism to prevent unauthorized deployments. ### Pattern 2: Change Classification Matrix Gating in Pull Requests **When to use:** When the organization wants to shift change classification left — identifying the CAB tier at the point of code review, not at deployment time. **How it works:** 1. A pull request template includes a mandatory "Change Classification" field (Standard / Normal / Emergency). 2. A lightweight PR check script inspects which metadata types appear in the diff and flags if the declared classification is inconsistent (e.g., a Profile change declared as Standard). 3. For Normal changes, PR approval requires a named security or platform architect reviewer in addition to the peer reviewer. 4. The merged PR creates a linked ITSM change request automatically via webhook. **Why not the alternative:** Leaving classification to deployment time means the CAB review happens after development is complete, creating pressure to approve without adequate review time. --- ## Decision Guidance | Situation | Recommended Approach | Reason | |---|---|---| | Org change involves Profile or PermissionSet edits | Normal change — full CAB required | Access control changes are irreversible at scale and have immediate security impact | | Routine report/dashboard update, no data access change | Standard change — use pre-approved runbook | Low risk, high frequency; CAB overhead is disproportionate | | Production system down, Flow causing data corruption | Emergency change — ECAB with 2–3 approvers | Speed required; document and post-review within 5 business days | | Deployment lands in Salesforce seasonal upgrade preview window | Flag for extended testing; treat as Normal minimum | Sandbox-to-production platform drift risk is elevated | | Regulated industry org (GovCloud / HIPAA) | Add Significant Change Notification to Salesforce Trust as additional step | Regulatory obligation; failure to notify can trigger compliance findings | | Integration endpoint or Named Credential change | Normal change — require security team approval | External network access changes need security sign-off | --- ## Recommended Workflow Step-by-step instructions for an AI agent or practitioner working on this task: 1. **Inventory the current metadata scope.** Enumerate all metadata types in the planned deployment. Use `sf project generate manifest` or review the PR diff. Cross-reference each type against the high-risk metadata list to determine the minimum CAB tier. 2. **Classify the change.** Apply the change classification matrix. If any single metadata type in the deployment maps to Normal, the entire deployment is Normal (no mixing tiers in a single change). Document the classification rationale in the change ticket. 3. **Raise the change request in the ITSM tool.** Populate all required fields: classification tier, description of change, impacted business processes, rollback plan, test evidence (sandbox deployment log, test class results), planned deployment window, and approver assignments. 4. **Obtain required approvals.** Normal changes require sign-off from: Salesforce Admin or Release Manager, affected Business Process Owner(s), and Security/IT for any access or integration changes. Emergency changes require the ECAB quorum (minimum 2 named approvers). Do not proceed until the change request reaches Approved status. 5. **Verify deployment window is clear.** Check the Salesforce Trust calendar (trust.salesforce.com) for upcoming upgrade windows. Confirm the planned deploy window is not within 7 days of a production upgrade wave. If it is, either reschedule or escalate to confirm explicit CAB acceptance of the elevated risk. 6. **Execute deployment and capture evidence.** Run the deployment through the approved pipeline. Attach the deployment log and any post-deployment validation results to the change ticket. Mark the ticket Implemented. 7. **Conduct post-implementation review.** For Normal changes, confirm no unintended impacts within 24 hours. For Emergency changes, schedule the mandatory post-implementation review within 5 business days and capture lessons learned. --- ## Review Checklist Run through these before marking work in this area complete: - [ ] Every metadata type in the deployment has been classified against the risk matrix - [ ] Change request exists in the ITSM tool with all required fields completed (scope, rollback plan, test evidence) - [ ] Required approvals have been obtained and are documented in the change ticket - [ ] Deployment window is clear of Salesforce seasonal upgrade waves (check trust.salesforce.com) - [ ] Rollback procedure is documented and has been tested (or the rollback steps are explicitly understood) - [ ] Post-deployment validation plan is defined (smoke tests, data integrity check, user acceptance) - [ ] For Emergency changes: post-implementation review is scheduled within 5 business days --- ## Salesforce-Specific Gotchas Non-obvious platform behaviors that cause real production problems: 1. **Sandbox Preview Behavior Drift** — When Salesforce rolls out the seasonal preview to sandboxes (approximately 4–6 weeks before production), the sandbox may exhibit new platform behaviors (API changes, validation differences, Flow engine updates) that do not yet exist in production. A deployment passing in the preview sandbox can fail or behave differently in the still-on-old-release production org. The CAB change calendar must treat this window as elevated-risk and require explicit sign-off acknowledging the drift. 2. **Permission Set Deployment Does Not Revoke** — Deploying a Permission Set via the Metadata API or Salesforce CLI adds or updates permission entries but does not remove permissions that were manually added in the target org after the last source-tracked state. An LLM or practitioner assuming "deploy from source" produces an exact replica is wrong. The CAB process for access control changes must include a post-deployment audit step comparing expected vs. actual effective permissions. 3. **Profile Metadata Is Full-Replace on Some Attributes** — When a Profile is deployed, certain sections (e.g., field-level security, object permissions) behave as full replacements for the attributes present in the deployed XML — but the XML itself may not capture all attributes if the project was not retrieved with the full Profile. This can silently revoke permissions that were not included in the retrieved file. Any CAB involving Profile changes must require a full Profile retrieval before classification and a post-deploy permission audit. 4. **Approval Processes Are Not CAB Enforcement** — Salesforce Approval Processes govern individual record state transitions (e.g., Opportunity discount approval). They have no awareness of the deployment pipeline, no concept of a change ticket, and cannot gate metadata deployments. Configuring an Approval Process as the CAB mechanism is an anti-pattern that creates a false sense of governance while leaving the deployment pipeline completely ungated. 5. **Regulatory Significant Change Notification (GovCloud / HIPAA)** — Orgs operating under GovCloud or HIPAA arrangements with Salesforce have a contractual obligation to notify the Salesforce Trust team of Significant Changes (e.g., major integration changes, architectural shifts) with advance notice defined in the agreement. This is a step the internal CAB process must trigger — missing it is a compliance violation, not just an operational oversight. --- ## Output Artifacts | Artifact | Description | |---|---| | Change Classification Matrix | Table mapping Salesforce metadata types to CAB tier (Standard / Normal / Emergency) with rationale | | Approval Workflow Definition | Named approver roles, minimum sign-off count per tier, escalation path | | Deployment Freeze Calendar | Rolling calendar with Salesforce upgrade windows, internal freeze periods, and available deployment slots | | ECAB Process Document | Emergency change criteria, ECAB quorum membership, expedited approval steps, post-review requirement | | ITSM Integration Specification | API gate configuration connecting the deployment pipeline to the ITSM change request status | --- ## Related Skills - admin/deployment-risk-assessment — Use before classifying a change to assess blast radius, rollback complexity, and data impact of the planned deployment - admin/devops-process-documentation — Use to document the end-to-end deployment and release process that the CAB process governs - admin/change-management-and-training — Use when the CAB process change itself requires stakeholder communication and adoption planning - devops/pre-deployment-checklist — Use to execute the technical pre-flight checks that feed evidence into the CAB change ticket - devops/release-management — Use for the broader release planning context within which individual CAB-approved changes are scheduled - devops/deployment-monitoring — Use post-deployment to generate the evidence artifacts required by the CAB post-implementation review
Related Skills
change-data-capture-integration
Use this skill when setting up CDC to stream Salesforce record changes to external systems via CometD or Pub/Sub API. Covers change event channels, entity selection, event structure, replay ID management, gap events, and subscriber management. NOT for Apex CDC trigger subscribers (see apex/platform-events-apex). NOT for publishing custom business events (use integration/platform-events-integration).
process-builder-to-flow-migration
Migrate Process Builder processes to record-triggered Flows using the native Migrate to Flow tool or manual rebuild. Covers conversion tool usage, pattern mapping, order-of-execution changes, testing migrated flows, and bulk behavior improvements. NOT for building new flows from scratch, NOT for Workflow Rule migration (use workflow-rule-to-flow-migration), NOT for net-new automation design.
flow-collection-processing
Use when building or reviewing Flow logic that processes lists of records using Loop, Assignment, Collection Filter, Collection Sort, or Transform elements. Triggers: 'iterate over collection in flow', 'flow loop add to collection', 'collection filter element', 'transform element flow', 'update records from collection variable', 'collection sort flow'. NOT for individual single-record retrieval (use Get Records alone), NOT for Apex-based collection manipulation, NOT for flow bulkification performance analysis (see flow-bulkification).
flow-batch-processing-alternatives
Use when a Scheduled Flow or Record-Triggered Flow needs to process more records than Flow can safely handle in a single run. Covers Flow limit realities, scheduled-path chunking, Data Cloud batch transforms, and Apex Queueable/Batch escalation. Does NOT cover choosing async across a general workflow (see async-selection decision tree).
migration-from-change-sets-to-sfdx
Use when planning or executing a migration from change-set-based deployments to Salesforce DX source-driven development. Trigger keywords: 'migrate from change sets', 'move to SFDX', 'convert metadata to source format', 'sf project convert mdapi', 'source-driven development adoption'. NOT for greenfield SFDX project setup (use sf-cli-and-sfdx-essentials), unlocked package design (use unlocked-package-development), or DevOps Center pipeline creation (use devops-center-pipeline).
destructive-changes-deployment
Managing destructiveChanges.xml manifests for safe metadata deletion in Salesforce deployments. Use when deleting metadata components via Metadata API or sf CLI. Covers pre vs post destructive manifests, safe deletion sequencing, dependency handling. NOT for package.xml basics (use metadata-api-and-package-xml). NOT for basic deployment setup (use change-set-deployment).
change-set-deployment
Use when uploading, validating, or deploying a change set between Salesforce orgs through Setup UI. Trigger keywords: 'change set upload', 'validate change set', 'deploy inbound change set', 'change set stuck', 'missing dependency change set', 'change set component error'. NOT for SFDX-based deployments, DevOps Center pipelines, or CI/CD automation — use the sf-cli-and-sfdx-essentials or devops-center-pipeline skills for those.
aml-kyc-process-architecture
Use when designing the architecture for AML/KYC compliance workflows on Salesforce — covering verification orchestration, third-party screening integration patterns, risk scoring design, and regulatory data flow. Triggers: AML architecture, KYC verification workflow design, sanctions screening integration, customer risk rating design, onboarding compliance workflow, watchlist screening Salesforce, FinCEN / FATF obligation data flow, BSA compliance architecture. NOT for implementing KYC data collection forms or FSC Action Plans (use admin/fsc-action-plans). NOT for configuring FSC Identity Verification for contact-center caller authentication. NOT for production screening vendor ISV configuration.
long-running-process-orchestration
Use when designing or reviewing multi-step Apex orchestration that spans multiple transactions, checkpoints state across async boundaries, or recovers from partial failure in a long-running workflow. Trigger keywords: 'multi-step Queueable chain', 'cross-transaction state', 'platform event state machine', 'Finalizer retry', 'orchestrate across transactions', 'workflow progress tracking'. NOT for single-job Queueable design (use apex-queueable-patterns), NOT for Flow Orchestration (use flow/orchestration-flows), NOT for bulk record processing where Batch Apex is the primary tool (use batch-apex-patterns).
change-data-capture-apex
Use this skill when writing or reviewing Apex change event triggers: trigger syntax on ChangeEvent objects, reading ChangeEventHeader fields (changeType, changedFields, recordIds, commitUser), handling CREATE/UPDATE/DELETE/UNDELETE and GAP events in Apex, and configuring entity tracking. NOT for platform events published by application code (use apex/platform-events-apex). NOT for external CDC subscribers via CometD or Pub/Sub API (use integration/change-data-capture-integration).
agent-metric-dashboards
Observability for Agentforce: adoption, deflection, latency, cost, quality. NOT for agent evaluation/testing (see agentforce-eval-harness) or raw platform-event monitoring.
sales-process-mapping
Eliciting, documenting, and structuring a sales process before it is built in Salesforce: stage sequencing, entry/exit criteria per stage, win/loss analysis requirements, and stage transition rules. Use when a business needs to analyse or formalise its sales methodology before any Salesforce configuration begins. Trigger keywords: sales process design, stage discovery, entry criteria, exit criteria, stage gate, win/loss categorisation, sales methodology, pipeline stages, opportunity stage mapping. NOT for configuring OpportunityStage picklist values, Sales Processes, or record types in Setup (use opportunity-management skill). NOT for Path configuration. NOT for Collaborative Forecasts or quota alignment.