The AI demos always look clean. The post-rollout invoices look less clean: one mass-update that bypassed FLS, one field deletion with no dependency check, one "temporary" admin grant that became permanent. Most orgs only find this out the third time it costs them a weekend.
The full 50-point checklist is in the PDF — drop your work email further down the page and the printable copy lands in your inbox in seconds. The summary below is the shape of what's inside so you know what you're getting.
Industry-avg AI readiness score
Automations on a single object (median Opp)
To remediate one bad delete (~$200/hr)
Typical license utilization across all seats
What the 50 checks cover
Eleven dimensions, scored out of 50 total. Each item in the PDF is a one-line yes/no check you can answer in under a minute. Vendor-neutral — works whether you're evaluating Agentforce, Copilot, Einstein, third-party, or in-house.
Start here: is your org even ready?
Vendors that skip the readiness scan and assume your org is clean.
Permissions & access
Agents that run as System Administrator or self-grant Modify All to get unblocked.
Change safety & deployment
Direct-to-prod edits, no sandbox, no real rollback package.
Blast radius: what it breaks
No dependency check before deleting a field; stacking on broken automation.
Human control
Irreversible operations (mass DML, field deletes) running without confirmation.
Accountability & documentation
Changes that don't land in Setup Audit Trail with provenance.
Data handling & security
PII pulled into LLM context unmasked; unclear data residency.
Compliance & certifications
SOC 2 Type II, ISO 27001, GDPR DPA, HIPAA BAA — certified vs 'in progress'.
Vendor trust & credibility
Demo-org-only references; logo walls instead of named outcomes.
ROI: the math the demos skip
Hours-saved without counting remediation hours; cleanup billed as consulting.
Can it actually do the work?
Tools that document the mess and hand it back instead of fixing it.
A taste of what's inside
Three checks lifted verbatim from the PDF, one each from the highest-leverage dimensions, so you can calibrate the format before you download.
“Runs on a least-privilege permission set, not the System Administrator profile.”
Custom permission set, scoped to the objects and fields the agent actually needs. Anything that demands SysAdmin is a vendor admitting it didn't do the scoping work.
“Runs a dependency check before deleting or changing a field.”
Walks rules, flows, reports, layouts, and Apex first. Setup → 'Where is this used?' as a precondition, not an afterthought. This single check prevents the 15-30 hour remediation that anchors most of the ROI math.
“Counts remediation hours, not just hours saved.”
If a tool saves 40 hours per week but creates one 25-hour cleanup every two weeks, the net is real but smaller than the headline. Honest ROI puts both columns on the same page.
The other 47 checks follow the same shape: a one-line check, a one-line "what it catches." Download the PDF for the full list.
The red flags
If a vendor says any of these out loud during a demo, walk. These six are the failure modes that cause the 15-to-30-hour remediations from dimension 10.
Walk if you hear
Six phrases that mean the vendor failed the checklist before you ran it.
- It runs as admin so it never gets blocked.
- It edits production directly, it's faster.
- Rollback? We'll help you fix it manually.
- Can't answer 'what references this field?'
- Only ever demos on a clean dev org, never your messy prod.
- Only makes your org ready for its own AI, not any platform.
How to score
One point per check that passes. Total possible: 50. Most vendors we audit score in the high 20s on first pass.
Trust it in production
The hours-saved math is finally safe to believe. Roll out with normal change controls.
Proceed with guardrails
Keep a human in the loop on every change. Re-score after 90 days; expect either fast improvement or a clear ceiling.
Don't let it near prod yet
Clean the foundation first. Most vendors that score here ship the cleanup as billable consulting on top.
Where this came from
Neil Sarkar (Co-Founder, Clientell) compiled the 50 checks from 1,000+ org reviews where the dominant pattern was the same: the AI worked beautifully in the demo, then quietly broke the org over the following month. The PDF is the audit sheet our team carries into every vendor-evaluation call.
While you're here, the Agentforce Readiness 47-Point Checklist covers the org-readiness side of the same problem, and the Salesforce Permissions Audit Checklist is the deep-dive on dimension 02.