# Audit and Compliance #### How does Charted ensure that its employees do not perform any unauthorized actions during configuration and deployment? While Charted consultants do require admin access to complete configuration and deployment tasks, they do not process any posting transactions in production environments, nor do they modify any configuration settings unrelated to the Charted deployment. This can be independently verified by running NetSuite's standard audit reports and filtering the results by the assigned Charted consultant. #### How can we determine who has modified Charted configuration settings? Audit visibility varies depending on the specific bundle or SuiteApp involved. The following summarizes what is and is not available: · **System notes are available** for the following: Approvals, 3-Way Matching (3WM), Invoice AI settings, OCR rules, AVO settings, certain form changes, Advanced Attachments, Advanced Help, and Check Printing. Note that while system note searches can be created for these areas, system note pages are not displayed by default and must be configured. · **System notes are not currently available** for Payment settings, Invoice AI directions, and SuiteApp permissions. #### How can we track who releases or cancels payments in Payment Automation? Within the Payment History queue, a **Released By** column displays the email address of the user who released each payment, providing a clear record of payment authorization activity. #### How can we track who removed a PDF from the Invoice AI queue, preventing a bill from being generated? This functionality is not currently available. Charted is aware of this limitation and continues to evaluate enhancements to audit capabilities in future releases. #### How can we mask bank account details in system notes? Masking bank details within NetSuite system notes is not currently possible, as this is a limitation of the native NetSuite platform rather than Charted's configuration. Please contact NetSuite support for further information regarding this constraint. #### Does Charted have SOC 1 documentation? Because Charted is fully embedded within NetSuite, it falls under Oracle's SOC 1 compliance program in the same manner as any other NetSuite customization. Additionally, Charted is currently undergoing its first independent SOC 1 audit and will be independently compliant upon its completion. #### Does Charted have SOC 2 documentation? Yes. Charted is SOC 2 compliant and is subject to regular audits to ensure ongoing compliance. SOC 2 documentation is available upon request, subject to the execution of a non-disclosure agreement (NDA). To initiate a request, please contact your Charted consultant or Customer Success representative, who will coordinate the NDA process on your behalf. #### Is Charted GDPR ready? Yes. Charted is GDPR ready and is committed to protecting the privacy and personal data of all individuals whose information is processed through our platform. We have implemented the appropriate technical and organizational measures to support compliance with GDPR requirements. #### Why can't Charted share a login within my NetSuite environment? Shared logins are not permitted in NetSuite because the platform assigns all audit trail activity to the individual user account performing each action. If Charted consultants shared a login, it would be impossible to distinguish between actions taken by each Charted individual. Each Charted consultant is assigned their own named user account so that their activity can be independently verified at any time using NetSuite's standard audit reports, ensuring we keep your environment SOC 2 complaint. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.charted.com/ap-automation/charted-faqs/audit-and-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.