# Audit and Compliance #### How does Charted ensure that its employees do not perform any unauthorized actions during configuration and deployment? While Charted consultants do require admin access to complete configuration and deployment tasks, they do not process any posting transactions in production environments, nor do they modify any configuration settings unrelated to the Charted deployment. This can be independently verified by running NetSuite's standard audit reports and filtering the results by the assigned Charted consultant. #### How can we determine who has modified Charted configuration settings? Audit visibility varies depending on the specific bundle or SuiteApp involved. The following summarizes what is and is not available: · **System notes are available** for the following: Approvals, 3-Way Matching (3WM), Invoice AI settings, OCR rules, AVO settings, certain form changes, Advanced Attachments, Advanced Help, and Check Printing. Note that while system note searches can be created for these areas, system note pages are not displayed by default and must be configured. · **System notes are not currently available** for Payment settings, Invoice AI directions, and SuiteApp permissions. #### How can we track who releases or cancels payments in Payment Automation? Within the Payment History queue, a **Released By** column displays the email address of the user who released each payment, providing a clear record of payment authorization activity. #### How can we track who removed a PDF from the Invoice AI queue, preventing a bill from being generated? This functionality is not currently available. Charted is aware of this limitation and continues to evaluate enhancements to audit capabilities in future releases. #### How can we mask bank account details in system notes? Masking bank details within NetSuite system notes is not currently possible, as this is a limitation of the native NetSuite platform rather than Charted's configuration. Please contact NetSuite support for further information regarding this constraint. #### Does Charted have SOC 1 documentation? Because Charted is fully embedded within NetSuite, it falls under Oracle's SOC 1 compliance program in the same manner as any other NetSuite customization. Additionally, Charted is currently undergoing its first independent SOC 1 audit and will be independently compliant upon its completion. #### Does Charted have SOC 2 documentation? Yes. Charted is SOC 2 compliant and is subject to regular audits to ensure ongoing compliance. SOC 2 documentation is available upon request, subject to the execution of a non-disclosure agreement (NDA). To initiate a request, please contact your Charted consultant or Customer Success representative, who will coordinate the NDA process on your behalf.