Netsuite is Oracle's ERP Cloud (or Fusion) applications 'younger sibling', and as of mid 2023 is growing arguably as fast, rather than being in the shadows. Here at Seecuring we have evaluated many Enterprise applications, and Netsuite has one of the best and most obvious security and controls setup of them all.
Why?
Many applications do not provide adequate controls around
data being uploaded into the application. For many years executives claimed that moving to Cloud based applications
was being withheld because of fears over how data would be handled by the vendor.
What perhaps they were not looking at was how
data being imported by employees and contractors would be taken care of. After all data needs to get to the Cloud from the previous/existing
systems, and being able to export then import is a key process to solving this issue.
The problem arises with how this data is imported, think about these control questions:
* What approval process do we have for importing Journals, Sales and other key financial data?
* What segregation of duties can we put in place to ensure that one person is not responsible for all data import?
* How do we know who has imported data?
In many applications, data can be uploaded into the Production environment free of any workflow approvals, segregation and accountability!
But not for Netsuite, and you should be using this functionality!
Netsuite has a solution to
the problem of data upload, and it is well designed and easy to use.
The Import Advanced Options part of Netsuite allows for Workflow Approval along with any SuiteScript execution on an import:
This control can be set so that it is not overridden by a user as well, ensuring an extra layer of security.
In addition to this control point, users who do not have the import permission related to the import type cannot perform imports for that area. For example if a user doe snot have the permission to import Journals, they will not be able to upload Journals. Seems obvious (again) but many applications have a 'blanket' one size fits all approach to importing data.
Without these controls you may be forced to do a 'look back' to understand who and what data was uploaded.
We highly recommend using this solution from Netsuite if you haven't already, there are a large number of areas where data can be imported to including:
* Journals
* Employees
* Purchase Orders
* Sales Orders
and many more..
Seecuring provides everything from training through to full evaluation of your application controls. We can provide results and get you on the path to resolving any issues within a week!
Segregation of Duties.
Sensitive Access.
User Access Reviews.
Patch Impact Analysis & Configuration Changes.
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.
To discuss your requirements, you can schedule a call with us: