We are very excited to announce that three of our own—Andy Snook, Mark Polino, and Zach Wear—recently published a book, NetSuite Security & Audit Field Manual. Their goal with this book was to help people to looking to understand application security within NetSuite. Most security books are either heavy on theory or narrowly application focused. This book tackles key security and audit principles and provides help to apply those principles to NetSuite.
The NetSuite Security & Audit Field Manual will guide you through the principles and applications in eight key sections:
The book focuses six key ERP security principles that are woven through the text. The six principles are
- Access Review and Certification – ensuring and validating appropriate access
- Role Management –security design to reduce conflicts and improve administration
- User Provisioning – processes used to create and manage users
- Emergency Access Management – processes and policies for temporary, elevated privileges
- Monitoring – observing transaction activities in the system to detect issues
- Segregation of Duties/Risk Assessment –internal controls that attempt to ensure that no single individual has the authority to execute two or more conflicting, sensitive transactions with the potential to impact financial statements
Security Design is the foundation of lasting, flexible security. Strong security design is crucial in understanding how roles and permissions are defined and assigned. This chapter covers essential elements for designing NetSuite security.
Access Control is the fundamental first line of defense and the book covers good access control principles focused on creating and managing NetSuite users.
Security setup is where good security design gets applied. The Security Setup chapter delves into the details of roles, permissions, and global permissions to help users put design into practice.
Other Controls & Mitigations
Application security alone is never enough to provide appropriate depth of security and NetSuite offers plenty of additional controls, including options like built-in workflow and audit trails, to supplement application security.
Customizations and Scripts
NetSuite’s powerful scripting options are key component of its power. The chapter on Customizations and Scripts addresses how to keep that power focused on helping the organization.
Additional Control Considerations
There are always a few control items that don’t fit well in other places so some important leftovers, like backup and restore, are collected here.
NetSuite is used by many organizations with audit requirements including publicly traded firms, large not-for-profit organizations, more. The intent of the Auditing NetSuite area is to make it easier for both auditors, and companies subject to an audit, to understand how NetSuite security works and to access commonly requested audit items.
If you are interested in learning more or ordering a copy of the book, please follow this link.