Advanced Audit Trail overview
Related information
Related topics
When you subscribe to Advanced Audit Trail, you can track access to personal data stored in contact, customer, and supplier records to comply with data protection laws, such as HIPAA.
This feature may impact your contract with Sage Intacct, so you cannot subscribe or unsubscribe to Advanced Audit Trail on your own. Instead, call your account manager to manage your subscription to Advanced Audit Trail.
Advanced Audit Trail tracking
Advanced Audit Trail tracks access to personal data stored in contact, customer, or supplier records. This means Advanced Audit Trail logs an access anytime a user has access to a contact, customer, or supplier record in your Sage Intacct instance. Some examples of personal data access include:
- opening a list that includes a contact, customer, or supplier.
- choosing a contact, customer, or supplier from a dropdown list for a transaction.
- reading a report that includes contact, customer, or supplier records.
- running a query through the API that includes contact, customer, or supplier information.
For a full list of access actions, see Advanced Audit Trail actions.
These logged access entries are stored behind the scenes until you generate the Advanced Audit History report, which shows access of personal data stored in customer, supplier, and contact records in your company.
Personal data includes:
- Names
- Addresses
- Dates (start date, end date, date of birth, etc.)
- Phone numbers
- Fax numbers
- Email addresses
- Social security numbers
- Account numbers (credit card, ACH, bank, etc.)
- URLS
- IP addresses
In Sage Intacct, data capturing for the Advanced Audit Trail started in May 2018. When viewing historical data, you may notice that data captured prior to October 2019 may be partially unavailable.
Exceptions
The table below lists scenarios in which Advanced Audit Trail does not track access to personal data in your Sage Intacct instance.
| Exception | Explanation |
|---|---|
|
Copied companies |
Advanced Audit Trail cannot track access to copies of your Sage Intacct company. However, upon your request and written permission, we sometimes must copy a company to make a data correction or investigate a deeper problem. If Sage Intacct has copied your company for any reason, the access is limited to specified individuals who will be treated as having had access to all personal data in your Sage Intacct instance. After we have closed your support case, run and export the Advanced Audit History report to capture personal data access in your copy company. Be sure to store this exported report in your records. Per Sage Intacct policy, it is your responsibility to extract data from this environment before it is deleted. This includes the Advanced Audit History report. If you fail to run, export, and store this report before the environment is deleted, you could possibly miss additional personal data access not captured by the Advanced Audit History report in your production instance of Sage Intacct. Sage Intacct is not responsible for any access made by third parties who may copy your company data upon your own request. |
|
Preview companies |
Advanced Audit Trail cannot track access to preview instances of your Sage Intacct company. If you have a preview company, run and export the Advanced Audit History report to track personal data access in your preview company. Be sure to keep this exported report in your records. Per Sage Intacct policy, it is your responsibility to extract data from this environment before it is deleted. This includes the Advanced Audit History report. If you fail to run, export, and store this report before the environment is deleted, you could possibly miss additional personal data access not captured by the Advanced Audit History report in your production instance of Sage Intacct. |
|
Field-level tracking |
Advanced Audit Trail cannot determine which field in particular was accessed. Instead, it tracks which customer, supplier, or contract object records were accessed. |
|
Customer ACH and Customer bank accounts |
Because Customer ACH and Customer bank account information is stored in separate objects from the customer record, Advanced Audit Trail does not track access to personal information held in these objects. These items are encrypted and protected under our PCI policy. |
|
Employee and user personal information |
The purpose of Advanced Audit Trail is primarily to serve as a solution for HIPAA. User and employee records are not used as healthcare patient records, so access to that data is not tracked. If your company has HIPAA compliance requirements, then you may not use the employee records to input and store protected health information. See Advanced Audit Trail and HIPAA compliance for more details. |
|
Company bank accounts, credit card signatures, and other information |
Advanced Audit Trail only tracks access to personal data stored in the customer, supplier, and contact objects. Company information, company bank accounts, and company signatures are not considered personal data. |
|
Orphan mail addresses |
Access to mail addresses not attached to a contact, supplier, or customer record is not tracked by Advanced Audit Trail. |
|
Custom objects and custom fields |
Sage Intacct is not responsible for any access to custom objects or custom fields which hold sensitive personal data or protected health information. For example, if you add a custom contact field to a standard object, the field still won't be tracked as Advanced Audit Trail only tracks access to the contact, customer, and supplier standard objects. If your company has HIPAA compliance requirements, then you may not use custom fields to input and store protected health information. See Advanced Audit Trail and HIPAA compliance for more details. |
|
CPA slide-in users |
To support and optimize the most precise tracking to personal data held in your Sage Intacct instance, we recommend enabling named slide-in users in your company if you're using Advanced Audit Trail, and disabling the Subordinate company setting. You can verify this setting with your Sage Intacct VAR partner. |
|
Attachment |
Since attachments are external documents stored in Sage Intacct for a variety of different uses, it is impossible to determine what sort of information they hold. For this reason, Sage Intacct does not track access to attachments. See Best practices for attachments for more information. If your company has HIPAA compliance requirements, then you may not use attachments to input and store protected health information. See Advanced Audit Trail and HIPAA compliance for more details. |
|
Intacct Collaborate |
Intacct Collaborate is a Salesforce integration designed to share information between the applications. Furthermore, the Collaborate feed isn't limited only to supplier, customer, and contact records, and information posted in a feed can appear in objects that aren't tracked by Advanced Audit Trail and to which many people might have access. Therefore, Advanced Audit Trail cannot track access to any personal data posted in Collaborate feeds. |
|
Sage Intacct Mateo |
Since Sage Intacct Mateo is a separate Sage Intacct module, Advanced Audit Trail cannot track access to customer or supplier records that are shared with Sage Intacct Mateo. |
|
Sage Intacct Planning |
Since Sage Intacct Planning is a separate Sage Intacct module, Advanced Audit Trail cannot track access to customer or supplier records that are shared with Sage Intacct Planning. |
Special behavior in Advanced Audit Trail companies
You may notice some new, special behavior in your company after you subscribe to Advanced Audit Trail. These changes are meant to optimize both the performance of Sage Intacct and the usability of the Advanced Audit History report.
-
All dropdown lists, selection pop-up lists, and list pages for the Contact, Customer, Supplier, Employee, and Projects objects only show 10 records at a time for all companies subscribed to Advanced Audit Trail to optimize performance of Sage Intacct and to reduce the number of false positives and thereby increase the usability and accuracy of the Advanced Audit History report.
Your company may be using custom applications, integrations, or list views which display more than 10 contacts, suppliers, or customers at a time. In these cases, the maximum limit is 100, depending on the settings of the customization.
- The Advanced Audit History report takes a long time to load because of the amount of data it tracks. Filter the report to receive quicker results. See Create the Advanced Audit History report for more detailed information.
- The default API record readByQuery is reduced from 100 to 10.
Furthermore, because use of this feature may impact your contract with Sage Intacct, you cannot subscribe or unsubscribe to Advanced Audit Trail on your own. Instead, call your account manager to manage your subscription to Advanced Audit Trail.
Lastly, running the Advanced Audit History report generates an additional access record for each access entry you view on the report. This means that if your first Advanced Audit History report showed 2000 entries and you run it again immediately after, it will show 4000 entries the second time because you technically accessed the Advanced Audit History report. These additional entries can cause your report to load slowly.
For this reason, we recommend the following:
- Only run the Advanced Audit History report only when required
- When you run the Advanced Audit History report, filter out the Advanced Audit History action type.
Frequently asked questions (FAQs)
| Question | Answer |
|---|---|
|
Does subscribing to Advanced Audit Trail make my company HIPAA-compliant? |
If your company needs to comply with HIPAA, there are additional requirements for the Advanced Audit Trail. See Advanced Audit Trail and HIPAA compliance for more details. |
|
What does it mean if a record was accessed? |
If a record was accessed, it means a user saw some or all of the information held in the object record. For instance, if a user is entering AR sales invoices for patients and chooses a patient record (supplier, customer, or contact) from a dropdown list, then an access is logged for each patient record that appears in the dropdown list. |
|
How many years of data do you store? |
Intacct stores up to six years of Advanced Audit Trail data. |
|
Why are false positives generated? |
Because Intacct is optimized for performance, data automatically loads on some records and transactions, regardless if the user has purposefully accessed the data. We log these entries since we cannot be sure whether the data was accessed or not. Most notably, since a number of transactions and records are connected to the contact object, such as user and employee, additional Advanced Audit Trail entries may be logged on your report when these records and transactions are accessed. We plan on reducing the number of false positive entries in the future. |
|
Why doesn't the report show me all the personal data accessed in a record? |
Since customer, supplier, and contact records contain many fields of personal data, the report would be too cluttered and unreadable if we included all record information as well. Instead, use the record URL column to navigate to the specific record accessed and check the audit trail for that record to determine which information was viewed during the access. |
|
What happens to my data if I unsubscribe? |
If you unsubscribe to Advanced Audit Trail, all data that Intacct has tracked thus far is stored. However, you will not be able to access this data as the Advanced Audit History data object will no longer be available to you in the custom report writer. Furthermore, Sage Intacct will no longer track any further access to personal data in the customer, supplier, and contact objects if you unsubscribe. |
|
How do I access the Advanced Audit History report? |
The Advanced Audit History report is a custom report you build yourself. See Create the Advanced Audit History report for more detailed information. |
|
What do I do if a data breach occurs? |
Run the Advanced Audit History report and Audit History report to analyze access to your system. If you need additional help, contact your account manager. |
