1. Account Administration
  2. Account Setup
  3. Centers Overview
  4. NetSuite 360
  5. Privacy and Compliance Dashboard
  6. Creating an Audit Report Request

Creating an Audit Report Request

To support your organization's compliance, risk management, and due diligence efforts, NetSuite provides you with access to a range of independent third-party audit and compliance reports. These reports offer formal assurance that NetSuite services meet established security, privacy, and industry standards.

You can create an audit report request from the Privacy and Compliance dashboard in NetSuite 360.

To create an audit report request:

  1. Log into your NetSuite account with a role that lets you access NetSuite 360.

  2. Click the Support tab.

  3. Click the NetSuite 360 link in the NetSuite 360 portlet.

  4. Click the Privacy and Compliance tab.

  5. Hover over the Privacy Compliance Request tab, and then select Audit Report Request. This opens the Audit Report Request List page.

  6. Click the New Audit Report Request button.

  7. From the Type of Firm list, select if your type of firm is public or private.

  8. In the Fiscal Year End (FYE) field, enter the date of your fiscal year end.

  9. In the Requester field, enter the full name of the requester of the report.

  10. In the Recipient Email field, enter the recipient email address.

  11. In the Report(s) Requested section, select which audit reports you want to request. You can select multiple reports from their respective lists. Ensure that you select the correct report for the coverage period the report is required.

  12. If you request a report from the Other PCI DSS Documents list, in the Describe why you need the other PCI DSS Documents Requested field, enter the reason for requesting the report.

  13. Click Save. You can see a list of your audit report requests on the Audit Report Request List page.

Supported audit reports

NetSuite supports the following audit reports:

  • SSAE 18 SOC 1 - Addresses internal controls over financial reporting.

  • SOC 2 - Provides assurance on a service organization's controls based on their compliance with AICPA's Trust Services Criteria.

  • PCI DSS (AoC) - Attestation of Compliance serves as a declaration of the results of the service provider's assesment with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS).

  • PCI-SSF (AoV) - Set of security standards established by the Payment Card Industry Security Standards Council (PCI SSC) to ensure software that handles payment data is developed and maintained securely. The Attestation of Validation (AoV) is an official document that certifies a software product has been independently evaluated and validated as compliant with PCI SSF requirements.

  • ISO 27001 - The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the security operations provided by the NetSuite Global Business Unit (NSGBU) of Oracle America, Inc. and its services, and in accordance with the statement of applicability (SOA), and aligned to meet the control implementation guidance and additional control set of ISO/IEC 27018:2019. The Statement of Applicability (SOA) is a component of NetSuite Global Business Unit's Information Security Management System (ISMS) that was audited and certified compliant with ISO 27001:2013 and aligned with ISO 27018:2019.

  • ISO 27018 - Provides independent verification that your personally identifiable information (PII) is managed and protected in accordance with internationally recognized privacy standards.

  • EU CoC - Provides transparency and assurance that NSGBU of Oracle America, Inc. meets GDPR obligations.

  • TX-RAMP level 1 - Certification required by the State of Texas for processing low-impact or non-confidential data on behalf of Texas state agencies.

  • HIPAA - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US regulation that mandates the privacy and security of protected health information (PHI). HIPAA Attestation is an assessment performed by a credible third-party to provide reasonable assurance that NSGBU's information security and privacy program conforms to the applicable implementation specifications within the HIPAA Security Rule, HIPAA Privacy Rule, and HITECH Breach Notification.

    Note:

    HIPAA report is only applicable if you've signed a Business Associate Agreement (BAA) and the HIPAA SKU is included in your order.

Related Topics

General Notices