The Road to SOX Compliance With Audit Trail

By Apurva Desai May 26, 2020

In our Zuora Central Platform Series, we are excited to share with you the new functionality and how it’s being leveraged across subscription businesses.

The subscription economy has taken off and with it so have the demands on subscriptions businesses to meet strict compliance, privacy, and security requirements.

Whether you’re a public or private company, small business or large enterprise, it’s a big task to keep control over your business to ensure compliance with the highest standards.

As a financial system trusted by CFOs, Zuora is committed to ensuring that compliance audits are effortless for customers so they can grow their businesses worry free. The addition of Audit Trail gives customers a powerful tool to effortlessly demonstrate compliance with SOX regulations by automatically and reliably tracking key system activities such as Login History and changes to Financial Settings and User Management. With Zuora, subscription companies operate their businesses knowing they are compliant with all regulations including: SOX, GDPR, CCPA, PCI, ASC606, SCA, CIT/MIA, Visa/MasterCard/Discover Mandates and more.

Audit Trail was a top voted feature in our Community Forum and has been highly anticipated by Zuora customers for several reasons, SOX Compliance being chief among them. Therefore, we chose to start our Audit Trail journey by focusing specifically on tracking changes with the most financial impact. To prioritize the set of changes in Zuora we hosted a panel of experts including independent auditors, internal and external compliance SMEs, and customer advisors. Based on their feedback and validation from our Zuora Community, we continued our Audit Trail journey and implemented a new microservice for managing audit events in the system.

Let’s take a look at how businesses are leveraging Data Query along with Audit Trail to generate reports for tracking changes across three major areas:

  • Financial Settings: Financial setting reports track changes made to 16 financially impacting settings in Zuora. The full list of settings is available in our Knowledge Center. These reports track the old and new values any time a financial setting is changed.
  •  

  • Login History: Login history reports show a record of all login attempts made by Zuora users for that tenant. It captures information including: Username, Login Method, Time Stamp, IP Address, Successful vs. Failed Logins, Browser vs. API Logins, and more.
  •  

  • User Management: User management reports track all changes made to User, Roles, and Permissions. On the User level, the Audit Logs track any time a user is created, activated or deactivated, makes updates to profile information, resets their password, creates/deletes OAuth Clients, or changes Roles. On the Roles and Permissions level, the Audit Logs track any time a role is created or deleted and when permissions are enabled or disabled for a role.

All of these reports capture who did what and when in Zuora. Administrators can use these reports for many reasons, such as tracking users compliance with SSO login policies or integrations that are using old versions of APIs. Most importantly these reports can be provided to auditors to demonstrate compliance with SOX regulations.

We are continuing to expand our audit footprint to cover all financial changes in Zuora in subsequent releases. By extending the functionality of the Zuora Central Platform we are providing our customers with a solid technology foundation so they have the agility to extend subscription management capabilities at scale.

Check out other blogs from our Zuora Central Platform Series: Custom Objects, Data Query, and Zuora Central Sandbox, and read our latest Zuora Central Platform press release here.