10/13/2021

Are you a GovCon that utilizes spreadsheets or other antiquated software and struggles to stay DCAA-compliant? If you are already a NetSuite user, Daston’s DCAA-On-Demand SuiteApp for Oracle NetSuite ensures DCAA compliance right out of the box. While some of these compliance mechanisms come from behind-the-scenes steps that Daston builds into its solutions, others are inherent in NetSuite’s built-in reports and certifications that are available to all of Daston’s customers.

Some of these reports and certifications available to Daston clients on behalf of NetSuite, include:

  • Audited financial statements/SEC filings: As NetSuite was acquired by publicly traded Oracle Corporation in 2016, audited financial statements/SEC filings are available and required for investors to analyze Oracle’s viability and to assess its long-term sustainability and capabilities as a reliable cloud services provider.

  • ISO 27001 Certification: NetSuite, a cloud service provider serving both international and domestic customers, certifies against ISO27001, a standard that allows NetSuite to externalize confidentiality, availability, and security controls.

  • AICPA SSAE 18 TypeII/IA ASB ISAE 2402 (SOC1): Auditors often place importance on IT general controls reliance during financial reporting audits. A strong reliance approach may reduce your substantive testing requirements, which eases the burden of being audited. In support of financial audit requirements, NetSuite issues an independently-audited SOC 1 Type 2 report twice per year, which encompasses IT general controls within NetSuite’s control and outside of its customers’.

  • Service Organization Control 2 Type II (SOC2): NetSuite additionally issues a SOC 2 report, covering the confidentiality, security, and availability principles so that you can evaluate NetSuite’s controls as they relate to each principle.

  • Payment Card Industry Security Standard (PCI-DSS): Because NetSuite’s ERP and e-commerce applications enable you to transmit credit card data, NetSuite maintains PCI DSS certification as a Level 1 service provider, which is annually validated externally by a Qualified Service Assessor (QSA).

  • PA-DSS: NetSuite maintains QSA-certified Payment Applications Data Security Standard (PA-DSS) certification so that its payment applications support compliance with the PCI DSS. This allows NetSuite to provide secure payment applications if you wish to build this into your service, and it ensures NetSuite doesn’t store prohibited data, including full magnetic strips, PIN, or CVV2 data.

  • Privacy Certifications: Oracle Corporate has obtained EU-EEA-wide authorization for its Binding Corporate Rules for Processors from the European data protection authorities, which allows you to address any privacy and security requirements under the EU General Data Protection Regulation and other European data protection laws or regulations in the US/EEA, the UK, and Switzerland.

In order to work with the federal government in any capacity, DCAA compliance is non-negotiable. Be sure you partner with a company that ensures DCAA compliance and builds internal controls into its solutions. Being able to access third-party reports and certifications, such as the ones provided by NetSuite, allow you to stand behind your promises of security, confidentiality, integrity, and access when providing these reports.

Are you ready to make the jump from antiquated in-house accounting systems to an accounting solution that takes the hassle out of DCAA compliance? Click HERE to schedule a consultation and learn more!