Skip to main content

Audit & Compliance

Configure compliance rules and audit settings to meet regulatory requirements and maintain audit trails.
Scope: Tenant-scoped; requires org admin permissions
Availability: Not available in SuperAdmin

Understanding Audit & Compliance

Compliance Rules

Compliance rules define requirements for:
  • Data Retention: How long to retain data
  • Access Control: Who can access what data
  • Audit Logging: What to log
  • Privacy: Privacy requirements (GDPR, etc.)
  • Security: Security requirements (SOC 2, etc.)
Customization Tier: TENANT_DEFINED (you define all compliance rules)

Audit Configuration

Audit settings control:
  • Audit Logging: What actions to log
  • Audit Retention: How long to retain audit logs
  • Audit Access: Who can access audit logs
  • Audit Export: How to export audit logs
Customization Tier: TEMPLATED_OVERRIDE (pack may provide defaults, you can override)

Reason Codes, Hold Codes, Disposition Codes

Codes for categorizing operations: Reason Codes: TEMPLATED_OVERRIDE
  • Pack provides reason code templates
  • You can override or create custom codes
Hold Codes: TEMPLATED_OVERRIDE
  • Pack provides hold code templates
  • You can override or create custom codes
Disposition Codes: TEMPLATED_OVERRIDE
  • Pack provides disposition code templates
  • You can override or create custom codes

Compliance Rules

Creating Compliance Rules

  1. Navigate to AdminAudit & ComplianceCompliance Rules
  2. Click Create Compliance Rule
  3. Configure:
    • Name: Rule name
    • Description: Rule description
    • Category: DATA_RETENTION, ACCESS_CONTROL, AUDIT, PRIVACY, SECURITY
    • Severity: CRITICAL, HIGH, MEDIUM, LOW
    • Framework: Regulatory framework (GDPR, SOC 2, HIPAA, etc.)
    • Requirements: Rule requirements
    • Enabled: Enable/disable rule
  4. Save compliance rule

Compliance Rule Categories

DATA_RETENTION: Data retention requirements
  • Retention periods
  • Data deletion policies
  • Archive policies
ACCESS_CONTROL: Access control requirements
  • Role-based access
  • Location-based access
  • Time-based access
AUDIT: Audit requirements
  • Audit logging
  • Audit retention
  • Audit access
PRIVACY: Privacy requirements
  • GDPR compliance
  • Data privacy
  • Consent management
SECURITY: Security requirements
  • SOC 2 compliance
  • Security controls
  • Encryption requirements

Compliance Rule Status

Monitor compliance rule status:
  • COMPLIANT: Rule is being followed
  • NON_COMPLIANT: Rule is not being followed
  • PENDING_REVIEW: Rule needs review
  • NOT_APPLICABLE: Rule doesn’t apply

Audit Configuration

Configuring Audit Logging

  1. Navigate to AdminAudit & ComplianceAudit Configuration
  2. Configure audit settings:
    • Enable Audit Logging: Enable/disable audit logging
    • Log Actions: Select actions to log (CREATE, UPDATE, DELETE, APPROVE, REJECT, etc.)
    • Log Users: Log user actions
    • Log System: Log system actions
    • Log API: Log API actions
  3. Save audit configuration

Audit Log Retention

Configure audit log retention:
  • Retention Period: How long to retain audit logs (days)
  • Archive Policy: Archive policy for old logs
  • Export Policy: Export policy for compliance

Audit Log Access

Configure who can access audit logs:
  • View Permissions: Who can view audit logs
  • Export Permissions: Who can export audit logs
  • Access Logging: Log access to audit logs

Reason Codes

Understanding Reason Codes

Reason codes categorize operations (adjustments, movements, etc.). Customization Tier: TEMPLATED_OVERRIDE
  • Pack provides reason code templates
  • You can override or create custom codes

Creating Reason Codes

  1. Navigate to AdminAudit & ComplianceReason Codes
  2. Click Create Reason Code
  3. Configure:
    • Code: Reason code identifier
    • Name: Reason code name
    • Description: Reason code description
    • Category: Reason category
    • Active: Enable/disable reason code
  4. Save reason code

Using Pack Templates

  1. View pack-provided reason code templates
  2. Healthcare Pack Examples:
    • PATIENT_DISPENSE
    • EXPIRED
    • DAMAGE
    • RECALL
  3. Retail Pack Examples:
    • SHRINK
    • CUSTOMER_RETURN
    • DAMAGE
    • THEFT
  4. Use templates as-is or override

Hold Codes

Understanding Hold Codes

Hold codes categorize why inventory is on hold. Customization Tier: TEMPLATED_OVERRIDE
  • Pack provides hold code templates
  • You can override or create custom codes

Creating Hold Codes

  1. Navigate to AdminAudit & ComplianceHold Codes
  2. Click Create Hold Code
  3. Configure:
    • Code: Hold code identifier
    • Name: Hold code name
    • Description: Hold code description
    • Category: Hold category
    • Active: Enable/disable hold code
  4. Save hold code

Using Pack Templates

  1. View pack-provided hold code templates
  2. Healthcare Pack Examples:
    • TEMP_EXCURSION
    • CONTAMINATION_RISK
    • RECALL_HOLD
  3. Retail Pack Examples:
    • DAMAGE_HOLD
    • QUALITY_HOLD
  4. Use templates as-is or override

Disposition Codes

Understanding Disposition Codes

Disposition codes categorize how inventory is disposed of. Customization Tier: TEMPLATED_OVERRIDE
  • Pack provides disposition code templates
  • You can override or create custom codes

Creating Disposition Codes

  1. Navigate to AdminAudit & ComplianceDisposition Codes
  2. Click Create Disposition Code
  3. Configure:
    • Code: Disposition code identifier
    • Name: Disposition code name
    • Description: Disposition code description
    • Category: Disposition category
    • Active: Enable/disable disposition code
  4. Save disposition code

Using Pack Templates

  1. View pack-provided disposition code templates
  2. Healthcare Pack Examples:
    • COMPOST
    • ANIMAL_FEED
    • DONATE
  3. Retail Pack Examples:
    • LIQUIDATE
    • DONATE
    • SCRAP
  4. Use templates as-is or override

Audit Logs

Viewing Audit Logs

  1. Navigate to AdminAudit & ComplianceAudit Logs
  2. Filter audit logs by:
    • User: Filter by user
    • Action: Filter by action (CREATE, UPDATE, DELETE, etc.)
    • Resource: Filter by resource type
    • Time Period: Filter by date range
  3. View audit log details

Audit Log Details

Each audit log entry includes:
  • User: Who performed the action
  • Action: What action was performed
  • Resource: What resource was affected
  • Timestamp: When the action occurred
  • Details: Additional details about the action
  • IP Address: IP address of user
  • User Agent: Browser/client information

Exporting Audit Logs

  1. Filter audit logs as needed
  2. Click Export
  3. Select export format (CSV, JSON)
  4. Download audit log export

What Success Looks Like

Compliance Success

  • ✅ Compliance rules properly configured
  • ✅ Compliance status monitored
  • ✅ Compliance requirements met
  • ✅ Compliance reports available
  • ✅ Compliance documentation complete

Audit Success

  • ✅ Audit logging enabled and working
  • ✅ Audit logs retained per requirements
  • ✅ Audit log access controlled
  • ✅ Audit logs exported for compliance
  • ✅ Audit trail complete

Common Pitfalls

1. Not Configuring Audit Logging

Problem: Not enabling audit logging or not logging required actions. Solution: Configure audit logging:
  • Enable audit logging
  • Log all required actions
  • Configure retention periods
  • Set up export processes
How to avoid: Make audit configuration part of initial setup.

2. Not Using Reason/Hold/Disposition Codes

Problem: Operations performed without proper codes. Solution: Use codes consistently:
  • Require codes for operations
  • Train users on code usage
  • Review code usage regularly
  • Update codes as needed
How to avoid: Make codes required in workflows.

3. Not Monitoring Compliance Status

Problem: Compliance rules configured but not monitored. Solution: Monitor compliance status:
  • Review compliance status regularly
  • Address non-compliance issues
  • Update compliance rules as needed
  • Document compliance activities
How to avoid: Make compliance monitoring part of regular admin tasks.

4. Not Retaining Audit Logs Long Enough

Problem: Audit logs deleted before retention period. Solution: Configure proper retention:
  • Set retention periods per requirements
  • Archive old logs instead of deleting
  • Export logs for long-term storage
  • Review retention policies regularly
How to avoid: Review retention requirements before configuring.

Troubleshooting

Audit Logs Not Recording

Symptoms: Actions occurring but not recorded in audit logs. Possible causes:
  1. Audit logging not enabled
  2. Action not configured to log
  3. System error
  4. Permissions issue
Steps to resolve:
  1. Verify audit logging is enabled
  2. Check action is configured to log
  3. Review system logs for errors
  4. Check user permissions
  5. Contact support if issue persists

Compliance Rule Not Working

Symptoms: Compliance rule configured but not enforcing requirements. Possible causes:
  1. Rule not enabled
  2. Rule configuration incorrect
  3. System not enforcing rule
  4. Rule dependency issue
Steps to resolve:
  1. Verify rule is enabled
  2. Review rule configuration
  3. Check system enforcement
  4. Review rule dependencies
  5. Test rule functionality

Reason Codes Not Available

Symptoms: Reason codes not showing in operations. Possible causes:
  1. Reason codes not created
  2. Reason codes not active
  3. Permissions issue
  4. Filter hiding codes
Steps to resolve:
  1. Verify reason codes are created
  2. Check reason codes are active
  3. Verify user permissions
  4. Remove filters

Permissions & Roles

Configuring compliance and audit settings requires tenant admin permissions. Compliance configurations affect regulatory compliance. All compliance and audit configurations are tenant-scoped and not available in SuperAdmin.