Hi All. I am not sure where this falls in the channels, but what tools do folks use for SOX compliance and NetSuite for user access and SODs. Right now looking at Fastpath and Strongpoint.

I have used both Fastpath and Strongpoint (aka FloDocs) they are both good GRC tools. I have reversed engineered some of those reports and searches for 2019 Suiteworld session see the link below https://static.rainfocus.com/oracle/sw19/sess/1546631310573001gv1X/PDFPF%20/FIN1526SES_THURS_1553185241855001B1fO.pdf

Thanks for sharing. Did you like one over another for functionality and useability?

We looked into both FastPath and StrongPoint and went with SP. All FastPath does is import System Notes and roles and permissions into a SQL database and slap a front end UI on it. SP is integrated into NS and looks more "built-in". At the end of the day it's really a rules engine in real-time. In other words, once you've finished user access reviews and run SOD conflict rules, the engine takes care of monitoring and documenting those for you. With their SOD agent controls, you can create those mitigating controls using the agents.

Looked at both as well, ended up using FastPath. Did well for some of the admin reports that we weren’t “supposed” to run from within NetSuite so we couldn’t exclude ourselves as admins. Worked well for that. StrongPoint, as mentioned, is more “built-in” but in that same way it was way too much of a performance hit. We have too much data, it couldn’t handle it and slowed everything down to much when we tried a demo. Had to remove it.

There hasn't been a performance hit for us from StrongPoint so far but that's probably due to the premium tier that we are on.

Thank you all for the feedback. For those on both, did you hire a resources to manage this or another department handled the maintenance and implementation?