We rely on your external auditors SOC 1 report to provide our management and external auditors with assurance over the operating effectiveness of key controls at your organization that impact our financial reporting. We request that your future SOC 1 examinations include a control objective and related controls addressing the integrity and security of the underlying database audit trail (Statutory compliance, reference given below)

“Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014, amended via the Companies (Audit and Auditors) Amendment Rules, 2021, imposes explicit auditor reporting requirements on audit trail compliance for financial years commencing on or after April 1, 2023.”

Auditors need to verify that the database-level audit trail functionality is continuously enabled and actively monitored throughout the reporting period, and that its logs are protected from tampering or unauthorized alteration. Given that your team manages administrative access to the database environment, this control is a critical component of internal control over financial reporting (ICFR). It provides the foundational evidence that changes made directly at the database layer bypassing the application's native audit logs are themselves being logged and scrutinized. The inclusion of this objective in your SOC 1 report would directly address a key area of focus for all BC Users and provide with the necessary assurance to rely on the integrity of the financial data processed within the hosted environment.

We believe this enhancement would not only strengthen all BC users control environment but also serve as a significant value-add for all your clients who are subject to similar regulatory and audit requirements.

On behalf of all BC users, we hereby take an opportunity to give a descriptive understanding of audit trail importance as a part of statutory requirements and looking forward for the extended support in including the audit trail compliance at data base level in SOC 1 report.