SOC Audit Reports For Sage 100

May 5, 2023 by Wayne Schulz

SOC (System and Organization Controls) reports are standards established by the American Institute of Certified Public Accountants (AICPA) to evaluate the effectiveness of internal controls over the financial reporting of service organizations.

These reports help service organizations to demonstrate their commitment to security, availability, processing integrity, confidentiality, and privacy to their clients and other stakeholders. The report is intended for users who rely on the services provided by the service organization, such as customers, auditors, regulators, and other stakeholders.

Not all organizations require SOC reports, but they are particularly relevant for companies that provide services critical to their customers’ operations, especially those that handle sensitive or confidential data.

When Is SOC Reporting Required?

A SOC (System and Organization Controls) report may be required when a service organization provides services that are critical to its customers’ operations, particularly when those services involve the handling of sensitive or confidential data.

Such services include data hosting, cloud computing, payroll processing, and healthcare claims processing. In many cases, the service organization’s customers may request a SOC report to assure that the organization has appropriate controls to protect their data’s security, availability, processing integrity, confidentiality, and privacy.

Additionally, regulatory requirements or contractual obligations may also require a SOC report. Ultimately, the decision to obtain a SOC report will depend on the specific circumstances of the service organization and its customers.

What Are The Different Types of SOC Reports?

There are three types of SOC reports:

SOC 1

A SOC 1 report, also known as an attestation report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, is a type of audit report that assures the design and operating effectiveness of internal controls over financial reporting. SOC 1 reports are typically used by financial institutions and other organizations that are required to comply with specific regulations, such as the Sarbanes-Oxley Act of 2002.

SOC 2

A SOC 2 report, also known as an attestation report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, is a type of audit report that assures the design and operating effectiveness of internal controls over one or more of the following trust service principles: security, availability, processing integrity, confidentiality, or privacy. SOC 2 reports are typically used by organizations that need to demonstrate to their customers, partners, or other stakeholders that they have implemented effective security controls.

SOC 3

A SOC 3 report, also known as a management report on controls at a service organization, is a type of audit report that provides a high-level overview of the design and operating effectiveness of internal controls over one or more of the following trust service principles: security, availability, processing integrity, confidentiality, or privacy. SOC 3 reports are typically used by organizations that want to share their security posture with their customers, partners, or other stakeholders.

SOC reports can be a valuable tool for companies that outsource services. They can help ensure that the service organization has adequate controls to protect the company’s data and assets.

Is a SOC Report Available for Sage 100?

According to this knowledgebase article created by Sage on June 14, 2022 (updated March 9, 2023), a SOC report is not required for Sage 100 since “Sage 100 is on-premise software where we do not conduct SOC audits.”

The article elaborates as follows:

Available SOC reports (along with applicable bridge letters). [Not applicable, as Sage 100 is on-premise software where we do not conduct SOC audits].
Audited Financials and, if applicable, bridge letter. [As a publicly-traded company, customers may review the financial information we make available on our investor webpage at https://www.sage.com/investors/financial-information/]
Privacy Policy [Our privacy policy can be found at https://www.sage.com/en-us/legal/privacy-and-cookies/]
Terms of Service [The end user license agreement governing a customer’s purchase of Sage 100 can be found at https://www.sage.com/en-us/legal/terms/]
Business Continuity Plan/Test Results [Not applicable to on-premise software where we do not have access to a customer’s data]
Copy of Information Security Policy [Not applicable to on-premise software where we do not have access to a customer’s data]

Sage 100 Paperless Email Electronic Delivery Failing With Rackspace

November 8, 2022 by Wayne Schulz

We have had two of our customers – both using Rackspace – secure.emailsrvr.com – call to report Sage 100 Paperless Email errors. In both cases they suddenly couldn’t use electronic delivery to send Sage 100 paperless office forms.

Fortunately there is a fast fix which you can perform yourself to completely resolve this problem.

A paperless email error mean that critical forms such as sales orders, invoices, purchase orders and payroll stubs suddenly stop going out over the company’s SMTP email connection.

The first (and most common) cause of this type of error is a login password that was changed for the account used to send email in Sage 100.

If you can verify that no account password changes have happened then the resolution might be the same one that I found worked for both of these customers.

The Sage 100 Paperless Email Error Message

In all cases when Sage 100 cannot send an email it will generate a very lengthy and somewhat confusing error message. The error message may look similar to below.

If you are using secure.emailsrvr.com as your SMTP outgoing email connection and your error matches the one shown below then there’s a good chance this fix will resolve your issue.

Here’s the error which both my customers received. I’ve removed only the smtp_user: field and replaced it with [email address here]. In actuality your error message will include the name of the email account being used to send mail.

Unable to login to SMTP connection.
ChilkatLog:
VerifySmtpLogin:
DllDate: Jan 19 2012
UnlockPrefix: SBestSoftMAILQ
Username: RECOS02:Accountant
Architecture: Little Endian; 32-bit
Language: ActiveX
Need new SMTP connection
checkForExistingConnection: Elapsed time: 0 millisec
SMTP_Connect:
Connecting to SMTP server secure.emailsrvr.com:25
smtp_host: secure.emailsrvr.com
smtp_port: 25
smtp_user: [email address here]
ConnectTimeoutMs_1: 30000
calling ConnectSocket2
IPV6 enabled connect with NO heartbeat.
connectingTo: secure.emailsrvr.com
dnsCacheLookup: secure.emailsrvr.com
dnsCacheHit: 173.203.187.10
GetHostByNameHB_ipv4: Elapsed time: 0 millisec
maxTimeMs_connect: 30000
myIP_1: 210.105.50.10
myPort_1: 50785
connect successful (1)
socketConnect: Elapsed time: 31 millisec
InitialResponse: 220 smtp5.relay.iad3a.emailsrvr.com ESMTP – VA Code Section 18.2-152.3:1 forbids use of this system for unsolicited bulk electronic mail (Spam)

initialResponse: Elapsed time: 47 millisec
sendingHello: EHLO RECOS02

sendEhlo: Elapsed time: 0 millisec
helloResponse: 250-smtp5.relay.iad3a.emailsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME

helloResponse: Elapsed time: 31 millisec
login_method: LOGIN
535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
Failed to get response to login password
ConnectionLog:
220 smtp5.relay.iad3a.emailsrvr.com ESMTP – VA Code Section 18.2-152.3:1 forbids use of this system for unsolicited bulk electronic mail (Spam)
EHLO RECOS02
250-smtp5.relay.iad3a.emailsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
YWNjb3VudGluZ0ByZWVzZWNvLmNvbQ==
334 UGFzc3dvcmQ6
PlVtPDJnNVo=
535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6

–ConnectionLog
Failed to login using LOGIN method
–SMTP_Connect
Failed to connect to SMTP server.
Failed.
–VerifySmtpLogin
–ChilkatLog

What Worked To Resolve This Paperless Office Email Error

In both cases the fix was the very same. And it had nothing to do with a changed email password. For some reason we had to change one parameter in the Library Master – Company Maintenance screen.

In the field marked SMTP Encryption I changed the value from NONE to TLS/STARTTLS and then tested the email ( use the “Test E-Mail” button in the lower right corner) and found the issue was resolved.

For SMTP Encryption, the following is an explanation of the encryption each option would use between the SMTP client and SMTP server when sending e-mail.

None – Select this for no encryption. This is traditionally offered on port ID 25

SSL – Also known as Implicit SSL, select this to encrypt the communication for the entire session. This is normally offered on port ID 465

Note: SSL is a deprecated standard. It has been replaced by TLS.

TSL/Start TSL – Also known as Explicit SSL, select this to begin the communication unencrypted, then later when the client issues a STARTTLS command, communication will be encrypted for authenticating and sending the e-mail. This can be offered on a variety of ports including port ID 25, 443, or 587

Important Note: The e-mail engine used in Sage 100 2018 and Sage 100 2017 and lower use TLS 1.0. TLS (Transport Layer Security) is a cryptographic security protocol designed to provide communications security over a computer network and over the Internet. TLS 1.0 and 1.1 standards is deprecated due to known security issues. Major providers such as Apple, Google, Microsoft, Cisco, etc. have either already discontinued use in favor of current TLS 1.2 standards, or have plans to do so in the immediate future.

If the above doesn’t work – and you are using the same smtp.emailsrvr.com as the example – then try re-entering the password for the email account and test your email again.

If that still doesn’t work then you should consult your Sage partner to see if you may need to upgrade your Sage 100 to meet TLS 1.2 requirements which some email providers have been implementing.

If you found this information helpful and would like to receive timely Sage 100 news on a weekly basis – you become a member of my Sage 100 email newsletter. This newsletter goes out Thursday with tips and news related to Sage 100 ( formerly MAS 90 ).

What Are My Sage 100 Mobile Sales Options?

November 2, 2022 by Wayne Schulz

Recently we had a customer ask us what their options were to take Sage 100 on the road with their salespeople. They were interested in writing orders from trade shows and customer on-site visits and wondered whether there was something that might integrate with Sage 100 to allow for mobile use?

Thankfully there are a number of options available. Some of these integrations have been around for many years and are well tested by other Sage 100 users.

Sage 100 Mobile Sales: xkzero iSales 100

xkzero – iSales 100

Phone: 847-416-2009

Santos Rodriguez – srodriguez@xkzero.com

Site: https://www.xkzero.com/mobile-sales/isales-100-versions-pricing/

Three versions (as of 11/1/2022:

Initial setup fee – which varies by edition – also applies.

Inquiry Edition – $499/mo
Business Edition – $599/mo
Enterprise Edition – $899/mo

xkzero also offers solutions for DSD ( Direct Store Delivery ), Route Sales, Route Optimization, Proof of Delivery, Pre Sales, Getx search for Sage 100, and iSales 100 which is their mobile sales app for wholesale distributors using Sage 100 who need to take mobile orders.

Sage 100 Mobile Sales: ScanForce

Phone: 800-219-5152

Steve Showalter – steve@scanforce.com

Site: sage-100-mobile-sales

ScanForce provides a whole host of warehouse management integrations for distributors. They also offer a mobile sales application which works either connected to the Internet or completely untethered.

Customer Sales Portal: cimcloud

Phone: 800-266-3579

Jack Evans – jack.p.evans@cimcloud.com

Site: https://www.cimcloud.com/pricing

Web based integration to Sage 100. These are largely B2B though some sites may be geared more toward B2C. This is not necessarily an app but you can have them create a customer facing web portal which can be used for taking orders.

Pricing:

Initial fee
Monthly fee
Upgrade fee

Roll your Own Integration: ROI Consulting

Phone: 402-934-2223

Ruth Richter – ruthrichter@roi-consulting.com

Site – http://www.roi-consulting.com

For a customer who already has a sales entry program and wants to synchronize their Sage 100 data such as inventory and orders back to Sage 100. ROI Consulting are one of the top developers of synchronization tools.

The Future of Sage 100 Is In The Cloud

July 14, 2022 by Wayne Schulz

Hi, I’m Wayne Schulz, a Sage 100 ERP consultant who has been working with Sage 100 since the early 1990s. You may actually remember the software as MAS 90.

I also run a Sage 100 email newsletter – Schulz Says – that I’ve been sending to 1300 people every Thursday for the past 10 years. The newsletter covers all sorts of topics on Sage 100 accounting software, best practices, tips, tricks, news, upcoming releases and that type of stuff.

Gary and I sat down during the Meeting of the Minds conference in Newport Beach, CA and talked briefly about the process that his company – Summit Hosting – takes to ease the transition for Sage 100 users from on-premises to cloud hosted accounting.

I’ve known Gary for over 15 years and he was one of the first consultants to work with Sage to host what was then known as MAS 90 in a cloud environment.

Over the last few years hosting has greatly expanded in availability. Summit Hosting now offers hosting for not only Sage 100 but Sage 50 ( formerly Peachtree), Sage 100 Contractor, Sage 300, Sage 300 CRE ( formerly Timberline ), Sage 500, Sage Enterprise Management ( X3 ), Sage BusinessWorks, Sage CRM, Sage Fixed Assets and Sage HRMS.

One important distinction is that Sage doesn’t directly host most of their applications.

Instead, they rely on a network of consulting firms with experience in cloud hosting to provide the hosting for not only the accounting applications but also third-party applications such as Office 365, etc.

Meet My Cloud Guru: Gary Feldman

Gary is the cloud evangelist at Summit Hosting. He’s been working with sage 100 Since the 80s and hosting sage 100 since 1999. His company, Summit Hosting, provides a Secure Workspace to offer Sage 100 cloud hosting.

Tip: While you can run Sage 100 on many different platforms – including AWS, Azure, Partner Cloud, and Remote Desktop ( RDP ) – you’ll want whichever way you chose to access Sage 100 remotely to be secure from unauthorized access.

How Tough Is It To Move Sage 100 To The Cloud?

One question I’m asked quite a bit which may be of interest to you is – how exactly do we move Sage 100 from my on-premises server to the cloud. Can I move to the cloud if I have third-party integrations? What limitations would I face moving to the cloud?

To that I end I asked Gary Feldman to elaborate on how many of these types of Sage 100 to Cloud migrations he has done in his career?

Gary’s reponse – around 500 migrations of Sage 100 on-premises to cloud hosted.

Okay, what obviously, it’s 100 customer, and I’ve got 15 users, right? That’s probably pretty difficult. I’ve got wholesale distribution, I’ve got some of the warehouse management stuff, I’ve got shipping, I come to you and I say, hey, look, I want to go on prem, I’m tired of managing my own servers, I want to go to the cloud, Reader’s Digest version. What’s that process like?

Migrating Sage 100 to Cloud: The Details

Well, the first thing is the contracting. Once you get the contract, and that usually is very quickly, we can spin up a server in a day.

Not everyone moves as quickly as a day. However, for purposes of conversation, the migration of your Sage 100 from an existing on premises server to a cloud host should be closer to a day than a month.

In detail, typically, what happens is you zip up ( compress ) your MAS90 or Sage 100 folder. Then you send it securely to us, usually via a file transfer system we have set up to make it fast.

And then we we install the Sage 100 version specific to your company. A lot of people use the cloud migration as an upgrade opportunity.

However, we’ve had to deal with some emergency situations such as the company was hacked on Friday, they had a backup, they send it to us, we get them up and running, they’re running on Monday.

Typically, what I would suggest to people is that, especially if they have the third party applications, that they do some testing, you know, and usually it’s, it’s no more than a day’s worth of testing to and through those major processes that you do.

Even things like content chat, you know, a check is is subject to the printer driver, right? If you go from a laptop to a server, it’s a different operating system, the printer driver might not work. But typically you zip it up, you send it up there. And in a couple of days, it works.

If you have a really large environment,let’s say a SQL Sage 100 Premium environment and you have a lot of users, we frequently recommend you do a stress test.

Sage 100 on SQL ( Premium ) Without Setup Hassles

Okay, so here’s a good question. Because I think premium is the best version of Sage 100.

Benefits of Sage 100 Premium ( SQL )

Data security controlled by SQL
Migrates your existing Sage 100 data automatically
Integrates to almost all third-party solutions that Sage 100 works with
Faster external access to and reporting on SQL tables
Generally easier for external IT teams to access data files in a familiar SQL environment
Sage no longer charges extra for Premium provided you active on subscription

Note: For more details on the pros/cons of Sage 100 Premium review my free Sage 100 Premium FAQ ( Google Doc – NO REGISTRATION ). I keep this as a Google Doc so that as I continue to make updates you’ll always have the latest version at the link above.

Hosting your Sage 100 in a cloud environment will rarely involve giving up access to third-party solutions. Popular integrations like Starship, ScanForce, DataSelf, Scanco, MAPADOC will all work in both an on-premises and cloud based environment. And upgrades are actually easier in the cloud because you have control over all the workstations during the upgrade – so no more running workstation to workstation having to run wksetup repeatedly.

Premium is Sage 100 running on a SQL database. That means the tables are secured by SQL security which larger companies almost always insist on for keeping data private and secure.

In my experience Sage 100 on SQL equals less corruption. However, one issue with SQL setup and configuration is many customers don’t know how to set up or maintain Microsoft SQL.

It can be much simpler to offload MS SQL setup, configuration, maintenance and licensing to a third-party cloud host.

Predictable Monthly Cost

And with cloud hosting that’s all done for you through monthly subscription pricing.

SQL also creates so many more opportunities, not just from a reporting perspective. But for people who are, if you’ve got a partner who has a good development partner, you can do so much with triggers or with with stored procedures with other stuff to make more automation within your software as well. So it’s just it’s just a better database.

And the nice thing with Sage 100, in almost all cases the third-party integrations which are working with on-premises Sage 100 Standard or Advances work just fine with Sage 100 Premium in the cloud using SQL.

In additon to better security you’ll have better tools for backups. If you are high volume transaction processor in SQL, you can do backups during the day. So you don’t have a recovery point of yesterday, you can have recovery points during the day as well.

How To You Setup Your Sage 100 Users In The Cloud?

At Summit Hosting we take a spreadsheet of all your users, load that into Microsoft Active Directory, and then the users receive an email with instructions on how to login and setup their desktops. Depending on the situation we might have a remote training session or two as well.

To keep all your remote users secure we have this new tool called True Grid which creates like a VPN tunnel. It also allows for multi factor authentication, which is another great security feature so that you and only you can log into it.

With multi-factor authentication we are sending you a code onto your smartphone. And what’s even better about that is that everybody doesn’t have to have it. Because you know, you have different people with different levels, even though I would highly, highly, highly recommend multi-factor ( aka MFA ). That’s the way of the future. If you do any online banking, you have to do this stuff all the time anyway. But that’s how you can also get administrative rights on the server.

We have a frequently asked questions pages, all that kind of information available for you including detailed instructions along with step by step with pictures and a whole lot of customers,

Bad Internet Connections Typically Not A Factor

One of the objections to access your Sage 100 remotely in the cloud is that one or more of your people have a bad internet or internet goes down. In reality we’ve found that most Internet is pretty table so it’s not much of a factor anymore.

The way you connect using Terminal Server consumes such a small amount of data. You’re not sending all of your data over the Internet, you’re just sending keystrokes and mouse clicks, and we’re just sending you pictures of the screen. So there isn’t significant amounts of data going over the internet, which is also why it’s secure.

We’ve seen people try to roll their own cloud solution. In most cases it makes the most amount of sense to go with somebody who has done 500 of them. It makes things a lot easier. And in my view, the future of Sage 100 is remote connections to the cloud. Especially since Sage 100 runs just like it would on an on premise just a lot easier to set up configure insecure, and support.

Support. We have 24 by seven support 365 and the partners can get in anytime they need to do

The above is a transcript of a conversion with Gary Feldman from the May 2022 90 Minds Meeting. Portion have been edited for clarity. For more information about cloud hosting please reach out to Summit Hosting directly at sales@summithosting.com.

Is Sage 100 Compatible With Microsoft Windows Server 2022?

March 18, 2022 by Wayne Schulz

As of January 5, 2022, Windows Server 2022, Standard and Datacenter are supported for Sage 100 version 2019 through 2021. When Sage 100 2022 is released ( eta April 2022 ), we expect that Windows Server 2022 will be supported for that release as well.

A full set of supported platforms documents for supported versions of Sage 100 may be downloaded from here.