REL-2026-12-01

Firm submits new auditor, admin review, member number assignment, login activation. Visibility rules during draft/pending states.

Auditor-firm associations, active/inactive employments, visibility permissions, duplicate prevention, disassociation workflows.

Auditor submits individual audit activity records (dates, firm, country, standard). Progress tracking toward 20-day requirement. Date collision blocking, 5-year age limit, 10-day cap on second-party audits.

Firm supervisor approval workflow. Per-entry approve/reject. External delegate verification via unique links. Confidentiality masking for third-party audits.

Rules engine for automatic status transitions (e.g., unpaid fees -> lapsed, lapsed > 24 months -> expired). Daily/weekly cron jobs.

ASCA to CSCA transition upon Part 3 pass. Level assignment, certificate generation, digital ID updates.

Logic for membership lapse triggers (unpaid invoices, unsigned FOA, CPD non-compliance). Expiration after extended lapse period.

Checklist-based restoration (pay fees, sign FOA, complete CPD). Automated status update upon checklist completion.

Auditors submit CPD records (course, hours, date). Progress visualization toward annual requirement.

Firm supervisors review and approve auditor CPD submissions.

Firms submit courses for APSCA recognition. Admin review workflow. Public/private course designation. Badge generation upon approval.

Year-end compliance check. Status impacts (lapse trigger if non-compliant). CPD override for auditors who passed exams in current year.

Dashboards showing compliance rates, submissions pending review, auditor progress.

Creation of invoices for exams, membership, cancellation fees, etc. Line item management.

Stripe integration for credit card payments. Payment status tracking. Receipt generation.

Two-way sync of invoices, payments, and customer records with QuickBooks Online.

Firms report monthly audit totals and auto-generate their own invoices based on per-audit fee.

Flagging of unusual self-reported figures (e.g., significantly lower than historical average).

Firms pay lump sums; individual auditor fees draw down from credit balance.

Annual membership fee invoicing. Inactive member discounts. Fee waivers and adjustments.

Login flow, multi-factor authentication, password reset, session management.

Role definitions (Auditor, Firm Contact, Firm Supervisor, Admin, etc.). Permission matrices.

Users with multiple roles (e.g., auditor who is also firm contact). Role toggle within platform.

Dashboard routing based on active role. Homepage assignment per role.

Required fields enforcement (e.g., country of residence before exam scheduling). Profile completeness checks.

Active, suspended, terminated states. Status change workflows.

Auditor membership tiers and states (Provisional, Full, Lapsed, Expired).

Firm categorization (A/B/C). Category assignment and change logic.

Form of Acceptance, Code of Conduct, Confidentiality Framework. Signature tracking, expiration, renewal.

Yearly renewal workflow. FOA signature requirement. Fee generation. Status updates.

Self-service editing of firm details (logo, contact info, website, addresses).

View associated auditors. Manage employment relationships. Access restrictions on PII for active/disassociated auditors.

Programs/brands the firm is accredited for (SMETA, BSCI, Disney, etc.). Self-service updates.

Countries/regions where firm conducts audits. Self-service updates.

Auto-updating HTML embeds for public website (member firm lists, accredited programs).

Live views of key metrics (auditor counts by level/region, exam pass rates, CPD compliance).

Map-based displays of auditor capacity by country. Interactive filtering.

Admin ability to create ad-hoc reports from available data sets.

Connection to Metabase for advanced analytics and visualization.

Visual progress bars for audit log, CPD, certification journey. Color-coded status indicators.

Record of all status changes, data modifications, admin actions. Timestamp, user, before/after values.

Encryption at rest and in transit. Key management.

Retention policies by data category. Archival process. Secure deletion at end-of-life.

Automated backups. Disaster recovery procedures. Restore testing.

Security monitoring. Failed login detection. Breach response procedures.

SendGrid authentication. CNAME/SPF/DKIM configuration. Spam filter avoidance.

REST API for partners (Sedex, BSCI) to verify auditor/firm status in real-time. Replaces manual CSV uploads.

Data exchange with Learning Management System for exam scheduling, CPD course completion, training records.

Auto-updating public website content (member firm list, recognized training courses, certified auditors).

Knowledge base widget. Role-specific article display. Support ticket creation.

TBD - requires dedicated discovery. Placeholder epic for ethics case management workflows.

TBD - requires dedicated discovery. Placeholder epic for compliance data tracking workflows.