Lesson 78 min

Security & Audit

Review audit logs, manage policies, secure your account.

Why Audit Logs Matter

Every action taken in FlexotiumPOS — every sale, product edit, price change, login, voided transaction, and AI recommendation accepted or rejected — is written to an immutable audit log. These logs are your primary defence in a compliance audit, a staff dispute, or a discrepancy investigation.

Accessing the Audit Log

Navigate to Settings → Audit Log. The default view shows the last 100 events across all users and modules.

Filtering

Use the filter bar to narrow down:

  • User — select a specific team member
  • Action type — e.g. sale_completed, product_edited, role_changed, login_failed
  • Module — POS, Inventory, Purchasing, AI, Settings
  • Date range — use the preset options (Today, This Week, This Month) or a custom range
  • Result — Success or Failure

Searching for login_failed across a date range is the fastest way to spot brute-force attempts or staff sharing credentials. If you see more than 5 failed logins from the same account within an hour, investigate immediately.

Reading a Log Entry

Each entry shows:

  • Timestamp (your time zone)
  • User and their role at the time of the action
  • Action — human-readable description
  • Target — the record affected (e.g. product ID, invoice number)
  • Before / After — the state of the record before and after the change
  • IP address — the device's IP
  • Session ID — links multiple actions to the same login session

Understanding Policy Governance

The AI Policy section (AI → Policy) controls what risk level of AI-recommended actions are auto-approved vs. sent for human review:

  • Low risk — approved automatically (e.g. "send low-stock notification")
  • Medium risk — queued for manager review within 24 hours
  • High risk — requires Owner approval before execution (e.g. "bulk-update all prices by 15%")

Review and adjust these thresholds at AI → Policy → Risk Thresholds. Most businesses start with the defaults and adjust after 30 days of operating.

Exporting an Audit Pack for Compliance

  1. Go to Settings → Audit Log → Export
  2. Select the date range relevant to your compliance period
  3. Choose format: CSV (for spreadsheet analysis) or PDF (for official submission)
  4. Optionally filter by module (e.g. Purchasing only for a supplier audit)
  5. Click Generate Export — the file is prepared and a download link emailed to you within minutes

Audit exports are signed with a checksum so recipients can verify they haven't been tampered with.

Two-Factor Authentication

2FA adds a critical second layer of security, especially for Owner accounts.

  1. Go to Settings → Security → Two-Factor Authentication
  2. Click Enable 2FA
  3. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password)
  4. Enter the 6-digit code from the app to verify setup
  5. Save your backup codes — store them in a password manager, not a sticky note

Require 2FA for all Owner and Manager accounts. You can enforce this at Settings → Security → Require 2FA for Roles. Staff who haven't set up 2FA will be prompted on their next login and cannot proceed until they complete it.

Reviewing AI Action History

All actions taken or recommended by the AI — including Copilot responses, automation executions, and forecasting actions — are logged under AI → Action History. You can see exactly what the AI did, why it did it (the trigger and confidence score), and whether a human approved or rejected it.

Next Steps

The final lesson in your Owner path covers Data Portability — how to export your full dataset, configure automated backups, and understand what data you own.

Previous
Integrations
Next
Data Portability