A tamper-evident audit trail and statutory log retention layer for ERPNext that captures every financial-document change and locks down edit-after-submit, so you satisfy auditor and regulator mandates. Built, installed, and supported by ECOSIRE after you request a quotation. Built to order by ECOSIRE for ERPNext v15, v16 — indicative price from $399.00 USD; request a quote for a scoped proposal.

A tamper-evident audit trail and statutory log retention layer for ERPNext that captures every financial-document change and locks down edit-after-submit, so you satisfy auditor and regulator mandates. Built, installed, and supported by ECOSIRE after you request a quotation.
No payment now. This sends a quote request to our team — we'll follow up by email with pricing and next steps.
Auditors and regulators increasingly demand an audit trail that cannot be quietly altered: every edit to a financial document must record who changed it, when, and what the value was before and after — and it must be impossible to switch that logging off. ERPNext core does track document Versions and a Deletion Log, and posted GL Entries are immutable while the ledger is closed, but the native behavior falls short of a defensible statutory trail: version history can be pruned, it is not retained under an enforced schedule, there is no single inspector-ready export mapped to a regulation like India's Companies (Accounts) Rule 3 or Germany's GoBD, and privileged roles can still cancel-and-amend submitted vouchers with little friction. When an auditor asks you to prove the log was always on and never tampered with, the out-of-the-box answer is uncomfortable.
`Audit Trail Log` DocType capturing user, server timestamp, DocType, document name, and field-level before/after values on every change
Hash-chained log entries (each row stores a digest of the prior row) so deletion or edit of any historical entry breaks the chain and is detectable
Capture enforced at the framework layer via `hooks.py` doc events — `on_update`, `on_submit`, `on_cancel`, `on_trash` — not a UI-only toggle
Targeted server scripts on financial DocTypes: `Journal Entry`, `Sales Invoice`, `Purchase Invoice`, `Payment Entry`, `GL Entry`, and custom vouchers
REST API and whitelisted-method writes hit the same server-side capture path as desk users — no integration bypass
`Retention Policy` DocType for configurable, per-record-class retention periods aligned to your statute (e.g., 8 years for Companies Act, 10 for GoBD)
ECOSIRE builds a proper Frappe app that closes that gap. We ship an Audit Trail Log DocType that captures a cryptographically chained record — each entry stores the actor (user), an application-server timestamp, the DocType and document name, the exact field-level before/after values, and a hash of the previous entry so any deletion or edit of a historical row breaks the chain and is detectable. Capture is wired through hooks.py document events (on_update, on_submit, on_cancel, on_trash) plus targeted server scripts on the financial DocTypes you care about — Journal Entry, Sales Invoice, Purchase Invoice, Payment Entry, GL Entry and any custom vouchers — so logging is enforced at the framework layer and cannot be bypassed from the UI or the REST API. Because it runs server-side on document events, an integration that writes through the Frappe REST API or a whitelisted method is captured on exactly the same code path as a desk user.
On top of capture we add the controls a compliance program actually needs. A configurable retention engine (driven by a Retention Policy DocType and a scheduler_events daily job) keeps logs for the statutory period you specify per record class and refuses early deletion. Edit-after-submit lockdown uses role profiles and permission rules plus server-side validation to remove or gate the cancel/amend path on posted vouchers, with an approval-and-reason workflow when a correction is genuinely required. And a whitelisted export method produces an inspector-ready audit report — filterable by date range, DocType, user, and document — as CSV/Excel or a signed PDF, so handing evidence to an auditor is one action rather than a data-extraction project.
Because this is build-to-order, we tailor the covered DocTypes, retention periods, and lockdown rules to your jurisdiction and chart of accounts rather than shipping a generic toggle. After you request a quotation we run a short scoping call, confirm the exact statutory requirement and DocType coverage in writing, then build and test the app on a staging bench against Frappe/ERPNext v15 or v16. Typical delivery is 2-4 weeks from confirmed scope. You get the installable source, a git repository handover, UAT sign-off on staging with a rollback plan, user training, and a post-go-live support window — no marketplace download, no fabricated benchmarks, just a maintainable app your auditors can trust.
Responsible for proving to auditors and regulators (India Companies Rule 3, GoBD, SOX-style controls) that the financial change log was always on and never altered. Needs enforced capture, a tamper-evident chain, and a one-action export for inspectors.
Owns the integrity of the GL and posted vouchers. Wants edit-after-submit locked down with an auditable correction workflow so period-end figures cannot be quietly amended, without slowing legitimate corrections to a halt.
Reviews ERPNext during statutory or year-end audits. Needs a read-only, filterable trail with before/after values and a signed export they can rely on as evidence, rather than piecing history together from raw Version records.
Maintains the ERPNext bench and integrations. Needs the audit layer to work at the framework level so REST API and scheduled writes are covered, with clean source, docs, and a git handover they can maintain after go-live.
Buy the license on ecosire.com and download the Document/Audit Trail & GL Immutability app ZIP from your account dashboard.
Extract the ZIP into your bench's apps folder, or run `bench get-app` with the path to the extracted app.
Run `bench --site SITE_NAME install-app APP_NAME` followed by `bench migrate` to install Document/Audit Trail & GL Immutability and apply its schema.
Open the ECOSIRE License settings on your site and activate your license key. Requires the free ecosire_connect and ecosire_license_client apps.
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| Tamper-evidence | Hash-chained log; broken chain is detectable | Depends on in-house design; often none | Usually plain change log, not chained | |
| Capture enforcement | Framework-level hooks + server scripts, REST-covered | Varies; UI-only paths often missed | Doc-event based but scope varies | |
| Statutory retention | Configurable per record class, deletion refused early | Hand-built if scoped at all | Rarely enforced, often manual | |
| Inspector export | Filtered CSV/Excel + signed PDF via whitelisted method | Built to order, extra effort | Basic report, rarely signed | |
| Edit-after-submit lockdown | Role + validate guards with approval/reason workflow | Possible but bespoke | Seldom addressed | |
| Regulation mapping | Built to your statute (Rule 3, GoBD, etc.) | Only what you specify | Generic, not jurisdiction-specific | |
| Version support & maintenance | v15/v16, git handover, support window | Your team maintains it | Vendor roadmap, possible lock-in | |
| Delivery model | Build-to-order, 2-4 weeks, UAT + rollback | Long in-house build cycle | Instant install, generic fit |
ERPNext tracks change history and deletions natively, but that history can be pruned, is not held under an enforced retention schedule, has no single regulation-mapped inspector export, and does not stop privileged users from cancel-and-amend on posted vouchers. We add a hash-chained tamper-evident log with enforced capture on financial DocTypes, configurable statutory retention, edit-after-submit lockdown, and a signed export — the parts an auditor actually asks for.
No — capture is wired through `hooks.py` document events and server scripts on the financial DocTypes, so it runs at the framework layer. Desk edits, REST API writes, and whitelisted-method calls all hit the same server-side path. Historical log rows are hash-chained, so deleting or editing one breaks the chain and is detectable by the scheduled integrity check.
This is a build-to-order engagement, not an instant download. After a short scoping call we confirm covered DocTypes, retention periods, and lockdown rules in writing, then build and test on a staging bench. Typical delivery is 2-4 weeks from confirmed scope, depending on how many custom DocTypes and jurisdictions are in scope.
You get a post-go-live support window for defect fixes and configuration questions, plus a git repository handover with full source so your team (or ours) can maintain it. We build against Frappe/ERPNext v15 and v16; a version upgrade or added coverage is scoped as follow-on work, and because you hold the source there is no lock-in.
Out of the engagement we typically cover `Journal Entry`, `Sales Invoice`, `Purchase Invoice`, `Payment Entry`, and `GL Entry`, and we extend capture to any custom vouchers you nominate during scoping. The app targets Frappe/ERPNext v15 or v16 and is packaged as a standard installable Frappe app.
Yes — that is the point of building to order. We map retention periods, capture scope, and lockdown behavior to the specific statute you name during scoping, and the inspector export is filterable and signed so it stands as evidence. We do not claim generic pre-certification; we build to your stated regulatory requirement and confirm it in the UAT checklist.
No. Genuine corrections route through an approval-and-reason workflow: an authorized approver signs off, a mandatory reason is recorded, and the correction itself is written to the audit trail. You keep the ability to fix real mistakes while removing silent, unlogged amendments to posted vouchers.
A tamper-evident audit trail and statutory log retention layer for ERPNext that captures every financial-document change and locks down edit-after-submit, so you satisfy auditor and regulator mandates. Built, installed, and supported by ECOSIRE after you request a quotation.