SAT Section C (Apartado C) imposes an obligation that takes many companies by surprise: granting the authority access to the company’s database. The immediate question is reasonable —doesn’t giving the SAT access to my systems expose all my information?— and the answer, well implemented, is no.
What the obligation involves
Compliance means providing the SAT the means to access the company’s information. The correct way is not to open your whole network, but to enable a scoped remote web access: a link, a user and a password with which the authority enters only your company’s database, without touching the rest of your infrastructure.
The obligation sets November 15 as the maximum date. Complying late exposes the company to penalties, so resolve it ahead of time.
Scoped access, not total access
The difference between complying well and poorly is in the scope. Access configured with dedicated credentials and restricted to the relevant database satisfies the obligation without turning your whole system into an open book. The rest of your infrastructure —email, finance, internal operations— stays isolated.
What you need to implement it
- Precisely identify the information the obligation requires exposing.
- Configure the remote web access with a dedicated link, user and password.
- Technically restrict access only to the company’s database.
- Document compliance and deliver the credentials to the authority.
The good news is that implementation is fast, even with the deadline near. At XCOM we configure and operate the remote access for you: you just share the requirements and we get your company compliant before November 15, with access properly scoped.
Legal framework reference
Does this apply to your operation?
Free initial diagnosis, with a response in under 24 hours.