Immutable, queryable, tamper-evident archive of B1 data for regulatory retention. Per-jurisdiction policies. IRS 7-yr, HMRC 6-yr, German GoBD 10-yr, Italian SDI 10-yr, French CGI, GDPR-aware right-to-erasure. 75–90% cheaper than live-B1 retention.
Tax-retention rules don't say 'keep a copy somewhere'. They say 'keep it immutable, indexed, retrievable, machine-readable, and producible on demand for 10 years'. Most ad-hoc archives fail at least three of those tests.
SMBs running SAP Business One are subject to a stack of regulatory retention rules that combine in often-overlapping ways. A small US business owes 7 years of records to the IRS, 3–7 years to state tax authorities depending on state, and (if they have any payroll on B1) 7 years to state employment authorities. A UK SMB owes HMRC 6 years for VAT and corporation tax. A German SMB owes 10 years under GoBD/HGB §257 for accounting records and tax-relevant documents. An Italian SMB owes 10 years under SDI for B2B e-invoices, with the XML originals preserved. A French SMB owes 6 years for fiscal records under CGI Article L102 B, 10 years for accounting books.
Each of these regimes specifies more than just 'keep it'. GoBD demands immutability, audit-trail-evidence, machine-readability, and timely retrieval on Finanzamt request. SDI demands the original XML, not a relational representation. IRS demands ability to produce specific transactions during an examination spanning 30–180 days. GDPR adds a counter-pressure — minimise PII retention, support right-to-erasure — that has to be reconciled with tax-law retention.
Syntra ETL's SAP Business One compliance archive is engineered for these requirements specifically. Write-once Parquet storage with RFC 3161 timestamped Merkle hash chains for tamper-evidence. Per-jurisdiction retention policies that apply the longest applicable retention per data domain. Pre-built evidence packs for each major regime (GoBD Verfahrensdokumentation, SDI XML retrieval, IRS-format auditor extracts, HMRC MTD-aligned VAT extracts). GDPR right-to-erasure support that preserves financial integrity while satisfying Article 17. Auditable query logging for every archive access.
The technical underpinnings that make the archive evidentially valid — not just 'stored data', but legally producible compliance evidence.
Write-once-read-many semantics on the underlying object store (S3 Object Lock, Azure Blob Immutable Storage, GCS Bucket Lock, OCI Object Storage retention rules). Data cannot be modified or deleted until retention expires.
Every archive write SHA-256 hashed, hashes chained into a Merkle tree, root timestamped by RFC 3161 TSA every hour. Independent verification of tamper-freedom — auditors can verify without trusting Syntra.
Each B1 company tagged with operating jurisdictions. Retention rules applied per domain (financial records, payroll, personal data, e-invoice XML). Longest applicable retention per domain. Auto-extension under tax-examination hold.
GoBD Verfahrensdokumentation (process documentation per Finanzamt requirements), SDI XML retrieval index, IRS auditor-extract templates, HMRC MTD VAT extract, French FEC export, US state sales-tax detail.
Right-to-erasure requests nullify PII fields on OCRD/OCPR while preserving financial integrity of related OINV/OPCH. Erasure evidence log records request, fields nullified, timestamp, legal basis for partial retention.
Every read access logged with user, timestamp, query, rows returned, fields accessed. Sensitive-field unmasks logged with justification. Tax-authority and external-auditor access patterns supported with time-scoped accounts.
From regulatory inventory to fully-operational compliance archive in 8–10 weeks.
Map B1 operating jurisdictions (per company). Identify applicable retention regimes (IRS, HMRC, GoBD, SDI, CGI, etc.). Catalogue industry-specific overlays (HIPAA if healthcare, SOX if IPO-listed, banking-specific regs). Determine longest applicable retention per data domain.
Configure per-jurisdiction retention policies. Design WORM storage layout (per-jurisdiction bucket/container or global with metadata tagging). Configure RFC 3161 timestamping authority. Define PII masking and erasure rules. Plan tax-authority and external-auditor access roles.
Pre-built B1 extractors pull every in-scope OCRD, OITM, OACT, OJDT/JDT1, OINV/INV1, OPCH/PCH1, ORCT, OVPM, OINM, ORDR, OPOR, ODLN row across full history. SDI XML originals preserved alongside relational OINV. Hash-signed, Merkle-chained, written to WORM storage.
CUFD, OUDO, SBO-COMMON, Crystal/B1 Studio/PLD library archived as audit artifacts. Verfahrensdokumentation built describing the B1 environment (data flows, controls, customisations) per GoBD requirements.
Jurisdiction-specific evidence packs generated (GoBD packs, SDI retrieval indices, IRS extracts, HMRC MTD VAT, French FEC). Validated against sample audit-style queries. Auditor and tax-authority access roles tested.
Compliance, finance, internal audit, legal sign off that archive satisfies obligations. Pre-built evidence packs cataloged for self-service access. Ongoing operations: monthly retention review, quarterly hash-chain verification, annual full-archive audit.
Jurisdiction-specific pre-built artifacts ready for tax-authority or audit access — no ad-hoc query needed during an examination.
Income statement detail by period, balance sheet detail, AP/AR aging snapshots at each fiscal year-end, payroll detail (if B1 used for payroll), inventory valuation at year-end, Schedule C / Form 1120 input views, signed PDF export ready.
VAT return inputs in MTD-aligned format per quarter, CT600 corporation-tax input views, full GL detail per accounting period, FRS 102/IFRS-aligned trial balance, evidence supporting any reliefs claimed.
Verfahrensdokumentation describing B1 environment, controls, customisations. Journal extracts in DATEV-compatible CSV. Document-link lists (Belegfunktion). UStVA / Umsatzsteuer-Erklärung input views. Hash-chain verification report.
SDI XML originals indexed by invoice number and customer. LIPE quarterly extracts. Esterometro for non-Italian counterparties. Conservazione sostitutiva attestation. Agenzia delle Entrate examination workflow pre-configured.
Fichier des Écritures Comptables (FEC) export per fiscal year in DGFiP-mandated format. TVA return inputs per period. Grand Livre, Balance Générale, journal extracts. Liasse Fiscale 2050+ input views.
Erasure request log (date, requestor, data subject, fields nullified, legal basis). PII access log (who unmasked what, when, why). Data-residency attestation per archive region. DPO-ready compliance evidence.
A SAP Business One compliance archive is a long-term, immutable, queryable store of B1 data — OCRD business partners, OITM items, OJDT/JDT1 journals, OINV/INV1 AR invoices, OPCH/PCH1 AP invoices, OINM inventory postings, plus UDF and UDO extensions — designed to satisfy regulatory retention obligations that span 6–10+ years. SMBs need a B1 compliance archive because tax authorities, accounting regulators, and industry-specific compliance regimes legally require historical financial records to be retained, accessible, and producible on demand — regardless of whether the original B1 system is still running. Examples: IRS 7-yr for US income tax; HMRC 6-yr for UK VAT/CT; German GoBD/HGB §257 10-yr for accounting records; French CGI 6/10-yr; Italian SDI 10-yr for B2B e-invoices; GDPR data-minimisation principles; SOX 7-yr for IPO-listed SMBs.
Germany's GoBD (Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form) under HGB §257 mandates 10-year retention of accounting records and tax-relevant documents in immutable, retrievable, machine-readable form. Syntra ETL's B1 compliance archive satisfies GoBD with: immutable Parquet storage (write-once, audit-logged, hash-chained for tamper-evidence); complete OJDT/JDT1 journal history with original timestamps and posting context; full OINV/OPCH invoice retention including any UDF extensions used for tax-classification purposes; configurable 10-year retention policy with automated holds extending retention if a Betriebsprüfung (tax examination) is in progress; pre-built GoBD evidence packs (Verfahrensdokumentation, journal extracts, document-link lists) ready for Finanzamt access on request.
Yes. Italian SDI (Sistema di Interscambio) requires B2B e-invoices to be retained in their original XML form for 10 years, with the ability to retrieve specific invoices on demand by Agenzia delle Entrate examiners. Syntra ETL's compliance archive preserves SDI XML originals alongside the relational OINV/INV1 representation — so the archive has both the human-readable invoice (via OINV) and the regulatory-mandated XML (via the SDI XML artifact store). XML files are stored immutably, hash-signed, indexed by invoice number, customer, and SDI submission date. Retrieval is sub-second per invoice. Conservazione sostitutiva (electronic preservation under DPCM 3 dicembre 2013) requirements are met.
IRS audits typically span 3 years (the standard examination window) but can extend to 6 years for substantial understatement and indefinitely for fraud. Syntra ETL's B1 compliance archive supports IRS examination workflows with: 7-year retention as standard (configurable to longer where industry or state rules apply); pre-built IRS-format auditor extracts (income statement detail, balance sheet detail, AP/AR aging, payroll detail where B1 was used for payroll, inventory valuation snapshot at each fiscal year-end); time-scoped read-only auditor accounts with full query logging; sensitive-PII masking with role-based unmask permission; multi-year period-comparison support (the IRS will compare FY2019 and FY2022 figures looking for trends); export to IRS-acceptable formats (CSV, Excel, signed PDF). Most SMB IRS audits resolve faster with archive evidence than with live-B1 access because retrieval is faster.
Yes — this is one of the harder design points because GDPR Article 17 right-to-erasure conflicts with tax-retention obligations. Syntra ETL's approach: when a data subject (a customer's named individual contact, an employee captured in OCRD as a vendor for expense reimbursement, etc.) files a valid erasure request, the archive nullifies PII fields on the relevant OCRD/OCPR rows (CardName if it's a person's name, contact name/email/phone, bank account, tax ID where stored as PII) while preserving the financial integrity of related OINV/OPCH/OJDT rows (which must be retained for tax purposes). An erasure evidence log records the request, the fields nullified, the timestamp, and the legal basis for the partial retention of related financial records. This satisfies both GDPR Article 17 and the lex specialis precedence of tax law.
SMBs with operations in multiple countries face overlapping retention rules — a UK SMB with a German subsidiary must satisfy both HMRC 6-yr and GoBD 10-yr; a multi-country EU SMB may have French CGI, Italian SDI, and Spanish requirements all in play. Syntra ETL's compliance archive supports per-domain, per-jurisdiction retention policies: each B1 company's data is tagged with its operating jurisdiction(s) and the applicable retention rules; the retention policy engine applies the most restrictive (longest) retention per domain; jurisdiction-specific evidence packs (GoBD, SDI, MTD VAT, etc.) are auto-generated per company. The archive can also segregate per-jurisdiction data physically (e.g. EU data in EU-region storage) for GDPR data-residency compliance.
Yes. The compliance archive uses write-once-read-many (WORM) storage semantics — once data is written and the retention clock starts, the data cannot be modified, deleted, or overwritten until the retention period expires. Every archive write is hash-signed (SHA-256), and the hashes are chained into a Merkle tree with periodic timestamping by a trusted external timestamping authority (RFC 3161). This provides cryptographic evidence that the archive has not been tampered with since each retention period began. Auditors and tax authorities can independently verify the hash chain — meaning the archive's evidentiary value matches or exceeds that of a paper invoice file. Tamper attempts are logged and trigger compliance alerts.
Dramatic savings. Maintaining a live B1 instance for 10-year German GoBD retention costs $40K–$200K/year × 10 = $400K–$2M total lifecycle cost for a small SMB, multiplied for multi-company partner-supported instances. Syntra ETL's compliance archive is priced as a flat annual subscription based on archived data volume — typically $8K–$30K/year for SMB volumes, with cloud object storage costs measured in pennies per GB-month for the Parquet data layer. 10-year lifecycle cost: $80K–$300K vs $400K–$2M. The math is even more favourable when you factor in eliminated risk (live B1 attack surface, partner-skill availability risk, version compatibility risk over a decade).
30-minute call. Walk through your jurisdictions, retention obligations, B1 deployment, and any active tax-authority engagements — leave with a per-jurisdiction archive design and 8–10 week build plan.