Zoho books logo Help Docs

ISCA-Compliant Features in Zoho Books

Note:

This help document is applicable only to the France edition of Zoho Books.

Since January 1, 2018, VAT-registered businesses in France which involve the usage of cash registers, point-of-sale (POS) or billing software must ensure that their software complies with the ISCA requirements.

ISCA is an acronym that represents the following compliance requirements:

  • Inalterability - The transaction details cannot be modified or deleted without trace.
  • Security - The transaction details should be protected against unauthorized access or manipulation.
  • Conservation - The transaction data should be stored for the legally required period of 7 years (6 years + the current fiscal year).
  • Archiving - The transaction records should be properly archived and retrievable for tax audits.

An ISCA-compliant software must be certified by an accredited organization. Businesses that fail to use certified software may face a penalty of €7,500 for each non-compliant system and are required to rectify the issue within a specified period to avoid additional penalties.

This requirement is part of France’s broader effort to strengthen transparency and reliability in digital transaction records.

Let us now take a look at the ISCA-compliant features available in Zoho Books that help ensure transaction security, traceability and compliance with regulatory requirements.

Non-Alterable Transactions

Once transactions are changed to the Mark as Open status, Zoho Books locks them and prevents further modification. However, certain non-critical fields such as internal reference fields (for example the Sales Person field) and fields that do not appear in the transaction PDF can still be edited even when the transaction is in the Open status.

At this point, a digital signature is also applied to the transaction. This signature acts as a unique fingerprint, helping verify that the data has not been altered after it was recorded.

Digital Signatures

A digital signature is a secure, system-generated code created from a transaction’s key details such as the amount, date and transaction number when it is marked as Open. Each signature also includes the digital signature of the previous transaction, creating a continuous chain across all records that makes any tampering detectable.

The digital signature is designed to:

  • Identify whether any data has been changed after the transaction was signed.
  • Confirm that the signature originates from a legitimate and authorised source.
  • Link the signature securely to the specific transaction and signing key, so authorship cannot be denied.

The signature can be validated at any point by recreating the original input from the stored transaction data and comparing it against the saved signature.

Signature on the PDF

On the invoice or credit note PDF, the 3rd, 5th, 17th and 19th characters of the digital signature are displayed alongside a compliance marker and the software version. These characters allow anyone with access to the full signature to verify the document’s authenticity.

The tax archive includes the complete digital signature for each transaction record, preserving the full chain for audit purposes.

Unique and Sequential Transaction Numbering

Transactions such as invoices and credit notes that are in Draft status will not be assigned a transaction number and will be identified only as Draft. Numbering begins only when the status changes to Open, at which point a unique number is generated and assigned. This ensures numbering is applied only to finalised records and maintains a consistent sequential order.

Once a transaction number series is assigned to a transaction, it cannot be changed in Zoho Books. Changes are permitted only in rare cases with a valid reason, and any such changes are recorded in the activity logs for audit purposes.

Duplicate transaction numbers are not allowed. Imported invoices and credit notes also follow the same sequential numbering system, while their original numbers are retained for reference.

Activity Logs for Tracking System Actions

All user actions and system activities within your organization are recorded and maintained in Activity Logs. Log data that supports ISCA compliance is stored securely using hashing and chaining mechanisms, which protect records from tampering and ensure traceability over time.

Additionally, technical logs for a specific period can be accessed by generating a tax archive file, which allows businesses and auditors to review the stored system activity when required.

Data Archiving

As per the ISCA regulations, tax archiving of transaction details along with their digital signatures can be done in Zoho Books. The archive also includes key information such as period-closing details and technical event logs. This archive helps preserve records for compliance and contains all the information required for audit purposes.

Here’s how you can generate a tax archive in Zoho Books:

  • Go to Settings.
  • Select Data Management under Developer Data.
  • Go to the Tax Archive tab and click + New in the top right.
  • In the Generate Tax Archive popup, enter the From Date and To Date to specify the range of transactions to include in the archive.
  • Click Generate.

The tax archiving process will now begin.

Once the process is completed you can download the tax archive as ZIP file. The ZIP file would contain:

  1. The Tax Archive file in CSV format.
  2. A reference guide in TXT format.
  3. The Activity Logs in CSV format.
  4. The Period Closure details in CSV format.

Here’s how you can download the tax archive ZIP file:

  • Go to Settings.
  • Select Data Management under Developer Data.
  • Go to the Tax Archive tab.
  • In the Tax Archive list page, click Download next to the tax archive that you want to download.

The tax archive ZIP file will now be downloaded to your device.

Note:

You cannot delete your organization in Zoho Books unless you have downloaded the tax archive for all transactions up to the most recent one. This ensures that all the compliance related records are available for reference even after the organisation is deleted.

Period Closing

Period Closing in Zoho Books works like a summary of sales and transaction activity for a specific time period. The system automatically generates these summaries through scheduled processes. A daily period closing records the summary of the previous day’s transactions, a monthly period closing captures the aggregated summary of all transactions for that month, and a yearly period closing provides the overall summary for the year.

After each period closing is created, the totals for that period are frozen so they cannot be altered. The closing record is then generated by combining the previous closure record with the new closure details, after which it is digitally signed. This process creates a continuous and secure chain of records. As a result, the integrity of the data is maintained, the summaries remain reliable, and the records can be verified during audits. The details of these period closures are also included in the tax archive file for compliance and audit purposes.

Amending Transaction Details

In accordance with the ISCA compliance standards, invoices cannot be modified once they have been issued. If any changes are required, a credit note can be issued to correct the invoice details or to cancel the invoice entirely. In cases where specific information needs to be corrected, a new correction invoice can be created to properly adjust the original invoice data while maintaining an accurate transaction record.

User Permissions

In Zoho Books you can add and manage multiple users. This allows you to assign roles (either an existing role or a new role) and permissions so that access is limited to features relevant to each user’s responsibilities.

Compliance Version

Zoho Books assigns a compliance version to your organisation when it is created. This version identifies the set of features and behaviours that ensure your organisation’s setup and documents meet the applicable regulatory requirements.

The compliance version is:

  • Assigned automatically at the time your organisation is created.
  • Recorded in your organisation’s activity log, providing an auditable history of the version applied.
  • Updated when there are significant changes in the software related to the compliance standard.

When the compliance version is updated, organisations are aligned to the new version so that it is always clear which version of the standard applies to your records. Each update is recorded in the Activity Logs for reference and audit purposes.

You will also be informed about updates through the What’s New page, Help documentation and the FAQ section. In addition, updates and important information are communicated through emails, in-app notifications and banners.

Was this document helpful?
Yes
No

Thank you for your feedback!

ON THIS PAGE