Your NetSuite account is hiding problems.
This report finds them.
SuiteRX connects read-only, audits every script, role, integration, and token, and hands you a report that names each problem and tells you how to fix it. No consultant camping in your account for two weeks.
no gate. no sales call. the real report, on synthetic data.
You have at least one of these right now.
Not “risks and inefficiencies.” The actual things we find.
A token-based auth credential expires Friday. The integration it powers goes down Monday. Nobody knew it existed.
Scripts written by a consultant who left in 2021. Still running on every save. Nobody knows why.
One administrator login. Full permissions. Shared by four people. No way to tell who did what.
Saved searches firing every 15 minutes that no one owns and no one reads.
An integration authenticated against an employee's personal login. That employee left in March.
A sandbox refresh quietly broke something in production. You find out during close.
Each one is invisible until it breaks, or until an auditor asks. The report surfaces them in a day, before either happens.
It does not just find problems. It hands you the fix list.
Every scan produces an executive summary a controller can act on and a prioritized roadmap an admin can execute. Every finding names the object, the risk, and the fix.
Northwind Distribution Co.'s NetSuite environment scored 59 out of 100 (Developing), indicating material risks across security, data integrity, and operational governance that require immediate executive attention. Three critical findings (an integration user with full administrator access, an exposed payment file endpoint, and inconsistent inventory costing methods across subsidiaries) present direct exposure to financial fraud, regulatory non-compliance, and unreliable cost-of-goods reporting. Beyond the critical tier, 39 high-severity findings spanning unsecured RESTlets, unprotected vendor and employee data, and missing audit trail retention compound the organization's risk profile.
The highest-probability path to financial fraud or a data breach. Both are fixable through role reconfiguration with no code changes.
Endpoints reachable by all roles create broad attack surface and likely breach data-protection obligations.
Inconsistent costing distorts COGS and margin, making consolidated statements unreliable for audits and lender reporting.
Compliance gaps that draw immediate auditor scrutiny under ASC 330 inventory standards.
210 ownerless scripts and unconditional workflows silently degrade performance and raise the cost of every future change.
Integration user has full administrator access
Security · CELIGO_INTEGRATION
Payment file RESTlet exposed to all roles
Security · customscript_pay_file
Inventory costing method inconsistent across subsidiaries
Data Integrity · 3 subsidiaries
RESTlet endpoints accessible to all roles
Security · 6 endpoints
Chart of accounts missing required inventory reserve account
Compliance · COA
Saved search returns >100k rows without filters
Performance · Open Orders / All
Deployed script has no owner assigned
Governance · customscript_ord_sync
1,942 findings across 12 categories on this scan.
What we actually check
Every script deployment reviewed. Every role and permission enumerated. Every integration token listed by name.
Access and identity controls
Segregation-of-duties conflicts, like one role that can create a vendor and pay it. Access tokens scoped to Administrator that bypass 2FA. Missing SSO, weak password length, long idle sessions. Mapped to SOX ITGC and SOC 2.
Security gaps that would fail an audit
RESTlets and Suitelets with open access. Over-provisioned roles with mass update and delete. Public saved searches exposing financial data. Integration users with admin rights.
Script health and integration hygiene
User Events firing too broadly. Governance violations in scheduled and Map/Reduce scripts. Orphaned scripts still executing. Deprecated APIs. Hardcoded internal IDs. Plus on-demand AI review of the actual source, for your own scripts, never bundle-managed ones.
Change management and configuration debt
Configuration edited directly in production instead of promoted from sandbox. Duplicate deployments. Inactive workflows still live. Workflows with no entry conditions. Undocumented custom fields.
Data quality and financial governance
Chart-of-accounts controls. Intercompany and consolidation setup. Audit-trail retention. Inventory costing consistency across subsidiaries. The controls that underpin financial integrity.
Dozens of automated checks. Every one mapped to a named control (SOX ITGC, SOC 2) and cited to an authoritative source.
always improving segregation of duties, token and auth posture, change management, per-script AI review all shipped recently. see what's new
How it works
A read-only connection, an automated audit, a report. No two-week engagement.
Connect, read-only
You grant scoped OAuth 2.0 access, or install a one-script Suitelet. SuiteRX reads configuration, scripts, roles, and tokens. It does not read your transactions, and it cannot write anything back.
Automated audit
The engine runs dozens of checks against the account: security, access, script health, integration hygiene, change management, data quality. Minutes, not weeks. Nobody sits in your account.
Report delivered
You get a health score, category breakdown, and every finding named, located, and severity-ranked, with a plain-language fix. Optional walkthrough with a consultant who has fixed these for over a decade.
Prices on the page. No sales call to see a number.
Three plans, all including the full diagnostic. Cancel anytime.
SuiteRX is in beta. Founding customers lock in beta pricing.
Essentials
Continuous visibility into your NetSuite environment.
- Full scan on demand
- Monthly automated re-scans
- Executive summary and prescription
- Severity-ranked remediation steps
- Drift detection since last scan
- 10 AI code reviews / month
- Email support
Professional
The depth and frequency an active environment needs.
- Everything in Essentials
- Weekly automated re-scans
- Real-time alerts on new criticals
- Quarterly trend reports
- Multi-subsidiary support
- 50 AI code reviews / month
- API access
Enterprise
A senior consultant in your corner.
- Everything in Professional
- Consultant review of every scan
- Monthly findings walkthrough
- White Glove setup included
- Unlimited AI code reviews
- 4 hrs/mo remediation included
- Direct line to the ADSG team
White Glove Setup. Done-for-you NetSuite connection by an ADSG consultant. $500 one-time, or free with Enterprise.
All plans include unlimited users, read-only access, and SOC 2-aligned data handling.
What it finds in the wild
Anonymized findings from real NetSuite environments we have scanned.
of scripts in one account were vendor-managed bundle code. We scan the ones that are actually yours.
that could create a customer and issue their own refund. A textbook segregation-of-duties conflict, sitting live.
of configuration changes in a month, nearly all from a single integration login with standing access.
An integration token scoped to full Administrator.
A token-based credential tied to an Administrator role, bypassing two-factor, never expiring. If it leaked, it was full account access with no second factor. SuiteRX enumerates every active token, names its role, and flags the ones with standing admin rights.
Every account has a role problem.
Roles with mass update and delete granted years ago and never revoked. Password minimums well under current guidance. Sessions that stay logged in for hours. SuiteRX audits every role, permission, and auth setting, and tells you which ones an auditor will ask about.
Hundreds of changes, one login, no review.
In one account, nearly every configuration change in a month traced to a single login editing production directly. No sandbox, no promotion, no second set of eyes. SuiteRX separates human edits from integration traffic and flags direct production change.
[ composite findings from real NetSuite accounts. yours will differ. ]
I have spent over a decade in NetSuite. SuiteScript, integrations, the last 10 percent of implementations that nobody else finishes.
I have inherited accounts held together with duct tape and prayer. Tokens about to expire, scripts nobody could explain, admin logins shared by half the office. Every time, I did the same thing first: I went through the account and wrote down everything that was wrong.
SuiteRX is that, automated. It is everything I check when I take over an account, turned into a report you can run yourself.
Mike Pagani
Founder, Adaptive Solutions Group
NetSuite health check, answered
What is a NetSuite health check?+
A NetSuite health check is an audit of your account's customizations and configuration: scripts, workflows, roles, permissions, integrations, tokens, and settings. SuiteRX runs it automatically, read-only, and returns a scored report that names each problem and how to fix it, usually in minutes rather than the weeks a manual review takes.
Is SuiteRX read-only? Can it change or see my data?+
SuiteRX connects read-only and cannot write anything back to your account. It reads configuration, scripts, roles, and tokens. It does not read your transactions and does not extract PII.
How does SuiteRX connect to NetSuite?+
Three ways, all read-only: an Easy path (install one Suitelet and paste a token), an Advanced path (OAuth 2.0 machine-to-machine with a PS256 certificate), or White Glove, where an ADSG consultant installs the connection for you. No consultant sits in your account for two weeks.
What does SuiteRX check?+
Access and identity controls (segregation of duties, admin-scoped tokens, SSO, password and session policy), security gaps, script health and integration hygiene, change management, and data quality. Every finding maps to a named control such as SOX ITGC or SOC 2 and cites an authoritative source.
How much does a NetSuite health check cost?+
SuiteRX is subscription pricing with the full diagnostic on every plan: Essentials $299/month, Professional $699/month, and Enterprise $1,899/month. You can see a live sample report first with no email required.
How long does it take?+
The scan runs in minutes. You connect read-only, the engine audits the account, and the report is delivered the same day, not after a multi-week engagement.
See what your account is hiding.
Scripts degrade, permissions drift, tokens expire, configuration debt compounds. See the report on a real account, then run one on yours.
built by consultants who have spent over a decade fixing what nobody else could find.