Security, permissions and data handling in Lift

Controlled document intake

Lift works with agreed intake routes such as shared folder intake or SharePoint locations. The intake route defines where documents should be placed for processing and helps avoid uncontrolled document handling.

Permission boundaries

Where possible, use a dedicated intake area for Lift rather than broad access to unrelated folders. This makes permissions clearer, support easier and rollout more controlled.

A clear boundary also helps the firm decide who can upload source documents, who can see processed files, and where rejected, duplicate or unsupported documents should be routed.

The practical test is whether the route can be explained in plain operational terms: which folder is monitored, which accounting destination is connected, who reviews prepared output, and what happens when Lift cannot prepare a document confidently.

Accounting system access

Connections to accounting systems such as Xero or Business Central-oriented workflows should be authorised explicitly and scoped to the workflow being implemented. The accounting route, destination company, review path and output behaviour should be confirmed during setup rather than assumed across every client, entity or document type.

Access should follow the pilot scope. If the route only needs one Xero organisation, one Business Central company, or one structured output destination, the setup should reflect that limited scope until the team has reviewed the results and agreed wider rollout.

That also makes support and troubleshooting simpler. If a file is rejected, duplicated, or prepared for the wrong route, the team can inspect a defined workflow instead of searching across unrelated folders, clients, companies or accounting connections.

Review-first control

Lift prepares accounting output for review. Review-first workflows reduce the risk of incorrect posting because a human reviewer can confirm supplier, dates, totals, VAT treatment, account coding and attachment before approval/posting. The control model is covered in the guide to review-first automation controls.

Exception handling

Controlled automation should make uncertainty visible. Lift workflows can route or flag documents that need manual attention, including:

• duplicates
• unsupported files
• rejected documents
• unclear VAT or tax treatment
• uncertain supplier matching
• missing or conflicting totals

Recommended pilot setup

A security-conscious pilot should keep the scope narrow enough that permissions, reviewer roles and exception handling can be tested properly before rollout.

• use one client or company
• use a dedicated intake folder
• test with real documents
• define reviewer responsibilities
• confirm output destination
• confirm exception routing
• only expand once the workflow is understood

Questions to ask before rollout

Before expanding the workflow, agree the access model, review model and exception route with the people responsible for the accounting process.

• who can upload documents?
• who can view processed files?
• who reviews exceptions?
• what should Lift prepare?
• what should never be submitted automatically?
• how should duplicates and rejected files be reported?

When the access model is clear, start a permission-scoped pilot with one client or company before wider rollout.