- Standards & Certifications
Standards & Certifications
Tungsten Network Standards
Earning your trust and ensuring the security of your data are our top priorities and are at the heart of everything we do. We deal daily with highly sensitive customer information and we take seriously our responsibility to keep it safe. So we make certain our security processes and controls are comprehensive.
At the center of our business is our global e-invoicing network, which connects the world’s largest companies and government agencies to their thousands of suppliers around the globe. And the success of our network begins with its confidentiality, availability, and integrity. This is ingrained in our culture and practices.
We follow a number of standards to give our clients additional assurance for the delivery of Tungsten Network services. Please read more by selecting an option from the menu above.
Our full Compliance Framework, which explains in detail our approach to compliance and security, is available here.
We are committed to providing consistent and reliable service. One way we give our customers detailed, third-party assurance of this is by conforming to the International Standard on Assurance Engagements (ISAE) No. 3402. ISAE 3402 was issued by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). At Tungsten Network, we adopted this standard in 2011.
ISAE 3402 was developed to allow accounting firms to report on the system of internal control over financial reporting at a user organization. This means an independent third-party is verifying that the Tungsten Network is smart, secure, and efficient.
There are two types of Service Auditor's Reports: Type 1 and Type 2.
A Type 1 report describes the company’s description of controls at a specific point in time. A Type 2 report not only includes the company’s description of controls, but also includes detailed testing of the company’s controls over a minimum six-month period. At Tungsten Network, we have committed to conducting an ISAE 3402 Type 2 audit every year. You will be able to find information in our ISAE 3402 report such as:
- The independent service auditor's report
- Our description of controls
- Information provided by the independent service auditor; including a description of the service auditor's tests of operating effectiveness and the results of those tests
- Other relevant information we provided to complete the report
If you are a customer or a third party with an existing non-disclosure agreement, you can ask your contact at Tungsten for a copy of this report.
We require ISO certification for ourselves and for our data center partners as proof of adherence to strict controls and processes.
ISO/IEC 27001 is an internationally recognized best practice framework for an information security management system (ISMS), a suite of activities that governs the management of information security risks. The ISMS is an overarching management framework that enables us to effectively identify, analyze, and address information security risks. The ISMS also ensures that our security arrangements are fine-tuned to keep up with the ever changing security threats, vulnerabilities, and business impacts that our business faces.
Certified compliance with ISO/IEC 27001 by an accredited and respected certification body is a choice, but at Tungsten Network we believe that through this certification we are able to demonstrate to our customers, employees, and other stakeholders that the security of their information is fundamental to our business. We also require that any data center we use have the same certification.
The certification to this standard means that we:
- Identify risks and vulnerabilities, and implement suitable controls in a timely manner to manage or reduce them before they can cause any harm
- Demonstrate that our compliance to this standard and commitment towards information security is verified and vetted by an accredited and respected certification body
- Understand the need to protect company information and to provide the necessary resources to ensure we can do so effectively and with continuous improvement
Tungsten Network ISO/IEC 27001:2013 certificate is available here.
At Tungsten Network, we run the largest compliant business transaction network in the world. The TrustWeaver-Verified service assesses key aspects of European VAT compliance covered by our electronic invoicing services. It shows that we validate against all local indirect tax and commercial legislation in real time. The trust mark also shows that our adherence to good practices has been successfully reviewed by TrustWeaver’s experts. Only service providers that have completed the program can display the TrustWeaver-Verified trust mark on their websites and documentation.
Government Cloud Computing (G-Cloud) is a UK government program promoting government-wide adoption of cloud computing. The initiative focuses on cloud computing's capability for economic growth, capitalizing on cloud's cost savings and flexibility to create a more efficient, accessible means of delivering services.
The program requires us to self-certify and supply evidence against the 14 Cloud Security Principles of G-Cloud as part of the G-Cloud Framework on-boarding process quality checks. Any suppliers found maliciously in breach of their assertions can, following investigation by the G-Cloud Authority, be disqualified from the G-Cloud Framework.
We are compliant to the 14 Cloud Security Principles of G-Cloud and have passed the on-boarding process. 14 Cloud Security Principles is available here. Details of our listing in the Digital Marketplace are here.
Cyber Essentials certifies that an organisation has in place a set of controls and cybersecurity protocols that provide protection against cyberattacks. Cyber Essentials has been a mandatory accreditation for suppliers of government contracts that involve handling personal information and providing certain ICT products and services. Cyber Essentials enables Tungsten Network to be compliant with the PEPPOL framework.