Standards and certifications

Trusted, Secure and Compliant

Our principles

A secure network is built on a strong foundation

We believe our customers' trust is something earned, not assumed. Ensuring the integrity of all the data we handle, as well as the security of our global network is at the heart of everything we do. We handle highly sensitive customer information and we take our responsibility to safeguard it very seriously. We make certain our security processes and controls are comprehensive.

We connect the world’s largest companies and government agencies to their thousands of suppliers around the globe, and vice versa. With that in mind, the success of our network begins with its prioritisation of confidentiality, availability and integrity. These values are ingrained in our culture and practices.

ISO 27001
An internationally recognised best practice framework for an information security management system (ISMS) and a suite of activities that governs information security risks.
The ISMS enables us to effectively address information security risks and ensures that our security arrangements keep up with everchanging security threats, vulnerabilities and business impacts that our company faces. We require ISO certification for ourselves and for our data center partners as proof of adherence to strict controls and processes.
Read more
ISAE 3402
The International Standard on Assurance Engagements (ISAE) No. 3402. ISAE 3402 was issued by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). At Tungsten Network, we adopted this standard in 2011.
There are two types of Service Auditor's Reports: Type 1 and Type 2. A Type 1 report describes the company’s description of controls at a specific point in time. A Type 2 report not only includes the company’s description of controls, but also detailed testing of the company’s controls over a minimum six-month period. At Tungsten Network, we have committed to conducting an ISAE 3402 Type 2 audit every year. If you are a customer or a third party with an existing non-disclosure agreement, you can ask your contact at Tungsten Network for a copy of this report.
Read more
Cyber Essentials
Cyber Essentials certifies that cybersecurity protocols and controls are present to protect against cyberattacks.
It is a mandatory accreditation for suppliers of UK Government contracts that involve handling personal information and providing certain ICT products and services. Cyber Essentials enables Tungsten Network to be compliant with the PEPPOL framework.
Read more
TrustWeaver
The TrustWeaver-Verified service assesses key aspects of European VAT compliance covered by our electronic invoicing services.
It shows that we validate against all local indirect tax and commercial legislation in real-time. The trust mark also shows that our adherence to good practices has been successfully reviewed by TrustWeaver’s experts. Only service providers that have completed the programme can display the TrustWeaver-Verified trust mark on their websites and documentation.
Read more
G-Cloud
Government Cloud Computing (G-Cloud) is a UK government programme promoting government-wide adoption of cloud computing. The initiative focuses on cloud computing's capability for economic growth, capitalising on cloud's cost savings and flexibility to create a more efficient, accessible means of delivering services.
The programme requires us to self-certify and supply evidence against the 14 Cloud Security Principles of G-Cloud as part of the G-Cloud Framework on-boarding process quality checks. Any suppliers found maliciously in breach of their assertions can, following investigation by the G-Cloud Authority, be disqualified from the G-Cloud Framework.

We are compliant to the 14 Cloud Security Principles of G-Cloud and have passed the on-boarding process. 14 Cloud Security Principles is available here. Details of our listing in the Digital Marketplace are here.

Read more
PEPPOL
PEPPOL (Pan-European Public Procurement Online) enables government organisations and private companies to exchange electronic trading documents over an interoperable, European-wide network.
PEPPOL offers a standardised network connection for electronic ordering, invoicing and shipping.

PEPPOL also enables access to its network through accredited ‘Access Points’. Access Points connect users to the PEPPOL network and exchange electronic documents based on the PEPPOL specifications. Buyers and suppliers are free to choose their preferred single Access Point provider to connect to all PEPPOL participants already on the network. (‘Connect once, connect to all’).

Tungsten Network has been through the accreditation process to ensure we comply with PEPPOL specifications and has been certified as a Certified PEPPOL Access Point.

Read more
Chorus
The European Commission, 2014/55/EU requires all public administrations to accept paperless billing presented in the specific formats defined in the EN (European Norm).
France has implemented this by creating the Chorus Pro gateway and has mandated a phased approach to its adoption.
  • January 2017 – Chorus mandatory for B2G invoices from Companies with over 5000 staff and earnings of over €2M
  • January 2018 – Expanded to companies with over 250 staff or earnings above €1.5M
  • January 2019 – Includes small and medium-sized companies
  • January 2020 – Micro-enterprises

We are able to deliver invoices in the required format.

Tungsten Network is committed to removing friction from your billing-to-cash cycle and will establish connections to all EU Public Sector Gateways, as and when they are put in place.

Please contact us for more information or advice.

Read more