Cloud based EDI, electronic Invoicing, Electronic Purchase Orders,e-VAT compliance, Long Term e-Archiving & digital signature.


  • Real Time Reporting
  • Accredited Peppol Access Point (NHS UK & Europe)
  • Integrated Solution
  • Secure Communications Channels
  • Remote Web Access
  • Outsourced Services
  • Real Time EDI Document Exchange
  • Web Platform Access


  • Access your EDI solution from your ERP
  • Access your solution from our web platform
  • Automate the communications with any business partner
  • Fully Tailored solution
  • Capable of reaching any business partner through EDI
  • NHS open Network


£35 to £25000 per licence per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

2 8 7 0 9 7 0 7 2 3 6 6 1 0 4



Alex Doogan



Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
No system requirements. Access form any web browser in order to work thoruhg our platform. Tailored solutions for any ERP system.
System requirements
No system requirements. Access form any web browser.

User support

Email or online ticketing support
Email or online ticketing
Support response times
EMAIL SUPPORT. NO TICKETS, every phone call or email will be answered within the contractual defined response times.
Depending on the contracted service. F.e., theres 24x7 support or a Monday to Friday from 8am-5pm customer support service.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
The implementation of any technological solution with EDICOM, will allow you access to our Customer Care Center. It is a customer support center that you can connect through multiple dedicated telephone lines in multiple countries, as well as through our chat service, or email.

Access to C.S.C. is performed with maximum efficiency criterion, minimizing response times, through the demonstrated ability of each and every one of the technicians to resolve issues in real time, without having to refer to other departments.

The customer support service includes the resolution of incidents on all elements in the EDICOM platform needed to provide the service.
EDICOM offers the possibility of remote equipment management (Telemaintenance) at no additional charge, as long as the client enables the appropriate accesses and permits.
EDICOM has three service levels of availability and resolution times, provided to clients in line with their specific needs.
EDICOM resolves to identify the root cause of the problem in order to guarantee that it does not occur again in the future. Within 5 days of the incident EDICOM will produce a report of the corrective and preventative measures taken.
Support available to third parties

Onboarding and offboarding

Getting started
We provide online training and user documentation which is available at all time.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
There's various options. If it's an integrated version, the data is already stored in their system. If not, they can manually download everything from the web platform, or they can contract consultancy services for Edicom to upload all the information into their system.
End-of-contract process
Theres no extra cost at the end of a contract.

Pricing in the contract includes all charges that will be made: Implementation costs, and monthly or yearly recurring fees. If needed, it is also specified by contract the specific discount table that applies to the cost per document for the implemented solution.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The Web platform can be accessed from mobile devices through the mobile's web browser
Service interface
Description of service interface
Web browser interface, accessed from any device.
Accessibility standards
None or don’t know
Description of accessibility
Our web interface can be accessed from any web browser, also from IOS and Android. There's text and video content with tutorials on how to use the service in the website. Decoration, Formatting, Invisible: Non-text content is pure decoration, is used only for visual formatting, or is not presented to users, then it is implemented in a way that it can be ignored by assistive technology. *Exception: PDF Generation
Accessibility testing
No testing
Customisation available
Description of customisation
They can decide what documents they want to exchange, how they want to receive the data, and what their reports will look like. If they have a web portal, the design can also be customised.
This is all done by Edicom.


Independence of resources
Edicom has 2 different high availability servers running simoultaneously, which are currently handling 700.000.000 transactions a year. They are alocated 40 miles away from each other, and are both capable of handling 100% of the workload in case anything were to occur to one of them. Therefore, users are not affected by the demand.


Service usage metrics
Metrics types
Users can all their document information on their dashboard or in a periodic report uppon request, such as number of messages exchanged in a period of time with a specific partner, etc.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
Access to the primary data centre (DPC), located in EDICOM Business Centre (EBC), is controlled by an access card. Access by fingerprint is also possible. The access cards required to access the DPC are the same used to access the EBC, although a second level of authorization, assigned to EDICOM employees on a need-to-have basis, is required.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
It's either automatically exported into their system or they can manualy click on the "export" button which will give them different format options for the download.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Any prior arranged structured format.
Data import formats
  • CSV
  • Other
Other data import formats
  • IDOC
  • XML
  • TXT
  • Any prior arraganged structured format.

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
Digital Seals XAdES-LT
Cryptographic hash function SHA-256

Availability and resilience

Guaranteed availability
Our platform availability is guaranteed 99,9% of the time by our SLA, included in all our contracts.
If EDICOM does not comply with its SLA, refunds will be decided in each case in particular.
Approach to resilience
Edicom has 2 different servers allocated 40 miles from each other working simultaneously. In case one were to fail, the other is capable of taking 100% of the workload, guaranteeing a 99,9% of the platform's availability.
Outage reporting
Edicom has 2 different servers allocated 40 miles from each other working simultaneously. In case one were to fail, the other is capable of taking 100% of the workload, guaranteeing a 99,9% of the platform's availability.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Username and password plus they must have a certificate on their system.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
PEPPOL Acces Point Provider
GDSN Certified V3.1
eIDAS Qualified Trust Service Provider
ASx Server (e-SENS AS4)
ISAE 3402
European Certification Authority
Cyber Essentials
PAC, TSA, NOM151 (Mexico)
ONAC (Colombia)
Information security policies and processes
EDICOM has developed an Information Security Policy which states management commitment and sets out EDICOM's approach to managing information security. This policy has been communicated throughout the organization to users in a relevant, accessible and understandable way and is accepted by EDICOM's employees before its incorporation.
All employees’ signs in their contract they will fulfil the EDICOM’s Information Security Policy, and EDICOM hands over them at first training day.

Risks assessment which EDICOM is exposed, as well as its assets, have been developed following its own methodology, considering the requirements of ISO 27001 and ISO 20000.
Once information security risk assessment has been performed, there is a formal and documented acceptance of the risk acceptance criteria.
Those risks which are above the risk acceptance criteria, the organization perform and approve a Risk Treatment Plan (RTP) which collects the performing
actions to minimize risks below the risk acceptance criteria. EDICOM’s Management agrees to provide the necessary resources to set the RTP, according a benefit-cost analysis, it means, the cost of implementing the measure must be lower that the risk which EDICOM is going to treat.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The objective of the change and release management process is to ensure that changes are formally managed and properly migrated to production in order to minimize the number of change-related incidents and their impact on the service quality.
This process consists of two main subprocesses:
• The change management subprocess, covering the analysis, development and testing of the changes.
• The release management subprocess, covering the migration of the change from the development and test environments to the production environment.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
As a part of the BCP, EDICOM has performed a Business Impact
Analysis (BIA) which has allowed to detect weaknesses or threats, as well as principal processes and systems.
It has been identified availability requirements (Recovery Time Objective –RTO– and Recovery Point Objective –RPO–) for every principal process within BCP scope (Edicom Cloud and trust services).
Once RTO and RPO have been identified, EDICOM has designed different
scenarios where an eventuality or disaster could take place from threats and impacts identified at BIA. Finally, some strategies have been developed to guarantee business continuity in each scenario.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
EDICOM employs specialists in financial, operational and information systems auditing. These audits are conducted using either internal or external resources and are supervised in the first place by the Chief Financial Officer, Chief Technology Officer and Chief Security Officer, respectively.
As a last resort, the Board of Directors is responsible for the inspection of audit findings and for the implementation of action plans in a correct and timely manner.

EDICOM is subject to reviews by internal and external auditors on a periodic basis. These audits are scheduled yearly by the Board of Directors.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
EDICOM has implemented an incident and problem management process to manage incidents and problems that may affect the operational services delivered to its Clients. Where the incident management process is aimed at the restoration of interrupted or reduced services within predefined timeframes, the problem management process focuses on finding root causes for one or more incidents in order to prevent the recurrence of similar incidents in the future.
The major steps in the incident management process are depicted below:
Incident logging
Incident categorization and classification
Incident investigation and diagnosis
Record Error Resolution
Incident review and closure

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Other
Other public sector networks
  • UK HMRC Making Tax Digital
  • Chorus (France), PGEFe & SII (Spain), SdI (Italy)
  • SAFT (Portugal), SAFT (Poland), SAFT (Norway)
  • RTIR (Hungary) , Digipoort (Netherlands)
  • Peppol Network (all of Europe)


£35 to £25000 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
For NHS trusts and Public organisations only. Full solution for a defined period of time. Each case is treated individually.

Service documents

Return to top ↑