FISCAL Technologies Ltd.

NXG Forensics

NXG Forensics is a P2P risk management platform providing a continuous and preventative approach, combating supplier fraud, compliance issues, duplicate payments and invoicing errors. NXG uses forensics and artificial intelligence (AI) to identify exceptions and their root cause, driving process improvement, reducing risk, and protecting working capital and business reputation.


  • Forensic analysis of 100% payment transactions, prior to payment
  • Display of prioritised transaction risk list
  • Identification of type risk type
  • Ability for user labeling of confirmed risks
  • Master Supplier File (MSF) change and trend analysis
  • Payment Compliance Monitoring
  • Specialist Recovery and AP Analysis Services
  • Highlighting changes to MSF since last analysis
  • Dashboards and reports for management and operational purposes
  • AP Performance reporting.


  • Retains and protects funds and capital within the organisation
  • Reduces costs associated with legacy manual practices P2P and AP
  • Reduces audit and recovery costs
  • Safeguards cash throughout ERP, service or process transformation
  • Enables quicker, more effective and low cost, payment loss recovery
  • Provides evidence to address poor working practices
  • Prevents overpayment, payment error, possible fraud prior to payment
  • Informs actions to maintain Master Supplier File
  • Delivers oversight to increase efficiency, effect and measure process change
  • Promoting best practice, compliance and procurement


£13,045.00 a licence a year

Service documents


G-Cloud 12

Service ID

7 8 5 0 6 6 2 5 4 9 1 1 7 4 6


FISCAL Technologies Ltd.

Colin Rigby

0845 680 1905

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
ERP or equivalent accounting system
Cloud deployment model
Public cloud
Service constraints
Support services operate only during standard office hours. Maintenance window is outside office hours.
System requirements
  • User desktop/laptop with supported browser
  • HTTP/S enabled in firewall.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Dependent on severity of question/incident:
S1 = 1 hr/4 hrs (S1 must be raised by telephone)
S2 = 2 hrs/1 day
S3 = 4 hrs/3 days
S4 = 1 day/Reasonable endeavors
x/y = initial response/target resolution
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Single support offering. Implementation team manage the full implementation process, including arranging training and guage initial support requirements. Customer Success Manager assigned to every customer to ensure smooth communication between customer and FISCAL, resolve daily queries and issues. The technical support team resolve any technical and data issues. However, all work as a streamlined team.
Support available to third parties

Onboarding and offboarding

Getting started
Full user training is delivered as part of the implementation, in small groups or on a 1-2-1 basis, refresher and new starter training is also provided on site or via online tutorials, webinar, or at annual user group conference.

Implementation training consists of:

Project Planning, site set-up and data implementation
Access to online learning and help materials via Minerva, our customer engagement tool
6 Remote learning sessions
1 day go-live onsite consultancy
Service documentation
Documentation formats
Other documentation formats
  • PDF
  • MS Word
  • PPT
  • Video/Webinar
End-of-contract data extraction
Report and analysis data can be extracted from within the dashboard section against each specific report. At the end of the term FISCAL destroys customer data within 30 days of contract end. No data is lost, as all original data remains in customer ERP.
End-of-contract process
At the end of the term, if not renewed, accounts are disabled and deleted within 30 days. At the end of the term FISCAL destroys customer data within 30 days of contract end.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
Users do not use the API directly. The API is designed for the uploading of appropriate data extracts from the ERP/accounting system. The customer is responsible for obtaining the data extract from the ERP into a suitably formatted file(.CSV/XML) and then using the NXG Forensics API to upload the file into the FISCAL system.
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
The cloud service is regionalised and, for each region, is segregated into pools in such a manner as to minimise 'noisy neighbour syndrome'.


Service usage metrics
Metrics types
Transaction throughput which is part of the subscription model.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
There is no general facility for exporting a completed data set from NXG Forensics. However, many of the reports have data subsets that can be exported as part of the reporting sub-system.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% availability with Standard Support Hours (Mon-Fri 08:30-17:30 except public holidays). Refunds are as mutually agreed in contract.
Approach to resilience
Software architecture designed for resilience. Data centre infrastructure offers standby and redundancy and is continuously monitored. Individual customer data can be restored in the event of disaster. Business continuity plans and policies are in place and reviewed at least annually.
Outage reporting
Service outages are reported internally only. If severe and affecting user availability there is a communications policy to ensure customers are informed regularly as to progress to fix and (post-incident) root cause.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Least Privilege Privilege Policy
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Exova BM Trada
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All FISCAL operations not involved with the provision of FISCAL cloud services from the Reading HQ and associated data centres.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001:2013
ISMS incidents are logged separately and volumes/character reported to Board level monthly. Quarterly incident reviews chaired by CISO for continuous improvement purposes. All employees undergo ISMS/GDPR awareness training on induction and at least annually. Board review of ISMS effectiveness annually.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Microsoft Azure data centres comply to CSA CCM 3.0. FISCAL follows 'security by design' principles within its development practices. 'Least privilege' policy is in place to prevent unauthorised access/change. Changes are formally logged and tracked.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Microsoft Azure conforms to CSA CCM 3.0. FISCAL performs vulnerability testing on the service components at least monthly and targets fixing any identified vulnerabilities typically by the following month. Penetration testing of the service is conducted at least annually.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Microsoft Azure conforms to CSA CCM 3.0. FISCAL maintains bespoke monitoring/alerting of the service and regular review of logs. Potential incidents are escalated to the CISO and action prioritized dependent on the severity.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are handled according to the incident management policy within the FISCAL ISO27001 ISMS. Users report incidents via the FISCAL support desk. Incident reports are made available to the customer base via the FISCAL support desk.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£13,045.00 a licence a year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑