SlideShare a Scribd company logo

CEN ISSS Public Workshop N Pope Wg3[1]

G
guest642d13

This document summarizes a meeting of the CEN eInvoicing Workshop Working Group 3 on cost-effective authenticity and integrity of electronic invoices. The working group discussed developing standards and controls to ensure authenticity and integrity of eInvoices throughout transfer, storage, and processing. Two approaches were proposed: procedural and technical controls without long-term signatures, or advanced electronic signatures protecting data from creation to storage. Baseline security controls would apply in both approaches. Examples of potential controls for each approach were also presented and next steps discussed developing further guidance.

BusinessTechnology
1 of 22
Download to read offline
eInvoicing Public Meeting Brussels, 19 June 2008 WG 3: Cost effective means to guarantee authenticity & integrity Johan Borendal – Trustweaver (Chair) Nick Pope – Thales e-Security (Technical Editor)
CEN eInvoicing Workshop – Phase 2 Aim: Stimulate further standardization work in the domain of electronic invoices in Europe building on Phase 1 activities: WG 1: Adoption WG 2: Compliance of electronic invoice implementations WG 3: Cost effective authenticity & integrity WG4: Emerging technologies and business processes WG5: eInvoice service operators and mobility of users eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” Minimise unnecessary costs to businesses Ensure that major risks identified by Tax Authorities are addressed eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
CEN eInvoicing WG 3: Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” Authenticity & integrity in transfer Maintain authenticity & integrity over period of storage eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
CEN eInvoicing WG 3: Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” eInvoicing main legal pressure point for business Applicable to other aspects of eBusiness & eGovernment eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
CEN eInvoicing WG 3: Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” Addressing Authenticity & Integrity by: Electronic Signatures Electronic Data Interchange (EDI) Other means eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
What Already Done Inventory of Authenticity & Integrity Requirements Spreadsheet of Requirements against 28 EU States / EFTA members Integrity and authenticity Requirements in common e- invoicing scenarios Model of eInvoicing exchanges Requirements derived from Directive 2006/112/EC + national implementations Authenticity and Integrity Requirements & Controls eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
WG2 Good Practice vs WG3 Requirements & Controls WG2 WG3 EInvoice Requirements Mechanisms A&I Preparation. EDI eInvoice Translation. Controls Signatures Protocols Self Billing. eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
Conclusion - Lets join forces CEN WG2 & WG3 / FISCALIS e-Invoicing Good Practice Guidelines eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
WG3 Current Approach Authenticity & Integrity Controls Option 1: General procedural and technical controls to protect data at each stage of process (EDI / Other), or Option 2: Advanced electronic signatures protecting data from creation through whole storage lifetime (AdES) Baseline security controls (e.g. audit, access control, contracts) should be applied throughout No end-to-end long-term signatures With end-to-end long-term signatures Technical controls Technical controls Process controls Process controls Audit Audit Documentation Documentation Contract Contract General system security General system security eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
WG3 – Example Authenticity & Integrity Controls Baseline controls Example controls for EDI (other) Scenario Example controls for Advanced Electronic signature based scenario eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
Baseline controls Recognised standard based practices for the security and integrity: e.g. ISO 27001, SAS70, OECD Guidance on Tax Compliance for Business and Accounting Software Includes general controls for: Audit trails Access control enforcing business roles Protected Communications Data correctness and accuracy checks Prior agreement for security of communications eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
EDI/Other Example: Requirements & Controls Supplier Customer (Seller) (Buyer) Communications Authenticity & Communications Integrity A& I (A& I) Processing Processing & Storage & Storage Comms Customer’s A& I Supplier’s A& I A& I (Buyer’s) Service Service Provider Provider eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
EDI/Other Example: Communications A&I Requirement Control Ensure authenticity and The electronic invoice shall be integrity of invoice whilst sent through a secure channel being sent. which : a) Protects the integrity …. b) Authenticates the invoice issuer … Implementation examples: i) TLS with passwords. ii) AS/1-3 with signatures …… eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
EDI/Other Example: Storage A & I Requirement Control The authenticity and The invoice and audit records integrity of the content of regarding handling of the invoice, the invoices stored must including information on be guaranteed throughout authentication checks carried out, shall the storage period.. be protected by mechanisms that assure the integrity of data throughout the storage period. Implementation examples: - WORM, - Secure archive eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
EDI/Other Example: Processing A & I Met by a range of controls: Baseline security controls General eInvoice process requirements eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
AdES Example Requirements Supplier Customer (Seller) (Buyer) Communications A& I Signature Signature Creation Long term Supplier’s Customer’s Service validity Signature (Buyer’s) Provider Service Long term Provider validity eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
AdES Example: Signature creation Requirement Control The invoice is provided with The application should ensure an electronic signature to that signatures are applied when protect its integrity and appropriate. The signature shall authenticity. be created in accordance to an internationally recognised standard signature format. Implementation examples: eg: CAdES-T / XAdES-T … eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
AdES Example: Signature verification Requirement Control The authentication of The validity of the AdES signature origin and integrity shall be checked and the results of the invoice must recorded including verification time be verified by and information (e.g. CRLs or OCSP verifying the and certificates) used to verify the signature. signature. ....... eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
AdES Example: Signature long term validity Requirement Control Electronic signatures The integrity of the signed invoice, must remain verifiable including information used to reverify during the storage the signature (see above under invoice period. creation), shall be maintained beyond the lifetime of the signature algorithm and certificates. Implementation examples: 1) Applying archive timestamp to signature as in XAdES-A, CAdES-A 2) WORM devices. ....... eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
Next Steps Continue working with Good practice Authenticity & Integrity Controls (Joint deliverable with WG2) Further Guidance on Authenticity and Integrity Further guidance on example mechanisms and protocols Developed in next phase eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
Thank you Thanks any questions? nick.pope@thales-eSecurity (editor) johan.borendal@trustweaver.com (chair) eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved

Recommended

CEN ISSS Public Workshop D Chambers Presentation Mk[1]
CEN ISSS Public Workshop D Chambers Presentation Mk[1]CEN ISSS Public Workshop D Chambers Presentation Mk[1]
CEN ISSS Public Workshop D Chambers Presentation Mk[1]guest642d13
 
Nords Pr Crisis Communications for HiPP campaign - English version
Nords Pr Crisis Communications for HiPP campaign - English versionNords Pr Crisis Communications for HiPP campaign - English version
Nords Pr Crisis Communications for HiPP campaign - English versionNords PR Ukraine
 
CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]
CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]
CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]guest642d13
 
CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]
CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]
CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]guest642d13
 
CEN ISSS Public Workshop Lindsberger Tg 1[1]
CEN ISSS Public Workshop Lindsberger Tg 1[1]CEN ISSS Public Workshop Lindsberger Tg 1[1]
CEN ISSS Public Workshop Lindsberger Tg 1[1]guest642d13
 
CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]Friso de Jong
 
CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]guest642d13
 
CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]
CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]
CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]Friso de Jong
 

Recommended

CEN ISSS Public Workshop D Chambers Presentation Mk[1]
CEN ISSS Public Workshop D Chambers Presentation Mk[1]CEN ISSS Public Workshop D Chambers Presentation Mk[1]
CEN ISSS Public Workshop D Chambers Presentation Mk[1]guest642d13
 
Nords Pr Crisis Communications for HiPP campaign - English version
Nords Pr Crisis Communications for HiPP campaign - English versionNords Pr Crisis Communications for HiPP campaign - English version
Nords Pr Crisis Communications for HiPP campaign - English versionNords PR Ukraine
 
CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]
CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]
CEN ISSS Public Workshop A Mueller Tg4 Report 1.0[1]guest642d13
 
CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]
CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]
CEN ISSS Public Workshop A Allikas Tg5 V 1.0[1]guest642d13
 
CEN ISSS Public Workshop Lindsberger Tg 1[1]
CEN ISSS Public Workshop Lindsberger Tg 1[1]CEN ISSS Public Workshop Lindsberger Tg 1[1]
CEN ISSS Public Workshop Lindsberger Tg 1[1]guest642d13
 
CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS workshop e-invoicing Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]Friso de Jong
 
CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]
CEN ISSS Public Workshop Wg2 Sg1 Cen Fiscalis 19 06 2008 V003 C Valk[1]guest642d13
 
CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]
CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]
CEN ISSS workshop e-invoicing D Chambers Presentation Mk[1]Friso de Jong
 
CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]Friso de Jong
 
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]guest642d13
 
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...guest642d13
 
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...Friso de Jong
 
Tg 5 Ahti Allikas Cen 18 06 2009
Tg 5 Ahti Allikas Cen 18 06 2009Tg 5 Ahti Allikas Cen 18 06 2009
Tg 5 Ahti Allikas Cen 18 06 2009Friso de Jong
 
Interconnection of Service Providers - Ahti Allikas & Jari Salo
Interconnection of Service Providers - Ahti Allikas & Jari SaloInterconnection of Service Providers - Ahti Allikas & Jari Salo
Interconnection of Service Providers - Ahti Allikas & Jari SaloDanny Gaethofs
 
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]Friso de Jong
 
Tg 2 3 Compliance Cen 18 06 2009
Tg 2 3 Compliance Cen 18 06 2009Tg 2 3 Compliance Cen 18 06 2009
Tg 2 3 Compliance Cen 18 06 2009Friso de Jong
 
Overview on Compliance of Electronic Invoices - Joost Kuipers
Overview on Compliance of Electronic Invoices - Joost KuipersOverview on Compliance of Electronic Invoices - Joost Kuipers
Overview on Compliance of Electronic Invoices - Joost KuipersDanny Gaethofs
 
Engel Flechsig Cen 18 06 2009
Engel Flechsig Cen 18 06 2009Engel Flechsig Cen 18 06 2009
Engel Flechsig Cen 18 06 2009Friso de Jong
 
Cooperative Vehicle Infrastructure Systems (CVIS)
Cooperative Vehicle Infrastructure Systems (CVIS)Cooperative Vehicle Infrastructure Systems (CVIS)
Cooperative Vehicle Infrastructure Systems (CVIS)zjeftic
 
Cwa sustainable compliance guidelines
Cwa sustainable compliance guidelinesCwa sustainable compliance guidelines
Cwa sustainable compliance guidelinesFriso de Jong
 
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012kotpat
 
E invoicing, the un cefact cross industry invoice
E invoicing, the un cefact cross industry invoiceE invoicing, the un cefact cross industry invoice
E invoicing, the un cefact cross industry invoiceFriso de Jong
 
Break-Out sessie Factuurcongres 2009 van Peter Potgieser
Break-Out sessie Factuurcongres 2009 van Peter PotgieserBreak-Out sessie Factuurcongres 2009 van Peter Potgieser
Break-Out sessie Factuurcongres 2009 van Peter PotgieserFriso de Jong
 
Break Out Sessie Factuurcongres 2009 Peter Potgieser
Break Out Sessie Factuurcongres 2009 Peter PotgieserBreak Out Sessie Factuurcongres 2009 Peter Potgieser
Break Out Sessie Factuurcongres 2009 Peter PotgieserFactuurwijzer
 
Emerging Technologies and Business Processes – Anders Grangard & Adrian Mueller
Emerging Technologies and Business Processes – Anders Grangard & Adrian MuellerEmerging Technologies and Business Processes – Anders Grangard & Adrian Mueller
Emerging Technologies and Business Processes – Anders Grangard & Adrian MuellerDanny Gaethofs
 
Tg 4 Adrian Mueller Cen 18 06 2009
Tg 4 Adrian Mueller Cen 18 06 2009Tg 4 Adrian Mueller Cen 18 06 2009
Tg 4 Adrian Mueller Cen 18 06 2009Friso de Jong
 
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]Friso de Jong
 
Overview on compliance of electronic invoices
Overview on compliance of electronic invoicesOverview on compliance of electronic invoices
Overview on compliance of electronic invoicesFriso de Jong
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 

More Related Content

Similar to CEN ISSS Public Workshop N Pope Wg3[1]

CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]Friso de Jong
 
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]guest642d13
 
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...guest642d13
 
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...Friso de Jong
 
Tg 5 Ahti Allikas Cen 18 06 2009
Tg 5 Ahti Allikas Cen 18 06 2009Tg 5 Ahti Allikas Cen 18 06 2009
Tg 5 Ahti Allikas Cen 18 06 2009Friso de Jong
 
Interconnection of Service Providers - Ahti Allikas & Jari Salo
Interconnection of Service Providers - Ahti Allikas & Jari SaloInterconnection of Service Providers - Ahti Allikas & Jari Salo
Interconnection of Service Providers - Ahti Allikas & Jari SaloDanny Gaethofs
 
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]Friso de Jong
 
Tg 2 3 Compliance Cen 18 06 2009
Tg 2 3 Compliance Cen 18 06 2009Tg 2 3 Compliance Cen 18 06 2009
Tg 2 3 Compliance Cen 18 06 2009Friso de Jong
 
Overview on Compliance of Electronic Invoices - Joost Kuipers
Overview on Compliance of Electronic Invoices - Joost KuipersOverview on Compliance of Electronic Invoices - Joost Kuipers
Overview on Compliance of Electronic Invoices - Joost KuipersDanny Gaethofs
 
Engel Flechsig Cen 18 06 2009
Engel Flechsig Cen 18 06 2009Engel Flechsig Cen 18 06 2009
Engel Flechsig Cen 18 06 2009Friso de Jong
 
Cooperative Vehicle Infrastructure Systems (CVIS)
Cooperative Vehicle Infrastructure Systems (CVIS)Cooperative Vehicle Infrastructure Systems (CVIS)
Cooperative Vehicle Infrastructure Systems (CVIS)zjeftic
 
Cwa sustainable compliance guidelines
Cwa sustainable compliance guidelinesCwa sustainable compliance guidelines
Cwa sustainable compliance guidelinesFriso de Jong
 
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012kotpat
 
E invoicing, the un cefact cross industry invoice
E invoicing, the un cefact cross industry invoiceE invoicing, the un cefact cross industry invoice
E invoicing, the un cefact cross industry invoiceFriso de Jong
 
Break-Out sessie Factuurcongres 2009 van Peter Potgieser
Break-Out sessie Factuurcongres 2009 van Peter PotgieserBreak-Out sessie Factuurcongres 2009 van Peter Potgieser
Break-Out sessie Factuurcongres 2009 van Peter PotgieserFriso de Jong
 
Break Out Sessie Factuurcongres 2009 Peter Potgieser
Break Out Sessie Factuurcongres 2009 Peter PotgieserBreak Out Sessie Factuurcongres 2009 Peter Potgieser
Break Out Sessie Factuurcongres 2009 Peter PotgieserFactuurwijzer
 
Emerging Technologies and Business Processes – Anders Grangard & Adrian Mueller
Emerging Technologies and Business Processes – Anders Grangard & Adrian MuellerEmerging Technologies and Business Processes – Anders Grangard & Adrian Mueller
Emerging Technologies and Business Processes – Anders Grangard & Adrian MuellerDanny Gaethofs
 
Tg 4 Adrian Mueller Cen 18 06 2009
Tg 4 Adrian Mueller Cen 18 06 2009Tg 4 Adrian Mueller Cen 18 06 2009
Tg 4 Adrian Mueller Cen 18 06 2009Friso de Jong
 
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]Friso de Jong
 
Overview on compliance of electronic invoices
Overview on compliance of electronic invoicesOverview on compliance of electronic invoices
Overview on compliance of electronic invoicesFriso de Jong
 

Similar to CEN ISSS Public Workshop N Pope Wg3[1] (20)

CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS workshop e-invoicing Cen 19 06 2008 Engel Flechsig[1]
 
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]
CEN ISSS Public Workshop Cen 19 06 2008 Engel Flechsig[1]
 
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...
CEN ISSS Public Workshop 20080619 Jk Overview On Compliance Of Electronic Inv...
 
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...
CEN ISSS workshop e-invoicing 42 6 20080619 Jk Overview On Compliance Of Ele...
 
Tg 5 Ahti Allikas Cen 18 06 2009
Tg 5 Ahti Allikas Cen 18 06 2009Tg 5 Ahti Allikas Cen 18 06 2009
Tg 5 Ahti Allikas Cen 18 06 2009
 
Interconnection of Service Providers - Ahti Allikas & Jari Salo
Interconnection of Service Providers - Ahti Allikas & Jari SaloInterconnection of Service Providers - Ahti Allikas & Jari Salo
Interconnection of Service Providers - Ahti Allikas & Jari Salo
 
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]
CEN ISSS workshop e-invoicing A Allikas Tg5 V 1.0[1]
 
Tg 2 3 Compliance Cen 18 06 2009
Tg 2 3 Compliance Cen 18 06 2009Tg 2 3 Compliance Cen 18 06 2009
Tg 2 3 Compliance Cen 18 06 2009
 
Overview on Compliance of Electronic Invoices - Joost Kuipers
Overview on Compliance of Electronic Invoices - Joost KuipersOverview on Compliance of Electronic Invoices - Joost Kuipers
Overview on Compliance of Electronic Invoices - Joost Kuipers
 
Engel Flechsig Cen 18 06 2009
Engel Flechsig Cen 18 06 2009Engel Flechsig Cen 18 06 2009
Engel Flechsig Cen 18 06 2009
 
Cooperative Vehicle Infrastructure Systems (CVIS)
Cooperative Vehicle Infrastructure Systems (CVIS)Cooperative Vehicle Infrastructure Systems (CVIS)
Cooperative Vehicle Infrastructure Systems (CVIS)
 
Cwa sustainable compliance guidelines
Cwa sustainable compliance guidelinesCwa sustainable compliance guidelines
Cwa sustainable compliance guidelines
 
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012
Presentation of A.Tosetti 8th EXPP Summit 24 Sep 2012
 
E invoicing, the un cefact cross industry invoice
E invoicing, the un cefact cross industry invoiceE invoicing, the un cefact cross industry invoice
E invoicing, the un cefact cross industry invoice
 
Break-Out sessie Factuurcongres 2009 van Peter Potgieser
Break-Out sessie Factuurcongres 2009 van Peter PotgieserBreak-Out sessie Factuurcongres 2009 van Peter Potgieser
Break-Out sessie Factuurcongres 2009 van Peter Potgieser
 
Break Out Sessie Factuurcongres 2009 Peter Potgieser
Break Out Sessie Factuurcongres 2009 Peter PotgieserBreak Out Sessie Factuurcongres 2009 Peter Potgieser
Break Out Sessie Factuurcongres 2009 Peter Potgieser
 
Emerging Technologies and Business Processes – Anders Grangard & Adrian Mueller
Emerging Technologies and Business Processes – Anders Grangard & Adrian MuellerEmerging Technologies and Business Processes – Anders Grangard & Adrian Mueller
Emerging Technologies and Business Processes – Anders Grangard & Adrian Mueller
 
Tg 4 Adrian Mueller Cen 18 06 2009
Tg 4 Adrian Mueller Cen 18 06 2009Tg 4 Adrian Mueller Cen 18 06 2009
Tg 4 Adrian Mueller Cen 18 06 2009
 
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]
CEN ISSS workshop e-invoicing A Mueller Tg4 Report 1.0[1]
 
Overview on compliance of electronic invoices
Overview on compliance of electronic invoicesOverview on compliance of electronic invoices
Overview on compliance of electronic invoices
 

Recently uploaded

Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Pitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business ProposalPitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business ProposalEvelina300651
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 

Recently uploaded (20)

Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.com
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Pitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business ProposalPitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business Proposal
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 

CEN ISSS Public Workshop N Pope Wg3[1]

  • 1. eInvoicing Public Meeting Brussels, 19 June 2008 WG 3: Cost effective means to guarantee authenticity & integrity Johan Borendal – Trustweaver (Chair) Nick Pope – Thales e-Security (Technical Editor)
  • 2. CEN eInvoicing Workshop – Phase 2 Aim: Stimulate further standardization work in the domain of electronic invoices in Europe building on Phase 1 activities: WG 1: Adoption WG 2: Compliance of electronic invoice implementations WG 3: Cost effective authenticity & integrity WG4: Emerging technologies and business processes WG5: eInvoice service operators and mobility of users eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 3. Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” Minimise unnecessary costs to businesses Ensure that major risks identified by Tax Authorities are addressed eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 4. CEN eInvoicing WG 3: Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” Authenticity & integrity in transfer Maintain authenticity & integrity over period of storage eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 5. CEN eInvoicing WG 3: Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” eInvoicing main legal pressure point for business Applicable to other aspects of eBusiness & eGovernment eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 6. CEN eInvoicing WG 3: Terms of Reference “Cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies” Addressing Authenticity & Integrity by: Electronic Signatures Electronic Data Interchange (EDI) Other means eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 7. What Already Done Inventory of Authenticity & Integrity Requirements Spreadsheet of Requirements against 28 EU States / EFTA members Integrity and authenticity Requirements in common e- invoicing scenarios Model of eInvoicing exchanges Requirements derived from Directive 2006/112/EC + national implementations Authenticity and Integrity Requirements & Controls eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 8. WG2 Good Practice vs WG3 Requirements & Controls WG2 WG3 EInvoice Requirements Mechanisms A&I Preparation. EDI eInvoice Translation. Controls Signatures Protocols Self Billing. eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 9. Conclusion - Lets join forces CEN WG2 & WG3 / FISCALIS e-Invoicing Good Practice Guidelines eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 10. WG3 Current Approach Authenticity & Integrity Controls Option 1: General procedural and technical controls to protect data at each stage of process (EDI / Other), or Option 2: Advanced electronic signatures protecting data from creation through whole storage lifetime (AdES) Baseline security controls (e.g. audit, access control, contracts) should be applied throughout No end-to-end long-term signatures With end-to-end long-term signatures Technical controls Technical controls Process controls Process controls Audit Audit Documentation Documentation Contract Contract General system security General system security eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 11. WG3 – Example Authenticity & Integrity Controls Baseline controls Example controls for EDI (other) Scenario Example controls for Advanced Electronic signature based scenario eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 12. Baseline controls Recognised standard based practices for the security and integrity: e.g. ISO 27001, SAS70, OECD Guidance on Tax Compliance for Business and Accounting Software Includes general controls for: Audit trails Access control enforcing business roles Protected Communications Data correctness and accuracy checks Prior agreement for security of communications eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 13. EDI/Other Example: Requirements & Controls Supplier Customer (Seller) (Buyer) Communications Authenticity & Communications Integrity A& I (A& I) Processing Processing & Storage & Storage Comms Customer’s A& I Supplier’s A& I A& I (Buyer’s) Service Service Provider Provider eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 14. EDI/Other Example: Communications A&I Requirement Control Ensure authenticity and The electronic invoice shall be integrity of invoice whilst sent through a secure channel being sent. which : a) Protects the integrity …. b) Authenticates the invoice issuer … Implementation examples: i) TLS with passwords. ii) AS/1-3 with signatures …… eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 15. EDI/Other Example: Storage A & I Requirement Control The authenticity and The invoice and audit records integrity of the content of regarding handling of the invoice, the invoices stored must including information on be guaranteed throughout authentication checks carried out, shall the storage period.. be protected by mechanisms that assure the integrity of data throughout the storage period. Implementation examples: - WORM, - Secure archive eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 16. EDI/Other Example: Processing A & I Met by a range of controls: Baseline security controls General eInvoice process requirements eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 17. AdES Example Requirements Supplier Customer (Seller) (Buyer) Communications A& I Signature Signature Creation Long term Supplier’s Customer’s Service validity Signature (Buyer’s) Provider Service Long term Provider validity eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 18. AdES Example: Signature creation Requirement Control The invoice is provided with The application should ensure an electronic signature to that signatures are applied when protect its integrity and appropriate. The signature shall authenticity. be created in accordance to an internationally recognised standard signature format. Implementation examples: eg: CAdES-T / XAdES-T … eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 19. AdES Example: Signature verification Requirement Control The authentication of The validity of the AdES signature origin and integrity shall be checked and the results of the invoice must recorded including verification time be verified by and information (e.g. CRLs or OCSP verifying the and certificates) used to verify the signature. signature. ....... eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 20. AdES Example: Signature long term validity Requirement Control Electronic signatures The integrity of the signed invoice, must remain verifiable including information used to reverify during the storage the signature (see above under invoice period. creation), shall be maintained beyond the lifetime of the signature algorithm and certificates. Implementation examples: 1) Applying archive timestamp to signature as in XAdES-A, CAdES-A 2) WORM devices. ....... eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 21. Next Steps Continue working with Good practice Authenticity & Integrity Controls (Joint deliverable with WG2) Further Guidance on Authenticity and Integrity Further guidance on example mechanisms and protocols Developed in next phase eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved
  • 22. Thank you Thanks any questions? nick.pope@thales-eSecurity (editor) johan.borendal@trustweaver.com (chair) eInvoicing Public Meeting Brussels, 19 June 2008 ©2005 CEN – all rights reserved