action.skip

Accounting Standard Compliance

This document describes the general procedures and measures for generating and managing electronic invoices with JustOn Billing & Invoice Management. Its main purpose is to comply with internal and external requirements for documenting the invoicing processes in relation to tax-relevant electronic invoices. The procedures and measures described below shall be considered by all people involved in the particular workflow steps.

Introduction

JustOn Billing & Invoice Management is designed for invoicing purposes in the accounting context. With JustOn, you can automatically capture costs, create according invoices, check, approve and distribute the invoices, file invoices for archiving and, if set up, register payments made in 3rd-party systems. In addition, JustOn combines and checks the customer and contract data that makes up the base for the invoice creation, and it allows for tracking payments made via third-party systems and, based on the data obtained therefrom, managing your accounts receivable.

Billing: JustOn combines and checks the customer and contract data that make up the basis for the invoice creation.

Invoicing: JustOn handles all steps of the invoicing process: preparing invoice data, creating invoices and distributing the documents.

Accounts receivable: JustOn registers payments and manages the accounts receivables, if required.

Reporting: JustOn provides reporting features to monitor finances, customers and KPIs.

  • This document does not constitute a complete user documentation.
  • The operator is responsible for documenting project-specific modifications to the software, procedures and measures.
  • An internal control system beyond the scope of the invoicing procedures described below does not form part of this documentation.
  • Project-specific operating instructions or job descriptions do not form part of this documentation.

Generally, the compliance of a computerized accounting system (in this case e-invoicing) shall be assessed applying the same criteria as those applied to a manual accounting system.

For Germany, the following provisions apply:

  • Principles for properly keeping and storing accounts, recordings and documents in electronic form and for data access, as stated by the German Federal Ministry of Finance on 2019-11-28
  • Articles 145-147 of the Fiscal Code of Germany
  • Articles 238, 239, 257 and 261 of the German Commercial Code

Software Environment

The software relevant for generating and managing electronic invoices includes

  • Salesforce Platform, cloud-based platform for software development and operation
  • JustOn, integrated application on Salesforce Platform for automated billing, invoicing and AR management
  • Salesforce Platform email service

Info

JustOn Billing & Invoice Management runs as an integrated application on Salesforce Platform, the cloud-based platform for software development and operation from Salesforce.

For further technical details about the software environment, see Basic Technical Information.

JustOn Concepts

JustOn Billing & Invoice Management comprises four main functional areas: billing, invoicing, accounts receivable and reporting.

Billing Invoice Generation Accounts Receivable Reporting
Set up subscriptions
including items and their pricing

Set up usage data billing

Billing arbitrary objects
Execute invoice runs
to produce invoices
or credits

Configure templates
Manage balances

Register payment entries

Create account statements

Process dunnings

Create bookkeeping data
Manage metric objects

Configure business reports

In order to cover these topics, JustOn Billing & Invoice Management complements the standard Salesforce objects account, opportunity and product with a number of new business objects, along with the according UI elements. These additions allow you to easily manage the invoicing data and processes.

main_concepts
Schematic overview of JustOn's main concepts

JustOn Concepts Outline gives an overview of JustOn's features, summarizing the main JustOn objects and outlining their basic interactions.

For details about invoices, relevant data, calculation etc., see Invoicing System.

Info

The operator is responsible for checking all created data (master data, configurations, etc.). JustOn allows operators to control the data integrity and correctness using approval workflows.

Compliance-Specific Considerations

IT systems must properly map accounting policies and comply with the generally accepted principles of computerized accounting systems and the generally accepted principles of proper accounting when using information technology. This section outlines how JustOn complies with such requirements.

Traceability and Verifiability

By default, the invoices generated in the invoice run include all products or transactions to be billed according to the contract as well as the actual calculations. However, the content may vary on a project-specific basis.

You can repeat invoice runs for past billing periods.

JustOn is set up to track changes to relevant data of generated invoices and booking details using Salesforce's field history tracking. This feature keeps history data for up to 18 months. Operators can, in addition, enable Field Audit Trail, which retains history data until manually deleted.

Indexing and Retrievability

Electronic invoices generated by JustOn are provided with a unique invoice number and a traceable and unique index. This ensures that the electronic document can be managed and searched using the assigned index. To enable future verifiability, the assigned allocation and identification properties must be incorporated upon storage or booking.

The fiscal authorities can research electronic invoices or evaluate them automatically, for example via a full text search.

In JustOn, the produced invoices are always linked with the relevant accounts and subscriptions (or other billing source records) and can be retrieved via these records or via a search.

Invoice Data Accuracy

JustOn calculates the taxes line by line, that is, individually for each invoice line item, and then sums the resulting item totals.

Appropriately programmed features guarantee that JustOn correctly calculates the totals on a line basis and correctly balances possible rounding differences. In addition, it supports specific rounding rules, for example, for Switzerland. For more details, see Tax Calculation.

Multi-level software tests ensure the correct calculation (see Quality Assurance and Release).

The Salesforce Platform architecture ensures that unauthorized third-party access via JustOn's web front end is impossible (see User Authentication).

Electronic Storage

JustOn always saves the generated invoice as a data record as well as a PDF file (by default, including the invoice date in the file name) in a revision-proof manner and traceably linked to the relevant accounts and subscriptions (or other billing source records). No permission set shipped by JustOn includes access rights to change or delete invoices once they have been issued.

We recommend creating a target directory for automated invoice exports in the operator's system (at least for PDF). As soon as invoices are finalized (status set Open and hence effective), JustOn can automatically export them to this location.

If required, an automated export to third-party systems specified by the operator, such as Amazon S3, is also possible. Operators can control and, if necessary, change the storage systems for archiving using their own export settings.

The transfer of data to other systems is always possible, either by exporting existing standardized file formats or by customization programming.

Reproducibility

At the time of creation, the invoices are sent for storage as PDF, that is, in a visual representation in a platform-independent, portable file format. This also provides for independence with regard to migration. The invoices and the corresponding data are thus securely stored in the PDF irrespective of possible changes, for example to master data. JustOn registers any new creation or distribution of an invoice in the invoice history.

Immutability

Auditing integrity is provided for all essential functions in JustOn and meets the requirements of commercial and fiscal legislation and regulations.

In particular, the generated electronic invoices are always stored unalterably after finalization as data records that can no longer be processed and as originally generated PDF documents. This is enforced by the software (JustOn and Salesforce Platform). Modifications are only allowed in the draft invoices. However, both the original content and the fact that there have been modifications remain visible in the history.

Invoice PDF

Invoice records are the single source of truth. They hold – immutably after finalization – all legally relevant information. The PDF files merely represent readable images of this data, and are attached to the corresponding records.

By assigning appropriate rights (see Permissions and Roles), operators can prevent users from deleting record attachments. However, the Salesforce platform always allows system administrators and record owners to delete attachments. If the PDF document associated with an invoice record is deleted, you can still restore it at any time based on the original data.

The JustOn GmbH recommends operators to export the produced PDF documents into a suitable archiving system.

Similarly, the generated booking details are stored unalterably as a data records that can no longer be processed after being exported to accounting systems. This is also enforced by the software. Modifications are only allowed in booking details that have not yet been exported and are traceable in the history.

The immutability of finalized invoices and exported booking details is ensured by the implementation of so-called triggers. A trigger is code that executes in the context of write operations in the database. JustOn implements the triggers InvoiceBeforeDelete, InvoiceBeforeInsert and InvoiceBeforeUpdate as well as BookingDetailBeforeDelete and BookingDetailBeforeUpdate, which monitor specific fields of finalized invoices or exported booking details and prevent the deletion, insertion or modification of data.

Every invoice, both in draft and finalized status, is assigned a unique database key in the database. This key is also included in the URL when viewing the invoice in the web frontend, like a0P0Y000000G5wY in

https://onb2.eu11.visual.force.com/apex/InvoiceView?id=a0P0Y000000G5wY&sfdc.override=1

Transaction-based processing and the primary database key make sure that an invoice can only be processed once. The software does not allow to manually modify (like in the database) the invoice number once the invoices have been created and finalized.

Readability and Availability

The electronic invoices are and remain readable, especially for fiscal auditing purposes. Although CSV and XML exports are possible, the invoices remain readable for the auditor's eye and can therefore also be examined by visual inspection. The taxable company can always display the invoice both from within JustOn and using an appropriate PDF viewer for the generated PDF files.

The invoice export does not result in any restrictions. The CSV export allows for an automatic processing of the data at any time. When exporting the data, changes to the content are impossible.

Timely Capture and Retention

The time of the invoice run is defined by the operator and must therefore be documented in a project-specific operating manual.

The electronic invoices are saved in the Salesforce Platform database as soon as they are issued to prevent them from being compromised or lost.

JustOn is not an archiving system. Operators are therefore advised to export the issued invoices into a suitable archiving system in order to provide for a compliant and comprehensive retention of the electronic invoices.

JustOn keeps revision-proof logs of invoices sent by e-mail, which are traceably linked and can be reviewed.

User Management

For details about user management with regard to data security, see Permissions and Roles.

Organizational Measures at the Operator

JustOn's data protection and data security concept describes the organizational and technical protection measures implemented by JustOn and implementable by the operator to ensure confidentiality, integrity and availability.

Protective Measures

The protective measures ensure the following aspects:

Physical access control: Unauthorized individuals are not granted access to data processing systems that process or use personal data.

Electronic access control: Data processing systems cannot be used by unauthorized individuals.

Internal access control: Individuals authorized to use a data processing system can only access the data that is subject to their access authorization. Personal data cannot be read, copied, modified or deleted without authorization during processing or use and after being stored.

Data transfer control: Personal data cannot be read, copied, changed or deleted without authorization during electronic transmission or during transport or storage on storage media. In addition, it is possible to identify where personal data is to be transferred using data transmission equipment.

Data entry control: Field history tracking allows to subsequently check and determine whether and by whom personal data has been entered, modified or deleted in data processing systems (see Field History Tracking | Salesforce).

Contract control: Personal data that is processed by contract can only be processed according to the instructions of the customer. A corresponding contract data processing agreement is part of the software terms of use.

Availability control: Personal data is protected against accidental destruction or loss.

Isolation control: Data acquired for different purposes is processed separately.

Data Backup

Generally, Salesforce guarantees constant data availability thanks to the cloud-based platform for software development and operation Salesforce Platform (see trust.salesforce.com).

We recommend, however, to additionally back up the transactional data and the configuration (users, roles) as follows:

  • Daily complete backup (weekly rotation)
  • Monthly complete backup (2-month rotation)
  • Annual complete backup (7-year rotation)

The backups are to be stored in a separate fire compartment.

Note

The JustOn GmbH shall not assume any liability for data loss due to failure to back up or archive data.

Configurational Changes

JustOn is configured and put into operation according to the requirements of the operator and in compliance with the legal regulations for e-invoicing software. The software tracks system accesses and changes to master data by default using Salesforce's Setup Audit Trail. The setup audit trail immediately shows the 20 most recent configurational changes. Operators can download the complete history for the past 180 days.

Correspondingly authorized users at the operator (see Permissions and Roles) can make changes to invoicing-relevant settings. It is not possible to automatically reset configurational changes, but rather through manual (re-)configuration or by restoring the configuration from backups.

For information on backing up and restoring Salesforce data and additional relevant documentation, see Export Backup Data from Salesforce and Recover records and data in Salesforce in the Salesforce Help.

Organizational Measures at the JustOn GmbH

org_chart
Divisions of the JustOn GmbH

The Chief Operating Officer (COO) of the JustOn GmbH is responsible for the product development (including quality assurance and release as well as technical documentation) and support areas.

Maintenance and Support

Constant updates and error correction as well as adequate user support are essential for the legally permissible operation of JustOn as an e-invoicing software. In this context, important aspects include the dynamic development in the IT infrastructure of companies in conjunction with changing requirements and parameters as well as changing legal conditions for storing tax-relevant documents or documents subject to data protection.

Updates and Upgrades

Salesforce updates Salesforce Platform three times per year (Spring, Summer and Winter releases). All updates are applied automatically in a timely and seamless manner. Heroku, too, is continuously updated without interrupting its operation. This way, Salesforce always guarantees a current, secure environment for integrated applications like the JustOn software.

JustOn software is also continuously updated. There are new feature releases at least two to four weeks after Salesforce has updated the Salesforce Platform. If necessary, bugfix releases are published more frequently. Continuous development, update and bug fixing are essential to the legally permissible operation of invoicing, payment or accounting-relevant applications and make sure that the software can be adjusted to changing legal regulations about data protection or tax-relevant data, providing for a seamless and safe operation.

Operators that use JustOn software are responsible for updating the software used to access JustOn software (operating system, web browser, PDF viewer).

Technical Support

Under the terms of a maintenance and support contract for JustOn held by the operator, we provide application and administration support for the operation and administration of the software. Operators can contact JustOn Support requesting assistance during business hours in accordance with the agreed Service Level Agreements (SLA). Minimum availability of qualified staff in the event of incidents shall be ensured in accordance with the agreed SLA.

Software Development

The JustOn GmbH manages the software development using Atlassian Jira, a common system for project and issue tracking.

For new functionality to be developed, we create "stories" or "tasks" – depending on the scope – in Jira. They provide the following information:

  • Description
  • Purpose or objective, target group
  • Acceptance criteria, requirements
  • Effort estimation

task
Example of a development task tracked in Jira

Based on this data, we plan the tasks to be completed in the next development phase ("sprint").

plan
Sprint planning example in Jira

Software defects are also reported and tracked in Jira as "bugs". These issues provide the following information:

  • Description
  • Steps to reproduce the error
  • Current behavior
  • Expected behavior, possible additional acceptance criteria or requirements
  • Possible workarounds

bug
Example of a software defect tracked in Jira

Bugs are also prioritized and scheduled to be fixed in the sprints.

There are the following defect classes:

Defect Class Description
Blocker Severe error that prevents the system from operating; must be corrected immediately
Critical Error with considerable impact, but not preventing the system from operating; must be fixed in the current sprint
Major Error that affects a single feature; to be fixed in the next (or a later) sprint
Minor Error that does not affect the operation of the system or individual features

Quality Assurance and Release

New features and bug fixes are automatically checked during the development process with so-called module tests. After completion, the developers execute functional acceptance tests in their development environments. Integrating the different development branches creates a new, complete software version, which is also functionally tested by the developers in their own environments. Finally, the Customer Success agents test this complete software version in "sandboxes" (non-productive copies of customer environments).

This approach corresponds to the software development and operation guidelines for the cloud platform Salesforce Platform, see Application Lifecycle and Development Models.

Test criteria include the acceptance criteria and functional or technical requirements as defined in the stories and tasks or, respectively, bugs (see examples for development tasks and defects in Software Development). The test results are documented directly in the relevant Jira issue. Testers mark the requirements or test steps accordingly and add their comments.

Only after successfully completing all tests, the new software version is released in Salesforce AppExchange. This procedure includes an additional security review (see Pass the AppExchange Security Review) before actually publishing the software.

development process
JustOn's development process

Development Step Environment Role
Documentation, prioritization, planning Jira COO, developers
Development + automatic module tests Salesforce Platform development environment Developers
Integration Salesforce Platform development environment Lead developer
Acceptance tests Salesforce Platform development environment or Salesforce sandbox Developers or Customer Success agents
Release Salesforce AppExchange COO

Code Security

The JustOn source code is securely stored in Atlassian Bitbucket Cloud, a cloud-based system for code management. It archives all versions and variants of the source code, along with time stamps and user identifiers.

The JustOn GmbH benefits from the following security-relevant Bitbucket features:

Change tracking: It is always possible to see which user has made which changes at what time.

Recovering previous versions of particular files: This allows to undo unwanted changes at any time.

Archiving individual stages of a project: This allows to access all versions at any time.

Furthermore, the JustOn GmbH leverages the option to control the shared access to the code between multiple developers and the parallel development in multiple branches.

bitbucket
Overview page of a software project saved in Bitbucket

Trust and Compliance Certifications

JustOn software, like JustOn Billing & Invoice Management or JustOn Cash Management, runs as integrated application on the Salesforce Platform and Heroku, the cloud-based platforms for software development and operation from Salesforce. As JustOn software is developed using the features provided by Salesforce Platform and Heroku, it is completely integrated in these environments with respect to security, availability, confidentiality, processing integrity, and privacy.

Both Salesforce Platform and Heroku are subject to comprehensive compliance audits. Therefore, they verifiably comply with multiple certifications, standards and regulations:

In order to be distributed and operated on these certified platforms, JustOn software must undergo regular security reviews. The Salesforce security reviews test the security of the software, including how well it protects customer data. So you can be sure: as long as the JustOn software is available on Salesforce AppExchange, it has successfully passed the security reviews and fully complies with the platforms' security guidelines.

logo_nf_203 JustOn Billing & Invoice Management is, in addition, certified according to a number of national compliance standards. These include, for example, the Certification Rules NF Logiciel (NF203) and the ISO/IEC 25051:2014 standard for France or the GoBD for Germany.