HORI SYSTEMS LIMITED

Global Tax API

Automate sales tax compliance globally with our robust API, encompassing countries across all continents. Our dataset includes over 40,000 US sales tax rates, Australian GST, Canadian GST/HST and PST, EU/UK VAT, and the latest additions of Mexican and various African/Middle Eastern tax rates.

Features

• Automated Sales Tax Calculation
• UK VAT Automation and Calculation
• EU VAT Automation and Calculation
• UK VAT Validation
• EU VAT Validation
• Australian ABN Validation
• Invoice OCR - eInvoicing
• USA Sales Tax Calculation
• USA Address Validation
• USA Economic Nexus

Benefits

• UK VAT Automation
• EU VAT Automation
• USA Economic Nexus Automation
• USA Address Validation
• Global Sales Tax API
• Global Sales Tax Automation
• Australian ABN Validation
• Invoice OCR - eInvoicing

£22.80 to £3,813.31 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tech@horisystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

707351278546585

Contact

Abiodun Oketunji
07908560703
tech@horisystems.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Whilst Global Tax API is designed to be robust and reliable, there are a few constraints to keep in mind. First, we strive to maintain 24/7 availability, there may be occasional downtime for scheduled maintenance, during which access to the API may be temporarily unavailable. However, we make sure to communicate these periods well in advance. Secondly, our API is compatible with various systems, specific functionalities may require particular software configurations or versions for optimal performance. We provide comprehensive support and documentation to assist you in setting up and troubleshooting, to ensure smooth operation.
• System requirements: Not Applicable

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Yes, we do provide email support to our users. If you have any queries or issues, you can reach out to us via email, and we will assure you of a response within our Service Level Agreement (SLA) timeframe of 24 to 48 hours. Please note that this SLA applies to all days, including weekends, so you can always expect a timely response, no matter when you need assistance.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: We understand that support needs vary from business to business, so we offer two primary support levels to cater to our clients' requirements. ; ; 1. Standard Support: This is available to all customers at no additional cost. It includes access to our extensive online knowledge base and email support with 24-48 hours of response time. ; ; 2. Premium Support: We offer our Premium Support package for clients needing more dedicated assistance. The cost for this varies depending on the size and requirements of the business. With Premium Support, you'll receive priority email support with a faster response time within 12 hours, access to phone support during business hours, and a designated technical account manager. ; ; The technical account manager is your primary contact for any technical issues or queries. They work closely with you to understand your business's unique needs, provide personalized support, and ensure you get the most from our Global Tax API.; ; Furthermore, irrespective of the support level chosen, our team of cloud support engineers is always behind the scenes, monitoring system performance and ensuring uptime for a seamless user experience.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: To assist users in starting with our service, we provide comprehensive online documentation, which they can access at https://horisystems.com/docs/global-tax-api/; ; This documentation serves as a complete guide to Global Tax API, including instructions for setup, usage examples, and detailed explanations of various features and functionalities. We designed it to be easy to follow and understand, enabling users to integrate our API into their applications or systems smoothly. Additionally, our knowledgeable support team is readily available via email to answer any questions and provide assistance.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When the contract ends, users can extract their data by making a specific API call to retrieve all relevant data from our system. We recommend that users do this before the termination of the service, as access to the API would discontinue upon contract end. ; ; Users must save appropriately and regularly back up their data during the contract period. Our support team will be available to assist with any questions or guidance needed during this process to ensure a smooth transition.
• End-of-contract process: The systems would discontinue access to Global Tax API at the end of the contract. We advise users to extract all necessary data before the termination of the service. We will deactivate the user's account upon contract completion, and their API key will no longer be valid.; ; The contract price includes the usage of Global Tax API, access to regular updates, and standard email support. Additional costs might occur if users opt for Premium Support or additional services not part of the standard contract.; ; Before contract termination, our team will ensure clear communication regarding the end-of-contract process, timelines, and any actions the user needs to take. We aim to make the transition as smooth as possible, and our support team is available to assist with any queries or concerns.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Global Tax API is not a user-facing application but a back-end service; the concept of mobile or desktop versions does not directly apply. The API works independently of the platform used, whether it's a mobile device, desktop, or any other system. It is a set of rules that your application can follow to interact with our tax database. It can be integrated into any software that supports API calls, regardless of whether that software is running on a mobile device or a desktop. Therefore, service is the same when it comes to mobile versus desktop usage.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Yes, Global Tax API does come with a service interface. It is designed to be user-friendly and intuitive, making it easy for developers to integrate it into their applications. The interface provides comprehensive details on how to make requests and handle responses, ensuring seamless and efficient use of the API for automating global sales tax compliance.
• Accessibility standards: None or don’t know
• Description of accessibility: As Global Tax API is mainly intended for system-to-system interaction, it doesn't come with a user interface that would require compliance with WCAG accessibility standards. However, documentation and communications related to the API are created with the goal of being accessible to as wide a range of users as possible, following general principles of clear and understandable language. Any interface testing has focused on the technical accuracy and efficiency of the API within the systems it's integrated into, rather than individual user interactions.
• Accessibility testing: As Global Tax API is a backend service with no direct user interface, we have not conducted specific interface testing with users of assistive technology. However, our documentation and support materials are designed to be accessible and user-friendly, and we are committed to improving and ensuring the accessibility of our services. If any of our users were to encounter accessibility issues, we would be eager to address these concerns and make the necessary adjustments.
• API: Yes
• What users can and can't do using the API: Buyers can subscribe to a preferred plan on the product page: https://horisystems.com/global-tax-api/; ; Through our API, users can access a wide range of functionalities that are crucial for managing global taxes. It includes setting up and making changes to their sales tax rates, validating addresses, identifying economic nexus, and more for countries all over the world.; ; To set up the service, users need to authenticate using the given username and password. Once authenticated, users can call different API endpoints to retrieve or update tax-related information as per their needs. ; ; Users can make changes to system configurations and tax data by sending a request to the appropriate API endpoint. However, the nature of changes that can be made through the API is limited by the type of request (GET, POST, PUT, DELETE) and the specific API endpoint accessed.; ; Please note that while the API itself does not impose limitations on data retrieval or modifications, some actions might be subject to limitations or restrictions based on legal or policy compliance requirements in different jurisdictions. ; ; For a comprehensive understanding of what can be done via our API, users are encouraged to review our detailed API documentation at https://globaltaxapi.horisystems.com
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Yes, Global Tax API service is designed to be customisable to a certain extent. ; ; Users can define the regions and specific tax jurisdictions they need to consider based on their business operations. They can choose to use specific API functions that fit their requirements, whether it is US sales tax, EU VAT, or taxes in other global jurisdictions. ; ; Users can customise the service via API calls, which allows them to tailor the operation to their unique needs. They can decide which API endpoints to use and how frequently to call them based on their specific business workflows.; ; Anyone can do customisation with the necessary technical knowledge to interact with APIs. It would typically be performed by a developer or technical team member who has an understanding of the business's tax needs and the technical skills to implement the required configurations in their application or system.

Scaling

• Independence of resources: We employ various strategies to ensure that the demand placed on our service by other users does not affect the performance of each user. ; ; Global Tax API is designed with a scalable architecture, enabling it to handle high volumes of requests without sacrificing performance. The infrastructure automatically scales up or down according to the demand, ensuring consistent performance even during peak usage periods.; ; We also implement rate limiting to manage the volume of incoming requests and prevent service overloading. Each user's API requests are limited to a certain number within a specific time frame defined in their subscription plan.

Analytics

• Service usage metrics: Yes
• Metrics types: Yes, we do provide service usage metrics. Users can check the remaining requests in their subscription plan by using the Rate Limit Checker endpoint. By sending a GET request to "/v2/rate_limit_checker", users can monitor their usage and manage their requests effectively. It helps to prevent exceeding the rate limit and ensures smooth operational performance of the service. It is a valuable tool for managing and planning API usage based on specific needs and the limits of your subscription plan.
• Reporting types: API access

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: In the context of Global Tax API service, data export in the traditional sense is not applicable. As the API is a real-time service that provides tax-related data when requested, it does not store any user data that would require exporting. Users interact with the API to retrieve data as needed, and any storing, managing or exporting of the retrieved data, the user's systems handle.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Global Tax API is designed with high availability and robustness in mind, ensuring that it is accessible and operational when you need it. While we strive for 100% uptime, we guarantee a 99.9% availability as part of our Service Level Agreement (SLA), accounting for any necessary maintenance or unexpected issues.; ; We monitor our system 24/7, and in the event of any disruption, we aim to rectify the issue as rapidly as possible. Our dedicated technical support team is always on hand to provide assistance and keep users informed of any issues and their resolution.
• Approach to resilience: Global Tax API service is designed and architected for high resilience, ensuring continuity of service even in the face of unforeseen issues or disruptions.; ; Our service is hosted on cloud infrastructure, leveraging the inherent resilience capabilities of major cloud service providers, including redundancy, failover and immediate disaster recovery features. The data centres are geographically distributed and designed to provide continuous service in one location, even in a failure or disaster. Data is replicated across multiple data centres in real-time, ensuring data integrity and availability.; ; We utilise load balancing to distribute network traffic across multiple servers, ensuring no single server becomes a bottleneck. It improves responsiveness and availability and provides an additional layer of resilience.; ; On the application level, our API is designed with error handling and retry logic to cater to temporary issues, ensuring the successful completion of requests.; ; We continuously monitor our systems for any potential issues, and our team is ready to react promptly to any disruptions, putting steps in place to prevent similar future occurrences.; ; We follow the government's 2nd cloud security principle of 'Asset protection and resilience'.
• Outage reporting: We use a public service status page (https://status.horisystems.com) to report any outages or disruptions in our service. Here, users can find real-time information about the status of our Global Tax API, including any ongoing incidents, scheduled maintenance, or past incidents.; ; In an outage, the status page will provide regular updates until we resolve the issue. It ensures complete transparency and allows our users to plan and manage their operations efficiently. Users are encouraged to check this page for the most up-to-date information if they encounter any issues with the service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is strictly controlled and restricted to authorised personnel. Multifactor authentication, including username and password alongside other verification methods, is required for access. User privileges are granted on a 'least privilege' basis, meaning users only have the access necessary to perform their specific roles. All-access is logged and regularly audited. Furthermore, we implement IP whitelisting, limiting access to specific trusted locations. We use secure encryption protocols for support channels, and data is anonymised to ensure customer privacy.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: While our security governance is not directly certified to a specific standard like CSA CCM version 3.0 or ISO/IEC 27001, we have built our service on AWS Public Cloud, which has a robust, industry-recognised, and certified security infrastructure.; ; Our approach to security governance is thorough and robust. We leverage AWS's advanced security features, such as data encryption, network security, access control, and security monitoring.; ; Even without direct certification, we strongly emphasise ongoing risk assessment, proactive threat monitoring, and swift incident response. Our team is trained in security awareness and is committed to maintaining high-security standards.
• Information security policies and processes: Our information security policy ensures all data's confidentiality, integrity, and availability in our care. This policy aligns with industry best practices and covers access control, data encryption, incident response, and regular security audits.; ; We regularly review and update our security policies and processes to adapt to evolving threats and technology landscapes. All changes are communicated promptly to all team members, and regular training sessions ensure that everyone understands their roles and responsibilities in maintaining security.; ; Reporting potential security incidents is encouraged and can be done through several channels. We have a dedicated security team, and any potential breaches or incidents are escalated to them immediately for investigation and resolution. ; ; Adherence to our security policies and processes is mandatory for all team members. Compliance is monitored and enforced by our security team, and violations are dealt with seriously, up to and including termination of employment. Our commitment to security is not just a policy but a fundamental part of our company culture.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow a systematic approach to configuration and change management. All our service components are tracked through a CMDB (Configuration Management Database) across their lifecycle. Change requests are performed via a Change Advisory Board (CAB). These requests are examined for potential security impacts through a systematic process involving risk assessments, peer reviews and extensive testing. Only approved changes are implemented, post which they are audited and documented to ensure traceability and accountability.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our organisation complies with several recognised standards for vulnerability management. We follow the Cloud Security Alliance's Cloud Controls Matrix (CSA CCM) v3.0, which provides a comprehensive framework for assessing the overall security risk of a cloud system. We also adhere to SSAE-16/ISAE 3402 auditing and control practices standards. In addition, our vulnerability management processes include regular system scanning, patching, and remediation alongside a thorough threat intelligence system to identify potential vulnerabilities and ensure our systems are continually secure.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our organisation complies with several recognised standards for protective monitoring, including the Cloud Security Alliance's Cloud Controls Matrix (CSA CCM) v3.0 for a comprehensive framework to ensure the security risk of our cloud system. Further, we adhere to the SSAE-16/ISAE 3402 standards covering auditing and control practices. Our protective monitoring processes include 24/7 real-time monitoring, automated log analysis, suspicious behaviour detection, and incident response mechanisms. We use the latest tools and technology to detect and neutralise any threats, ensuring the integrity of our systems and the data they hold.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our organisation adopts multiple recognised standards for incident management. We comply with the Cloud Security Alliance's Cloud Controls Matrix (CSA CCM) v3.0, providing a comprehensive guideline for cloud infrastructure security. Additionally, we abide by ISO/IEC 27035:2011 standards for security incident management, which include mechanisms for incident detection, reporting, assessment, response, and learning. We also adhere to SSAE-16/ISAE 3402 standards covering management's operational controls. Our approach is proactive and focused on minimising impact, containing the incident, and implementing measures to prevent recurrence.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our G-Cloud service actively fights climate change by reducing the carbon footprint associated with conducting business. As a cloud-based solution, our service eliminates the need for on-premise servers, which consume significant energy. It results in direct energy savings and reduces the indirect emissions associated with manufacturing, transporting, and disposing of hardware. Additionally, our data centres employ energy-efficient technologies and are powered by renewable energy wherever possible. We are committed to continuously optimising the energy efficiency of our operations and actively seeking opportunities to reduce our environmental impact further.

  Covid-19 recovery

  Our G-Cloud service is critical in COVID-19 recovery by enabling seamless remote work capabilities and business continuity. As a cloud-based solution, organisations can maintain operations regardless of location, reducing the disruption caused by lockdowns or quarantine measures. It also facilitates collaboration by providing secure access to data, tools, and applications from anywhere, anytime. Moreover, our scalable and pay-as-you-go model allows businesses to adapt to fluctuating demands and financial constraints, benefiting organisations recovering and restructuring after COVID-19.

  Tackling economic inequality

  Our G-Cloud service plays a significant role in tackling economic inequality by enabling affordable access to advanced technology. Our cloud service's scalability and pay-as-you-go nature make it accessible for organisations of all sizes, including small businesses and start-ups that traditionally might not have the investment capacity for high-end IT infrastructure. By offering the same high-quality resources and tools regardless of an organisation's size or financial standing, we level the playing field and enable economic growth and opportunity for a broader range of businesses.

  Equal opportunity

  Our G-Cloud service fosters equal opportunity by making advanced technology accessible to all businesses, regardless of size or location. The flexible and scalable nature of cloud computing breaks down barriers to entry, enabling smaller businesses to compete on a more equal footing with more giant corporations. Further, our commitment to diversity and inclusion in our workforce ensures that we create and deliver services that meet various needs and perspectives.

  Wellbeing

  Our G-Cloud service contributes to wellbeing by creating a more flexible, responsive, and less stressful work environment. Cloud computing allows employees to work from anywhere, providing them the flexibility to maintain a healthy work-life balance. It reduces commuting stress and allows more time for personal and family activities, thus enhancing overall wellbeing.; ; Beyond flexibility, our service also promotes wellbeing by reducing the burden of IT management. Our comprehensive support and automated updates relieve employees from daunting and time-consuming technical tasks, enabling them to focus on their core responsibilities and reducing work-related stress.; ; Furthermore, we are committed to creating a safer digital environment. We continuously invest in top-notch security measures to protect user data and privacy, providing peace of mind to our customers. Our transparent policies and procedures ensure users feel comfortable and secure using our services.; ; Our organisation prioritises employee wellbeing by fostering a positive work culture, offering wellness programs and promoting mental health awareness. We understand that a happy and healthy workforce translates into better service delivery. ; ; In summary, our G-Cloud service aims to enhance wellbeing by providing a stress-free, flexible work environment, reducing the burden of technical tasks, ensuring data security and privacy, and maintaining a healthy workforce.

Pricing

• Price: £22.80 to £3,813.31 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tech@horisystems.com. Tell them what format you need. It will help if you say what assistive technology you use.