• Home
    •  Identify undue payments, correct incorrectly processed VAT, reclaim missed profits.

      Gain full insights into the VAT process of your organization.

      Identify and correct outstanding and unknown balances within the accounts payable recovery audit.

      Gain full insights into your accounts payable through interactive dashboards.

  • News & Resources
  • Nederlands
  • Deutsch

Data security is more important than ever

The amount of data that is currently processed by SpendLab is immense. Therefore, we have set up internal processes, systems and procedures to ensure the maximum security of data that is processed for our clients.

International Standardization Organization

An ISO certified organization

To be able to guarantee quality and data security, SpendLab has chosen to be certified for two ISO standards, namely ISO 9001:2015 and ISO 27001:2013. These standards provide organizations with the tools and guidelines to gain control over Quality (ISO:9001) and Information Security (ISO:27001).

Every year, SpendLab’s Information Security Management System (ISMS) is independently audited to ensure the effectiveness of the measures taken. Due to the fact that our solutions are data-driven, we deeply value a high degree of data security. This is also the reason why an extensive set of technical and organizational measures has been taken to meet the requirements set by ISO, but also by our clients. Some examples of measures that have been taken are:

  • The use of multi-factor authentication
  • Encryption of both data-in-transit and data-at-rest
  • Role Based Access on a need-to-know basis
  • IO Whitelisting
  • Encrypting and centrally managing equipment
  • Screening of personnel
  • Employing a specialized Security Officer and Data Protection Officer to safeguard the established internal processes, systems and procedures

General Data Protection Regulation


The General Data Protection Regulation (GDPR) has been active since 2018. This European regulation imposes strict requirements on organizations with regard to the processing of personal data. SpendLab only processes small amounts of personal data of its clients. Nevertheless, we are often asked how we process our client´s data and in what ways we do this.

SpendLab only processes data from our clients’ suppliers. Depending on how these suppliers invoice, we process personal data. During the analyses that are performed for clients, personal data rarely occurs. If this does happen however, the data will be anonymized if it turns out to be irrelevant to the possible file.

For more questions regarding the processing of personal data or our ISO certifications, please contact us at privacy@spendlab.com and/or polle.westbroek@spendlab.com.

Veelgestelde vragen


No, SpendLab does not link anything to a client’s application. We work by means of a one-off data extraction from our client’s financial application.

Personal data is not relevant to SpendLab in order to conduct a successful Accounts Payable Recovery Audit. In practice, however, we do notice that personal data is stated by suppliers within invoice lines – in particular in the invoice description. This includes name and address details and, in exceptional situations, a license plate and/or a social security number.

Kom alles te weten

Plan een gesprek in

Door onderstaande gegevens aan te leveren vraagt u een gesprek aan. In dit gesprek komt u alles te weten over hoe een accounts payable recovery audit ervoor zorgt dat u volledig inzicht én controle krijgt over alle uitgaande geldstromen.

Wij zullen uiterlijk binnen 24 uur contact met u opnemen.