Idea Transcript
Technical Assistance Consultant’s Report
Technical Assistance Consultant’s Report Draft Final Report Project Number: TA4451-TAJ December 2006
TAJIKISTAN: CAPACITY BUILDING AND INSTITUTIONAL STRENGTHENING FOR THE CUSTOMS MODERNIZATION AND INFRASTRUCTURE DEVELOPMENT PROJECT
Prepared by
Crimsonlogic Pte Ltd; International Trade Institute of Singapore Pte Ltd; and Local Consultants
For
Customs Service Department, Republic of Tajikistan
This consultant’s report does not necessarily reflect the views of ADB or the Government concerned, and ADB and the Government cannot be held liable for its contents. (For project preparatory technical assistance: All the views expressed herein may not be incorporated into the proposed project’s design.)
TA4451-TAJ
Final Report
December 2006
TABLE OF CONTENTS I.
EXECUTIVE SUMMARY ............................................................................................................... 6
II.
INTRODUCTION...................................................................................................................... 10
H
H
H
H
III. ASSESSMENT AND REVIEW OF CUSTOMS & TRADE FACILITATION INFRASTRUCTURE ............................................................................................................................ 11 H
H
A. B. C. D. H
H
H
H
IV. H
A. B. C. D. E. F. G. H. I. J. K. L. M. N. O. P. Q. R. H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
V.
LIMITATIONS OF THE PRESENT SYSTEM ....................................................................................... INADEQUACY OF THE CUSTOMS STATIONS AND BORDER POSTS INFRASTRUCTURE ........................ ASSESSMENT OF THE LEGAL FRAMEWORK AND CUSTOMS PROCESSES AND PROCEDURES ............ EXPERIENCE OF OTHER COUNTRIES .............................................................................................
11 12 12 14 H
H
H
H
PROPOSED CUSTOM PROCEDURES AND WORKFLOW.................................................. 15 H
BUSINESS PROCESS REENGINEERING ......................................................................................... REGISTRATION FOR THE TRADE COMMUNITY UNDER A REGISTRATION SUBSYSTEM ..................... REGISTRATION FOR OTHER USERS UNDER AN ADMINISTRATION SUBSYSTEM ............................... MANIFEST CONTROL ................................................................................................................... DECLARATION CONTROL SUBSYSTEM .......................................................................................... THE WAREHOUSING CONTROL SUBSYSTEM (WCS) ..................................................................... THE EXCISE CONTROL SUBSYSTEM ............................................................................................. THE TARIFF NOMENCLATURE SUBSYSTEM ................................................................................... VALUATION SUBSYSTEM ............................................................................................................. CUSTOMS CONDITIONS SUBSYSTEM ............................................................................................ DUTY PAYMENT SUBSYSTEM....................................................................................................... FEES AND BILLING SYSTEM SUBSYSTEM ...................................................................................... CUSTOMS STATISTICS SUBSYSTEM ............................................................................................. SECURITY DEPOSIT SUBSYSTEM ................................................................................................. RISK MANAGEMENT SYSTEM ....................................................................................................... CUSTOMS OFFENCE SYSTEM ...................................................................................................... THE TRAVELERS MANAGEMENT SYSTEM ..................................................................................... CONCLUSION ..............................................................................................................................
15 15 17 17 19 22 22 23 23 23 23 24 24 24 25 25 25 26 H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
INTER-AGENCY COORDINATION ........................................................................................ 27
H
H
A. H
VI. H
A. B. C. D. E. H
H
H
H
H
VII. H
A. B. C. D. H
H
H
H
INTER-AGENCY COOPERATION AND COORDINATION...................................................................... 27 H
UNIFIED AUTOMATED INFORMATION SYSTEM (UAIS) .................................................... 28 H
OBJECTIVE OF UAIS................................................................................................................... DESIGN CONSIDERATION OF UAIS .............................................................................................. UAIS TECHNOLOGY ................................................................................................................... UAIS ARCHITECTURE ................................................................................................................. UAIS OVERVIEW ........................................................................................................................
28 28 30 31 34 H
H
H
H
H
IT INFRASTRUCTURE AND NETWORK FOR UAIS ............................................................. 41 H
INTRODUCTION ........................................................................................................................... ASSESSMENT OF CURRENT ICT INFRASTRUCTURE ....................................................................... STEPS FOR UAIS SETUP ............................................................................................................. GENERAL REQUIREMENTS ..........................................................................................................
41 41 41 51 H
H
H
H
VIII.
QUALITY ASSURANCE AND SECURITY REQUIREMENTS OF UAIS .......................... 52
A. B.
QUALITY ASSURANCE ................................................................................................................. 52 SECURITY REQUIREMENTS .......................................................................................................... 54
H
H
H
H
H
H
IX.
PROPOSAL FOR THE REORGANISATION OF THE CD RT................................................ 60
X.
PROPOSED INFRASTRUCTURE REHABILITATION ........................................................... 62
XI.
CHANGE MANAGEMENT & TRAINING ................................................................................ 64
H
H
H
H
H
A. B. C. H
H
H
H
OBJECTIVES ............................................................................................................................... 64 PROPOSED CHANGE MANAGEMENT PLAN .................................................................................... 64 DISSEMINATION OF INFORMATION ................................................................................................ 65
Final Release
H
H
H
Private & Confidential
Table of Content
TA4451-TAJ
D. E. F. H
H
H
XII. H
A. B. C. D. E. F. G. H. H
H
H
H
H
H
H
H
XIII. H
A. B. C. H
H
H
Final Report
December 2006
TRAINING PROGRAMMES ............................................................................................................. 66 USER TRAINING .......................................................................................................................... 66 TECHNICAL TRAINING.................................................................................................................. 66 H
H
H
COST ESTIMATES OF UAIS .................................................................................................. 67 H
INTRODUCTION ........................................................................................................................... UAIS SOFTWARE COSTS ............................................................................................................ MAIN EQUIPMENT AND COMMUNICATIONS TECHNOLOGY COSTS ................................................... CIVIL WORKS AND CUSTOMS EQUIPMENT COSTS ......................................................................... CHANGE MANAGEMENT AND TRAINING COSTS ............................................................................. CONSULTANCY SERVICES AND CONTINGENCY PLAN..................................................................... TOTAL COST .............................................................................................................................. PROCUREMENT OF THE UAIS......................................................................................................
67 67 67 68 68 68 69 70 H
H
H
H
H
H
H
H
IMPLEMENTATION PLAN OF UAIS................................................................................. 72 H
OVERVIEW ................................................................................................................................. 72 STRATEGY ................................................................................................................................. 72 IMPLEMENTATION PLAN ............................................................................................................... 73 H
H
H
APPENDIX A.
OVERVIEW OF THE CUSTOMS DEPARTMENT................................................ 76
APPENDIX B.
OVERVIEW OF STAKEHOLDERS ...................................................................... 84
APPENDIX C.
OVERVIEW OF CUSTOMS PROCEDURES AND PROCESSES ....................... 89
APPENDIX D.
FUNCTIONAL REQUIREMENTS OF UAIS.......................................................... 93
H
H
H
H
A. B. C. D. E. F. G. H. I. J. K. L. M. N. O. P. Q. R. S. T. U. H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
PROPOSED ORGANIZATION STRUCTURE .................................................... 139 H
ORGANIZATION CHART OF CD RT ............................................................................................. ORGANIZATION CHART OF COMPUTER INFORMATION SYSTEM DIVISION (CISD) .......................... ORGANIZATION CHART OF TRAINING DIVISION............................................................................ ORGANIZATION CHART OF CORPORATE AFFAIRS DIVISION ......................................................... ORGANIZATION CHART OF CUSTOMS DOCUMENTATION DIVISION ................................................ ORGANIZATION CHART OF ANTI-SMUGGLING DIVISION ............................................................... ORGANIZATION CHART OF POSTS CLEARANCE AUDIT DIVISION................................................... ORGANIZATION CHART OF CUSTOMS CONTROL DIVISION ...........................................................
APPENDIX F. A. B.
H
H
H
H
H
H
APPENDIX E. A. B. C. D. E. F. G. H.
H
MANIFESTS CONTROL SYSTEM.................................................................................................... 93 DECLARATION CONTROL SYSTEM ................................................................................................ 95 WAREHOUSE CONTROL SYSTEM ................................................................................................. 98 CERTIFICATE AND LICENSE CONTROL SYSTEM ........................................................................... 100 REGISTRATION SUBSYSTEM ...................................................................................................... 102 ADMINISTRATION SUBSYSTEM ................................................................................................... 104 TARIFF NOMENCLATURE SUBSYSTEM ........................................................................................ 105 VALUATION SUBSYSTEM ........................................................................................................... 106 CUSTOMS CONDITIONS SUBSYSTEM .......................................................................................... 106 POST-CLEARANCE SUBSYSTEM ................................................................................................ 107 CUSTOMS OFFENCE SUBSYSTEM .............................................................................................. 108 DUTY PAYMENT SUBSYSTEM..................................................................................................... 108 FEES AND BILLING SUBSYSTEM ................................................................................................. 109 SECURITY DEPOSIT SUBSYSTEM ............................................................................................... 110 RISK MANAGEMENT AND INTELLIGENCE SUBSYSTEM .................................................................. 111 CUSTOMS STATISTICS SUBSYSTEM ........................................................................................... 112 EXCISE CONTROL SUBSYSTEM .................................................................................................. 113 CURRENCY CONTROL SUBSYSTEM ............................................................................................ 113 COMMON SERVICES ................................................................................................................. 114 MESSAGING GATEWAY ............................................................................................................. 116 ILLUSTRATION OF THE FUNCTIONAL REQUIREMENTS (USE CASES).............................................. 118
H
H
H
139 140 141 142 142 143 144 145 H
H
H
H
H
H
H
H
HARDWARE SPECIFICATIONS ........................................................................ 147 H
CUSTOMS HQ DATA CENTRE .................................................................................................... 147 CUSTOMS HQ .......................................................................................................................... 153
Final Release
H
H
Private & Confidential
Table of Content
TA4451-TAJ
C. D. H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
H
SECURITY SPECIFICATIONS ........................................................................... 187 H
SECURITY ARCHITECTURE ........................................................................................................ SYSTEM SECURITY ................................................................................................................... NETWORK SECURITY ................................................................................................................ LOGGING AND MONITORING FEATURES OF THE FIREWALL .......................................................... HIGH AVAILABILITY FEATURE ON THE FIREWALL ......................................................................... SYSTEM MANAGEMENT FEATURES OF THE FIREWALL ................................................................. NETWORK BASED ACTIVE DEFENSE SYSTEM ............................................................................. HOST BASED ACTIVE DEFENSE SYSTEM .................................................................................... SECURE SOCKET LAYERS (SSL) ............................................................................................... VIRTUAL PRIVATE NETWORK (VPN) .......................................................................................... ANTIVIRUS................................................................................................................................
APPENDIX J. A. B. C. D. E. F. G. H. I. J. K. L. M.
H
H
H
H
TESTING PHASES ............................................................................................. 181
TESTING PHASES ..................................................................................................................... 181 USER ACCEPTANCE TESTING .................................................................................................... 184 DATA MIGRATION TESTING........................................................................................................ 185
APPENDIX I. A. B. C. D. E. F. G. H. I. J. K.
H
H
H
H
PROCESSES FOR SOFTWARE DEVELOPMENT AND QA ............................ 174
PROCESSES ............................................................................................................................. 174 DEVELOPMENT PROCESSES ...................................................................................................... 175 SUPPORT PROCESSES .............................................................................................................. 177
APPENDIX H. A. B. C.
December 2006
REGIONAL OFFICE .................................................................................................................... 167 BORDER POSTS ....................................................................................................................... 170
APPENDIX G. A. B. C.
Final Report
187 188 188 190 190 190 191 192 193 194 194 H
H
H
H
H
H
H
H
H
H
H
COST ESTIMATES OF UAIS ............................................................................. 197 H
DATA CENTRE COST ESTIMATE ................................................................................................. DISASTER RECOVERY COST ESTIMATE ...................................................................................... CUSTOMS HQ COST ESTIMATES ............................................................................................... REGIONAL OFFICES AND POST EQUIPMENT COST ESTIMATES .................................................... REGIONAL OFFICES AND POSTS TELECOMMUNICATIONS COST ................................................... TRAINING EQUIPMENT COST ESTIMATES.................................................................................... SUMMARY OF ICT COST ESTIMATE............................................................................................ BORDER POSTS CIVIL WORKS INFRASTRUCTURE COST ESTIMATE .............................................. BORDER POST CUSTOMS EQUIPMENT COST ESTIMATE .............................................................. TOTAL BORDER POST REHABILITATION AND CIVIL WORKS COST ESTIMATE................................. CHANGE MANAGEMENT COST ESTIMATES ................................................................................. TRAINING COST ESTIMATE ........................................................................................................ SUMMARY OF COST FOR CM AND TRAINING...............................................................................
197 199 200 202 208 214 215 216 219 220 221 222 224 H
H
H
H
H
H
H
H
H
H
H
H
H
APPENDIX K.
IMPLEMENTATION PLAN OF UAIS.................................................................. 226
APPENDIX L.
CUSTOMS TRADE STATISTICS (2005)............................................................ 233
H
H
Final Release
H
H
Private & Confidential
Table of Content
TA4451-TAJ
Final Report
December 2006
ABBREVIATIONS ADB ABBAT ASYCUDA CAREC CCC CCI CD RT CDM CMMI DRC EA EDI EurAsEC ICT IPS ISO J2EE LAN MSRD RT
– – – – – – – – – – – –
NTTFC PKI PSTN QA RAS RDBMS RETA RILO RKC RM RTFCCP
–
SAD SEW SFTP SKU TIN UAIS UAT UCR UNCTAD UN-EDIFACT
– – – – – – – – – –
UNLK
–
Asian Development Bank Association of International Automobile Carriers Automated System For Customs Data Central Asia Regional Economic Cooperation Customs Cooperation Committee Chambers of Commerce and Industry Customs Department, Republic of Tajikistan Customs Data Model Capability Maturity Model Disaster Recovery Centre Executive Agency Electronic Data Interchange Eurasian Economic Community Information Communications Technology Intruder Prevention System International Standards Organization Java 2 Enterprise edition Local Area Network Ministry of State Revenues and Duties, Republic of Tajikistan National Trade & Transport Facilitation Committee Public Key Infrastructure Public Switch Telephone Network Quality Assurance Remote Access Service Relational Database Management System Regional Technical Assistance Regional Intelligence Liaison Office Revised Kyoto Convention Risk Management Regional Trade Facilitation and Customs Cooperation Program Single Administrative Document Single Electronic Window Secure File Transfer Protocol Stock Keeping Unit Tax Identification Number Unified Automated Information System User Acceptance Test Unique Consignment Reference United nations Commission for Trade and Development United Nations Electronic Data Interchange For Administration Commerce & Trade United Nations Layout-Key
USAID VAT VPN VSAT WAN WCO WTO XML
– – – – – – – –
United States Agency For International Development Value Added Tax Virtual Private Network Very Small Aperture Terminal Wide Area Network World Customs Organization World Trade Organization Extensible Markup Language
Final Release
– – – – – –
– – – – – – – – –
Private & Confidential
Abbreviations
TA4451-TAJ
Final Report
I.
December 2006
EXECUTIVE SUMMARY
1
Customs Department of Tajikistan (CD RT) functions on a manual processing system and all transactions carried out in the trade arena were paper and document based. The use of manual processing and the requirement for an intrusive human interface creates delays and poses obstacles in the approval of Customs Declaration and the clearance of goods. An integrated Customs management and information systems is absent. This leads to difficulty in managing, analyzing and developing information to suit CD RT purposes.
2
To address the limitations of the systems, CD RT will be required to re-engineer its processes and procedures and to embark on an information communication technology (ICT) program despite the absence of a national ICT master plan.
3
Re-engineering CD RT processes and procedures to facilitate a Unified Automated Information System (UAIS) will require CD RT to consider and employ the following recommendations provided by the WCO and WTO: 1. WCO’s Customs Data Model; 2. WCO’s Framework of Standards to Secure and Facilitate Global Trade; 3. Revised Kyoto Convention (RKC) Guidelines on ICT
4
The emphasis would be maximum application of ICT and increase the use of modern clearance methods such as risk management techniques and post Customs Control audit. This helps in the development of selective criteria for the examination of goods, and thus expedites clearance of imports and exports. An electronic approval and clearance system would also eliminate or minimize human interfaces.
5
The development of the UAIS would provide the avenue for a single electronic window for the CD RT community, which includes the trading community and other government and non-government organizations and foreign administrations not directly involved in trade. The UAIS will support internet enabled communication with external parties and host-to-host linkages.
6
In order to propose and design the best UAIS solution for CD RT, system requirements have to be gathered, and users’ needs have to be considered.
7
These are four main groups that UAIS caters to: 1. 2. 3. 4.
Tajikistan trade and logistic community users; CD Officers and personnel; Other Ministries or Agencies staffs; and Other organizations and foreign governments
8
Each group of user requires different design consideration of the UAIS software.
9
A summary of the proposed technology for the UAIS is shown below: Component Software for the community Software for CD Officers Software for Ministries and Agencies
Final Release
Technology Microsoft Visual Basic and Access database Web-based from Customs HQ servers Web-based from Customs HQ servers, or could be file interface through a secured channel
Private & Confidential
Page 6 of 245
TA4451-TAJ
Final Report
Interact with external parties like foreign government and organizations UAIS software Database
December 2006
File interface through a secured channel
Java and J2EE Oracle RDBMS
10
Following the decision on technology, the system design of the UAIS software itself can be carried out.
11
The UAIS software can be logically divided into four main areas: • • • •
The UAIS Core Systems; The UAIS Subsystems; The UAIS Common Services; and The Messaging Gateway
12
The UAIS Core Systems allows the Trade and Logistic Community to use clientsoftware to send various electronic documents to CD RT. Examples of the documents are manifests and Customs declarations. The data will pass through the Messaging Gateway to the server-software for processing.
13
The UAIS Subsystems consists of applications that are used by CD RT personnel to support their daily work.
14
The table below lists the Core System and Subsystem of the UAIS: Core Systems • • • •
Subsystems
Manifest Control; Declaration Control; Warehouse Control; and Certificate and License Control
• • • • • • • • • • • • • •
15
Registration Subsystem; Administration Subsystem; Tariff Nomenclature Subsystem; Valuation Subsystem; Custom Condition Subsystem; Post-Clearance Subsystem; Customs Offence Subsystem; Duty Payment Subsystem; Fees and Billing Subsystem; Security Deposit Subsystem; Currency Control Subsystem; Excise Control Subsystem; Risk Management and Intelligence Subsystem; and Customs Statistics Subsystem;
The Messaging Gateway is an important component of the UAIS that allows communication between client-software and server-software. It also acts as the interface between external parties and the UAIS. For example other Ministries and Agencies, or even other governments. It supports all standard communication protocol and implements secure connection for message depository and retrieval. The Messaging Gateway has a built-in Conversion Engine to format messages if needed.
Final Release
Private & Confidential
Page 7 of 245
TA4451-TAJ
Final Report
December 2006
16
For the implementation of the UAIS, it is proposed that a centralized model should be adopted. This means all processing and data are hosted at Customs HQ. The users at Regional Offices, Border Posts and the Trade and Logistics Community will access the Custom HQ for all trade transactions. The IT infrastructure and network is designed based on this guiding principle.
17
Having a de-centralized model will not be cost-effective as it will mean duplicating the infrastructure at Customs HQ to the Regional Offices to a large extent. Having a decentralized model will also complicate the work flow such as having to synchronize the data and software between Customs HQ and Regional Offices.
18
The proposed steps for UAIS hardware setup is as follows: 1. Equip Customs HQ, Regional Offices, and priority Border Posts with the basic ICT equipment such as PCs, printers, scanners, UPS, etc. The complete list of sites and equipment have been identified and listed. 2. Determine the connectivity model that is suitable for each site. The decision should be based on the forecast transaction volume. For example, all Regional Offices and Border Posts with high transactions should subscribe to ADSL broadband connectivity, while sites with low volume should use dial-up modem. The choices are: i. ii. iii. iv. v.
Leased line; ADSL broadband; 56kbps dial-up; GPRS; and Codan modem.
3. Equip all Regional Offices with Local Area Network (LAN) and connectivity to the UAIS network. This means installing firewall, router, ADSL modems, and VPN concentrator etc. in the Regional Offices. 4. Equip the priority Border Posts with LAN and connectivity to UAIS network. This includes either ADSL, or dial-up modems for these sites. The complete list of sites and equipment have been identified and listed. 5. Setup Customs Intranet Zone using Virtual Private Network (VPN). Between the Regional Offices and HQ, hardware VPN concentrators are used to enable secure connection through the Internet. At the Border Posts, the software VPN clients on the PCs are used for secure access to the Customs HQ and Regional Offices. 6. Setup the Data Centre to host the servers at Customs HQ, and setup a Disaster Recovery (DR) site at least 5 km away from Data Centre. The specification of the equipment and infrastructure needed for these sites have been listed. 19
The UAIS software and hardware proposals are followed by recommendation on Quality Assurance (QA) and Security. Industry best practices and check lists on quality assurance and security are listed. If followed closely, the quality of UAIS is assured because the software development process will be following the standard Quality Process Models such as ISO9000:2000 or Capability Maturity Model Integration (CMMI). These models contain many best practices of software development that is recognized internationally. A security framework consists of
Final Release
Private & Confidential
Page 8 of 245
TA4451-TAJ
Final Report
December 2006
Prevention, Control and Monitoring activities is also described. CD RT should comply with this security model. 20
In order to ensure the success of UAIS, the condition of high priority Border Posts have been examined. The needs of the Border Posts are divided into 2 categories. One is the civil works need, which means improvement to the infrastructure itself. The other need is the Customs Equipment need, for example electricity generators, barriers, or inspection equipment etc. The cost of rehabilitation these Border Posts have been calculated and tallied. Without upgrading these Posts, it will be difficult, if not impossible, to implement UAIS there.
21
To ensure the smooth implementation of the UAIS and the reengineering of the business processes of CD RT, a change management program including provision of training is proposed. A vital program within the change management plans is the dissemination of information and creating awareness outreach among the CD RT officers and their clients in the private and public sectors. Training proposed will include providing basic computer skills to the CD RT personnel, carrying out missions and observation study tours and visits to countries applying ICT in Customs. Missions to study regional and international Customs Administration use of the UAIS should include the clients from the private and public sector. This could facilitate their support for the CD RT UAIS.
22
The total cost of implementing the UAIS is thus calculated. There are three main components to the UAIS cost: 1. The UAIS software and hardware cost. The hardware includes all ICT equipment and communications technology for Customs HQ, Regional Offices, Border Posts, Data Centre, and Disaster Recovery Centre. 2. The Border Posts civil works and Customs equipment cost. 3. The change management and training cost.
23
The cost of the above 3 components take up about 57%, 30% and 5% of the US$10.7 million loan amount respectively. The rest of the loan is set aside for the next Loan TA, Physical Contingency and Price Contingency.
24
Timeline and implementation strategy had been drawn up for the three components above initially targeted for completion within five years. This was revised in view of a proposal that the project completed by mid- to end of 2009. In view of this proposal the implementation schedule has been shortened, with concurrent work being carried out in several key areas at the same time throughout the three years time frame.
25
Implementing the single electronic window and the introduction of a centralized integrated management and information system requires strong commitment and leadership to succeed. The establishment of a Project Steering Committee (PSC) to oversee the progress and implementation of the UAIS should include the private and public sector members. The PSC should be headed by MSRD with secretarial support provided by the Project management Office. Another organization, which could be established, to further enhance trade facilitation and the promotion of ICT would be a national trade and transport facilitation committee (NTTFC). The NTTFC would include representatives from the trading community, logistics providers, banks, national trade, industry and transport bodies and government agencies. Under a lead agency the committee could steer the country to aspire towards a single window environment to meet the aspirations of facilitating trade.
Final Release
Private & Confidential
Page 9 of 245
TA4451-TAJ
Final Report
II.
December 2006
INTRODUCTION
26
This project is a continuation of Asian Development Bank (ADB) support for customs reform and modernization for the Republic of Tajikistan following the launch of the Regional Trade Facilitation and Customs Cooperation Program (RTFCCP) in December 2002.
27
The overall purpose of this program serves to achieve 2 key objectives as follows: 1. Customs modernization through automation and border-post infrastructure development supported by institutional structure and business processes of the Executive Agency (EA) of the Tajikistan Customs. 2. Development of a Conceptual Design of the Unified Automated Information System (UAIS) sufficient for preparation of bid documents for loan implementation, development of key performance indicators for the implementation of the UAIS, system compatibility among the Central Asia Regional Economic Cooperation (CAREC)’s member countries, preparation of terms of references for consulting services in support of implementation and supervision of the UAIS, and the development of the budget estimate for the entire UAIS and phased implementation.
28
The UAIS for custom services is also seen as a key objective to support the CAREC’s trade facilitation program, a major step towards achieving operational effectiveness and efficiency in customs-related practices in the Republic of Tajikistan.
29
This TA Project involves the study, assessment and development of the following major components: 1. Change management modernization
and
public-private
partnership
for
customs
2. Reengineering of customs business processes and Conceptual Design of the UAIS 3. Quality and security assurance of the UAIS and border-post infrastructure development. 30
This draft final report provides a detailed proposal of the modern re-engineered customs practices and workflow based on a comprehensive assessment of the present customs system. The modern customs procedures serve to provide the foundational inputs to the development of the design of the UAIS
31
This is followed by the proposed architectural analysis and conceptual design of the components of the UAIS sufficient for procurement purposes. The UAIS is supported by the quality and security assurance specifications of the ICT infrastructure plans.
Final Release
Private & Confidential
Page 10 of 245
TA4451-TAJ
Final Report
December 2006
III. ASSESSMENT AND REVIEW OF CUSTOMS & TRADE FACILITATION INFRASTRUCTURE A.
Limitations of the Present System
32
The examination of the CD RT documentation and clearance systems points to the high dependence of a manual system supported by the use of computers (most of which are considered obsolete), when they are available, for data entry. There is no integrated Customs management system to support information flow between the Central Office, the Regional Offices and Customs and border posts. A centralized database is maintained in the Statistics Division in the Central Office by means of FoxPro software. Data captured is also limited. Application systems maintained manually are also centralized within the Central Office Divisions. Data and information flow to the Statistics Division are provided through use of telephones, radio modems, in physical document form or use of diskettes. The preparation of trade statistics by the Statistics Division, for example, is possibly prone to inaccuracy as a result of human error in transcribing the data to paper or through voice messages. Regional Offices retain copies of the Customs declarations; the accuracy of data can only be verified upon sighting the physical documents by the Statistics Division should doubt arise. The timeliness of statistical data for formulation of national economic policies can also be affected.
33
Central Office Divisions responsible for maintaining, updating and monitoring manual application systems supporting their needs are highly dependent on the Statistics Division for data. For example, the officers collecting, analyzing and reporting on revenues collected must verify the data collected from the Regional Offices with statistical data retained at the Statistics Division. The requirement to manually seek the assistance of Statistics Division is the result of the absence of an integrated information system within the CD RT possibly supported by information communication technology (ICT).
34
The exploitation of information technology by the private sectors vis-à-vis the Customs Brokers displayed the gap between the private sector and the CD RT. Customs brokers, for example, have strived to minimize their workload through the purchase and use of software of Russian origin for the data entry process and the production of the Customs Declaration. However their systems are not compatible to data entry systems developed by the CD. This has resulted in a requirement for the production of a manual Customs declaration and repetitive data entry by CD RT. There is no data exchange between the CD RT and her clients.
35
The manual system data entry system is time-consuming and provides inadequate information to fully meet with Customs needs. CD captures 16 data field elements to satisfy the regional obligations with her neighbours. Validity checks of data elements are normally based on local expert knowledge of experienced officers. Rejections of values or goods classification codes etc are done at time of presentation of declarations aggravating waiting and clearance time and possible conflict with declarants over the accuracy of CD decisions.
36
A single administrative document (SAD) to meet the requirements of CD RT and those of competent authorities (government agencies), which provide approval, and licensing of controlled goods (for protection of public health, safety and community well-being) is not yet developed. Traders requiring approval for imports/exports of their products from the relevant competent agencies are required to proceed to these
Final Release
Private & Confidential
Page 11 of 245
TA4451-TAJ
Final Report
December 2006
agencies first. Certificates of conformity or licenses are issued and these physical documents must be produced to CD RT before the Customs Declaration can be approved. There is no single synchronous one-stop clearance and approval system since the electronic interfaces between CD RT and the other competent agencies are not present. B.
Inadequacy of the Customs Stations and Border Posts Infrastructure
37
The inadequacy of the Customs stations and border posts infrastructures has also been identified in the previous ADB studies. A visit to the Tursunzade Regional Office and Customs stations and border posts under the region showed inadequacies, which included lack of proper infrastructures and a shortage of utilities and electrical energy. At the Dusti border post close to the Uzbekistan border, an Xray machine was not in operation owing to the absence of the supply of electrical energy. Further studies of several border posts, listed as top priority by the CD RT, were undertaken with the assistance of a civil works engineer from the Project Management Office. New checkpoints are also being undertaken, for example, a new customs checkpoint of Fotehobod located between northern Tajikistan’s Mastchoh District and Uzbekistan’s Bekobod District. CD RT recognized the inadequacy of its border posts infrastructures and has been reviewing and rehabilitating the posts concerned. International organizations such as the USAID had also sponsored the construction of border posts.
C.
Assessment of the Legal Framework and Customs Processes and Procedures
38
In assessing the current CD RT legal framework, procedures and processes, reference was made to the General Annex of the Revised Kyoto Convention (RKC), in particular, Chapter 3 to Chapter 10 containing standards related to (a) “Clearance and Customs Formalities”; (b) “Duties and Taxes”; (c) “Security”; (d) “Customs Control”; (e) “ Application of Information Technology”; (f) “Relationship Between the Customs and Third Parties”; (g) “Information, Decisions and Rulings Supplied by the Customs”; and (h) “Appeals in Customs Matters”.
39
The current Customs Code of the Republic of Tajikistan, under which the CD RT derived its authority, was revised and kept to the spirit of the RKC. The key elements that prompted the amendment of the RKC, in particular, application of risk management techniques and application of information technology are provided for in the Customs Code. The CD RT Customs Code does conform to establishing international best practices drawn up in the RKC. However, in practical terms, the best practices such as maximum use of ICT has yet to be implemented. Several issues that will have an impact on the CD RT as a result of proposals to reengineer the business process for the introduction of a UAIS are appended below. 1. The Customs Declaration conforms to the United Nations Lay-Out Key (UNLK). Presently no application of ICT is available although the Customs Code does provide for submission of electronic documents. The future automation of the Customs Declaration should take into account conformity to international standards for data entry related to the Customs Declaration. These standards are provided in the World Customs Organization (WCO) Customs Data Model (CDM) and Framework of Standards to Secure and Facilitate Global Trade. The RKC Guidelines on ICT also outlines how Customs can use ICT to plan improvements in their services to clients and trading partners. The CDM, for example, provides for use of 264 data elements that are standardized to contain specific number of characters such as data entry of the name of company should have only 27 alphanumeric
Final Release
Private & Confidential
Page 12 of 245
TA4451-TAJ
Final Report
December 2006
characters. The CDM also provides for a Unique Consignment Reference (UCR) that will be used throughout all trade transactions. The UCR is subject to a maximum of 35 characters. The first digit represents the year; the next two digits will be the International Standards Organization (ISO) alphabetic country code; and the remaining is the officially recognized national company identifier and an internally applied company reference. This is to facilitate exchange of electronic documents (e-documents) with internal (within the country) and external bodies such as the other regional Customs administration. 2. Payment of duties and taxes to be paid after payment obligation is created. The Customs Code provides for a deferred payment period of 45 days. There is also no electronic fund transfers through the banks although advanced payments are provided for. The introduction of an electronic fund transfer (epayment) scheme would enhance and ensure proper and effective collection of revenues. 3. Risk management is clearly described in the Customs Code providing, for example, risk profiles to be developed and used. However, in practice, risk management is partially used whilst risk analysis is being developed. An obstacle faced in the present context is the absence of an integrated information system and manageable databases. There is much dependence on human expertise based on local knowledge and experience for selectivity of consignments to examine or not examine. 4. The absence of a national ICT master plan may impact on the progress of the unified automated information systems (UAIS), which are dependent on the establishment of telecommunications infrastructure and, not least of all, the promotion and education of the populace in ICT. The impact can also be felt in the interface of the CD RT systems with the other government agencies and Ministries that may not be as prepared as CD RT. The establishment of technical and security standards by a national body would facilitate interchange of data between the various Ministries and government agencies. Establishment of a national trade and transport facilitation committee (NTFFC) to champion the cause of the UAIS and the establishment of a single window concept to link not only the “Customs Community” (that is, the trading community, logistics and freight operators, banks, government agencies dealing with controlled goods and Ministries) would be a positive step. Towards this objective, the Project Steering Committee, possibly chaired by MSRD RT or CD RT, to be established under the loan should include representatives of the government ministries and agencies and the private sector’s national bodies such as the Tajikistan Chambers of Commerce & Industry (CCI), Customs Brokers’ Association and the road transport operators association, ABBAT. The inclusion of the public and private sector representatives serves to enhance Public Private Partnership (PPP) arrangement. 5. The Customs Code provides for submission of electronic documents but presently this is not practiced owing to the absence of an ICT system in place. The development and use of the UAIS would require CD RT to revise the Code to provide for verification and authentication of electronic or digital signatures. These normally consist of a user identification (user-id) and a password.
Final Release
Private & Confidential
Page 13 of 245
TA4451-TAJ
Final Report
December 2006
6. CD RT publishes notices and circulars providing information to the public normally posted at the Customs offices. An alternative source to disseminate information and promote transparency is the use of the CD RT web site. D.
Experience of other countries
40
Many countries have successfully implemented UAIS within the Customs administration to serve their clients and the trading community. The countries include the USA, UK, Canada, Australia, Korea, Japan, the Philippines, Singapore and Thailand. The key motivation for the countries concerned was systems integration and Customs modernization. The promotion of trade facilitation featured in all the systems and worked on a single window concept with synchronous onestop clearance. International standards were used in establishing the ICT programs in these countries with e-documents submitted based on XML, UN-EDIFACT (United Nations Electronic Data Interchange for Administration Commerce and Trade) and ANSI X-12 (American National Standards Institute) standards. The software developed were either home grown or provided by an international agency. For example, the Philippines uses ASYCUDA (Automated Systems For Customs Data) provided by UNCTAD (United Nations Commission for Trade and Development). However, the Philippines were also able to gain the support of the banks to provide e-payment schemes. The Philippines is planning to upgrade their system similar to those implemented in Korea and Singapore. Key factors of the success of these systems were the backing of the business community, strong support and commitment by the government and the Customs Administration and coordinated construction and expansion of telecommunication infrastructures.
41
Conclusion. To overcome the limitations of the CD RT systems, it is recommended that the UAIS be developed through the introduction of an Integrated Customs Management System (ICMS) that would allow the CD RT to electronically link up all its offices and to interface with other external bodies such as ministries, government agencies, the trading community and other foreign governments. The ICMS would include Applications Subsystems to process electronic submissions and documents and to create databases to support CD RT functions. A business process reengineering of its current procedures and processes will be required to move CD RT forward from a manual processing environment to maximum use of ICT.
Final Release
Private & Confidential
Page 14 of 245
TA4451-TAJ
Final Report
IV.
December 2006
PROPOSED CUSTOM PROCEDURES AND WORKFLOW
A.
Business Process Reengineering
42
Redesigning the various Customs procedures is needed to meet the requirements of a UAIS. The business process reengineering will include setting up core application subsystems and databases to support the ICMS. The various application subsystems and databases and their functionalities are discussed in the next section following and in Appendix D. Details of their requirements and the interface among the applications subsystems and databases are provided below to clarify the uses of the subsystem in the overall set-up of the CD RT UAIS.
B.
Registration For The Trade Community Under A Registration Subsystem
43
The present process requires the private sector clients of CD RT to be registered, licensed and issued with a registration or license number. The clients include the traders, Customs brokers and Customs Specialists. Customs Specialists are authorized persons designated Declaring Agents and are the authorized signatories of Customs Declarations. These clients are also required to undergo CD RT training courses and to successfully complete examinations set by CD RT before being issued their licenses. A manual record is kept of the registration and issue of licenses in the Central Office.
44
The proposed electronic registration process will be reengineered for the same purpose, that is, creation of a database of clients and their authorization to transact with CD RT. Any client who seeks to transact with Customs must be registered with CD RT. The introduction of the UAIS will require that the clients be registered anew. Registration of the clients is necessary as only authorized persons can access the CD RT UAIS. Warehouse operators and freight and logistics providers will also be required to be registered.
45
CD RT also interacts with other clients not involved directly as traders or direct participants in the foreign external trade. These include other government agencies (competent authorities), ministry representatives, banks, Chambers of Commerce and Industry, the Association of Automobile Carriers (ABBAT) and foreign government agencies. Registration of this group of clients is also required. CD RT officers who are required to access the UAIS will similarly be registered electronically.
46
The business process for the traders and the trading community on the one hand and the clients such as CD RT officers, government officials, etc will be different as described below.
47
The business process for the trading community under a Registration subsystem will be accomplished as follows: 1. Traders including Customs brokers and members of the trading community submit electronically an application to be registered. Details of their companies, business licenses issued by the government and tax identification numbers (TIN) will have to be provided. The companies will normally nominate their two or more officials to be their representatives responsible for their Customs Declaration transactions. Personal particulars of the nominees including names, addresses, designation, and the certificate of competency
Final Release
Private & Confidential
Page 15 of 245
TA4451-TAJ
Final Report
December 2006
(Customs examination) and TIN of the employees must be provided. The registration requirement in accordance to an electronic format will be provided by CD RT, normally in the department web site, and easily accessed by interested parties. 2. Upon receipt of an application, the Registration subsystem will verify the authenticity of the request by interfacing with the other government agencies to check on the details provided. For example, the system will check with the Tax Department to verify the correctness and existence of the TIN and Ministry of Justice to check the business registration. The system will also check with other application systems such as a Customs Offence database to verify the acceptability of the nominees and an Administration database to check on the Competency Certificate. 3. If all the details are verified to be correct, and there is no adverse record in CD RT databases to prevent the applicant from transacting with CD RT, the system notifies the applicant of his successful application and that a sealed letter will be dispatched to the applicant. The system will generate a Company Registration Number and will provided each client nominated to transact with CD RT a unique user-id (user-identification) and a password. The system is expected to generate and produce a sealed letter containing the user-id and password to be dispatched to the clients. 4. Upon receipt of the sealed envelopes containing the user-id and password, the first rule imposed by the system will be to require the client to change the password on first accessing the system. The client will use this new password and his user-id to access the CD RT UAIS. 5. The user-id and password will form the electronic signature of each user in the UAIS. It will be unique to each user and the security attached to their use must be documented. All users should be instructed to log off from their sessions when they have finished their transactions. Passwords will be required to be changed after a period of time. No password used previously will be accepted. The emphasis is that the users are responsible for any actions or abuse resulting from the misuse of their user-ids and passwords. Security concerns for the use of passwords will be addressed in the length of the password, the duration for which passwords must be changed and the number of times users fail to log in because of incorrect usage of password and which will result in their being deactivated from further participation of the CD RT UAIS. For the last mentioned, users will have to provide explanations on their failure to use the correct password before they are reactivated. 6. Two options for the format of the registration of the users were considered. The first option is to issue a Customs Registration Number to the juridical legal entity and the companies’ nominees being issued with the accompanying user-id and password (see paragraph 47.3). The second option is to maintain the use of the TIN accompanied with the issue of a unique password for each user. However use of the TIN would require the CD RT system to rely on a larger database than is necessary. The Tax Department creation of the TIN database would include all taxpayers, most of whom may not transact directly with CD RT. Creating a separate Company Registration Number unique for Customs purposes would mean a smaller database to maintain. It would also be useful for Customs analysis of the type of trade conducted by each user. The first option of creating a unique CD RT Company Registration Number is proposed. Every time a transaction Final Release
Private & Confidential
Page 16 of 245
TA4451-TAJ
Final Report
December 2006
is made with CD RT, the system will interface with the Registration system to verify the authenticity of the user. C.
Registration For Other Users Under An Administration Subsystem
48
Ministries, competent authorities (government agencies), the CCI, ABBAT, banks and aircraft and railway operators who are required to interact with CD RT should nominate their officers as authorized users. A letter (or e-mail) to this effect should then be sent to CD RT. CD RT through the office of a proposed ICT Division will register the nominees into the system using the Administration subsystem. The system will likewise generate a user-id and password and produce the sealed letter containing the same. Similarly the password issued must be changed when the authorized user signs on to the system for the first time.
49
CD RT management will also nominate the appropriate officers to be registered as authorized users of the UAIS. Again this will be done through the Administration subsystem. Steps for producing the user-id and password are similar as described above.
50
The Administration subsystem, which will come under the supervision of the ICT Division, will also be used for the dissemination of information to all the users of the CD RT UAIS. For example, the ICT Division will inform the users of the down-time (for maintenance of the system) to users.
D.
Manifest Control
51
The Customs Code provides for the submission of cargo and passenger manifests (rail, air and [sea – for river traffic]). The submission of manifests forms the stage of initial access to information of imports and exports before the production of a Customs declaration. Currently, submission of manifests applies to cargoes imported by air and rail. The process of requiring the submission of manifests ensures the following: 1. The completeness of cargo inventory entering and exiting the country. 2. Provide information on supporting trade documents such as bills of lading, marks and numbers, consignees, consignors etc. The information provided ensures completeness and validity of Customs declarations submitted. 3. Facilitate reconciliation of all imports and exports and ensures the completeness of imports and exports fully complying with CD RT legislative requirements.
52
The consideration for the prior submission of manifests before the arrival of the imports is necessary. This will provide CD RT prior access to cargo information to facilitate pre-clearance of cargo and determine specific cargo consignments to be selected for physical inspection/examination based on selectivity criteria of high risk consignments or persons. Manifests for imports should be provided within 24 hours of their arrival and within 48 hours of their departure. A grace period of one month could be allowed for amendments to provide for short-shipment and tracking of cargo short shipped. The submission of cargo (and passenger) manifests to be delivered electronically will reduce the need for manual matching of paper-based documents which can be prone to errors and is labour-intensive.
Final Release
Private & Confidential
Page 17 of 245
TA4451-TAJ
Final Report
December 2006
53
Cargo imported and exported by road through the frontier posts can be based on the actual submission of Customs Declaration and all supporting trade documents. Unlike air and rail goods ferried normally by a major carrier such as the National Railway Authority or the national airline, goods transported by road are normally based on individual consignments carried on board the vehicular transport. Road transported cargo are normally accompanied by supporting trade documents which otherwise will lead to their delay in Customs clearance.
54
Electronic submissions of manifests should also be made a mandatory requirement. Airlines have sufficient time to produce electronic manifests in view of the flight duration. This can also apply to the railway operators. Thus it should not be a major obstacle for the operators to provide electronic manifests for submission to CD RT prior to the arrival of the aircraft or train. Most if not all transport carriers have produced manifests from their computer systems.
55
The Manifest Subsystem will be reengineered to perform the following:
56
Stage 1 - Submission of Manifests 1. Prior to arrival, the carrier’s or his agent (the airline or railway representative submits an electronic manifests to the CD RT Manifests Control subsystem. 2. The Manifests Control subsystem will register and record the receipt of the manifests. A system response is generated acknowledging the receipt of the manifests to the submitter. 3. The terminal operator on receipt of the goods landed in the country will notify the owners of the goods. Clearance of goods will be subjected to presentation of the appropriate Customs Declaration
57
Stage 2 - Use of Manifest subsystem for clearance of Goods 1. The trader on receiving details of the arrival of his cargo will submit an electronic Customs Declaration that will be registered into the Declaration Control subsystem. The Declaration Control subsystem will interface with the Manifests Control subsystem to verify the authenticity of the Declaration using the bill of lading number and flight details as the key. This will activate a write-off of the item contained in the Manifests Control subsystem. It will also prevent the trader from making a duplicate Declaration. 2. Discrepancies of details such as shortfall of items will be flagged and Customs will be alerted. 3. The release of goods by the terminal operators to the trader will be based on the receipt of a copy of the Customs Declaration. The Customs Declaration will be retained upon exchange of the bill of lading. The operator will retain and match the manifests against all the Customs declarations received from the traders. A report will be sent to CD RT. 4. The Customs will verify that all consignments listed in the manifests have accomplished Customs formalities. For consignments, which have failed to comply with Customs legislations, the terminal operators and the owners of the goods will be required to furnish satisfactory explanations if they were released without undergoing Customs formalities.
Final Release
Private & Confidential
Page 18 of 245
TA4451-TAJ
Final Report
December 2006
5. Customs will perform similar checks on the export manifests to ensure that goods listed in the rail or air manifests have accomplished Customs formalities by way of the submission of Customs Declaration. Manifests that do not reflect the export of goods for which a Customs Declaration has been made will require an explanation from the terminal operators who receives and moves the cargo. 6. The Manifests Control subsystem will ensure that all cargo is accounted for. E.
Declaration Control Subsystem
58
The Declaration Control subsystem will be a significant part of the UAIS. The subsystem will create a database of all the different types of Customs Declarations made and maintain a historical record of all the transactions of the trading community. Manual submissions of Customs Declarations for checking, validation and approval will be eliminated. The Customs Declaration will be auto-processed by the system. Based on the selectively criteria established by other subsystems such as Risk Management & Intelligence or Valuation, the approval will indicate to Customs Clearance officers the degree of examination required.
59
The business process for Declaration Control subsystem is appended below. 1. The trader submits his Customs Declaration to the CD RT UAIS through electronic means. This can be done in two ways. One method is through software residing on the trader’s personal computer (PC), which will be developed by the trader (or a software developer) to permit the trader’s to communicate with the CD RT UAIS through a messaging gateway. The development of the software by local vendors is encouraged. The second method is using the Internet to submit the Customs Declaration. The CD RT will provide an internet-enabled system for the trader to enter the required data. 2. The advantage of a PC-based system is that CD RT will upload several UAIS system files to the trader’s PC. These files include, for example, the complete Tariff Nomenclature (the EurAsec Codification Book); the codes used for data elements such as port code, weight, location of entry/exit point and country code; and the exchange rate file. The Tariff Nomenclature will contain the complete tariff nomenclature of the country. The file will also contain the tariff rates (Most Favoured Nation (MFN) and Preferential Rates), excise rate and VAT. When the trader declares his import or export he can use the files housed in his system and select the appropriate item/code. For example, he will scroll through the Tariff Nomenclature file to select the appropriate Harmonized System (HS) Code for his product. On selection of the HS Code, this will appear on his PC screen. Selection of the appropriate exchange rate will then compute the Customs duty and other taxes. The provision of these files to the traders ensures that errors in entering the appropriate data element and coding type are eliminated. (The updating of the files will have to be done by the trader himself. For example, the exchange rate file will have to be updated daily to ensure that the correct exchange rate is used. The system will highlight to the trader if he uses a wrong exchange rate applicable to another day. He would be required to update the exchange rate file before proceeding). The trader can also review his entries made before transmitting his declaration to the CD RT Declaration Control subsystem. The cost to the trader is cheaper as he can use a lower bandwidth (for example, 64 kps) to transmit his data to CD RT. The trader also does not have to be
Final Release
Private & Confidential
Page 19 of 245
TA4451-TAJ
Final Report
December 2006
logged on-line all the time while preparing his submission. He can save a copy of the Declaration on his system. Subsequently if he wants to send the Declaration to the CD RT, he can dial in to the CD RT system and transmit his Declaration. The cost for use of the telecommunications facilities would thus be reduced. 3. If the trader chooses to use the internet-based system to transmit his Declaration, the CD RT databases provided to PC-based systems will not reside in his computer. The data required will have to be drawn from within CD RT server systems. The trader would also have to be on-line all the time while preparing the Declaration. The likelihood of using higher speed bandwidth would be more costly compared to a PC-based system. 4. After the trader has submitted his declaration, the Declaration Control subsystem will automatically check the value (price) against the Valuation subsystem to identify acceptable values for specific goods from particular countries. The database will flag and highlight valuations that fall outside acceptable ranges. 5. There are three options when the Valuation subsystem checks are carried out and values are highlighted as “unacceptable”. The first option is to route the Customs Declaration on-line to a valuation officer. The officer can then send a message to the trader to produce documents or other requirements. Routing discrepancies on-line for human action to be taken will mean that the Declaration cannot be approved. There will be a time delay for clearance and approval of the Declaration. Traders will not be assured of having his Declaration approved even if the CD RT system operates 24 hours daily, 7 days a week. Officers responsible for on-line processing, work a 5-day week routine; and they may also be busy with other transactions during the period when rejected Declarations are routed to them. The second option is to auto-approve the Declaration and highlight the discrepancy for action by the PCA officers. The audit and subsequent check on the company will be termed immediate audit. This is a better option as it serves to achieve a service standard of not delaying the public. The third option is to autoapprove the Declaration and highlight the discrepancy to the field officers performing Customs Control & Clearance for them to carry out documentary and other physical examination of the consignment. The consignment will be flagged under a “red” channel clearance requiring examination. The second and third options are proposed for adoption. The examining officers in the field will carry out the initial examination; PCA officers can take follow-up immediate audit later. (CD RT, however, will adopt Option 1. CD RT is concerned that auto-approval in Options 2 and 3 will result in complicating the procedures in recovery of customs duties and taxes with negative effects on checking of documents, establishing correct values etc. There is also an inherent fear that auto-approval and auto-clearance would result in fairly high instances of under-valuation. CD RT will, however, adopt a key performance indicator that on-line processing shall not exceed two(2) days in determining the acceptable transaction value for Customs purposes.) 6. Other checks that will be carried out by the Declaration Control subsystem will include verifying the goods subject to control by other competent authorities (government agencies). The trader is required to seek the approval of the competent authorities and obtained the approval and license number. This number will be entered into the Customs Declaration. The Declaration Control subsystem will trigger validation of the certification using the Final Release
Private & Confidential
Page 20 of 245
TA4451-TAJ
Final Report
December 2006
Harmonized System (HS) Code as the key. Competent authorities are required to coordinate with CD RT to provide the various items/products under control based on the HS Code. The competent authorities will also upload to CD RT the list of licenses and approval granted to individual consignments and company. This Listing will form the product of a Certification & Licensing subsystem. The competent authorities may instruct CD RT from time to time to hold the consignments for further action by the authorities. However, this should not be for all instances. A solution to attain a one-stop synchronous clearance requires the competent authorities to empower CD RT under their agency legislation to carry out checks for them, including extraction of samples for testing. The Certification & Licensing database will also contain the approval and certificate numbers of Certificate of Origins (CO) issued by the Chambers of Commerce and Industry (CCI). Similarly the CCI is expected to upload the lists of CO to the Certification & Licensing database. 7. The Declaration Control subsystem will route the Customs duties and taxes payable to the Duty Payment subsystem. The duties and taxes due will be routed to the banks to trigger the electronic payment to CD RT to facilitate a cashless system electronic fund transfer scheme (e-payment). The banks will deduct the amount due from the trader’s account and credit the sum to CD RT. The system will also highlight a message to the trader to ensure that there are sufficient funds available in his account. In an e-payment scheme, the trader would have signed a direct debit authorization to permit the banks to debit Customs duties and taxes and other Customs fees to CD RT’s state budget account (Ministry of Finance account). In the event that the accounts have insufficient funds, the banks will subsequently inform CD RT. Depending on the arrangement of the banking system, this can take place 2 days after the transaction is made. If the trader has not cleared his cargo from Customs control, he shall make cash payments to the banks for crediting to CD RT’s account. A bank pay-in slip will have to be produced to the Customs at the time of clearance of the consignment. If the consignment has been cleared and no debiting of monies has taken place, CD RT may want to consider this a Customs offence, which will be penalized by way of a composition fine. (Since the e-payment scheme may be established within the implementation period, the system will also cater for deductions from advance payments made and/or for third parties to pay the customs dues and taxes to be borned by the trader.) 8. Depending on each type of Customs regime applied for in the Customs Declaration, the information from the Declaration will be routed to the appropriate databases. For example, temporary imports for processing for home use will be sent to a Temporary Import – Processing for Home Use database. 9. On approval of the Customs Declaration, the system will allocate an approval number to the Declaration. The trader will be informed of the decision. He can then print out the approved Customs declaration, which will also carry a bar code. The hard copy of the Customs Declaration bearing the bar code will be used for clearance of cargo from Customs control. At the clearance point the traders will have to produce supporting trade documents (invoices, bills of lading, packing lists, etc) that may be examined and verified by the clearance officers. The bar code is provided for the clearance officer’s use. At the point of clearance the officers will scan the bar code and the information and details of the Customs Declaration will appear on the officer’s computer screen. Final Release
Private & Confidential
Page 21 of 245
TA4451-TAJ
Final Report
December 2006
Alerts and actions to be taken by the officer will be included in the clearance officer’s screen. (These alerts are not available to the trader and are generated in the system based on selectivity criteria decided by CD RT). 10. The Declaration Control subsystem will also reconcile the Customs Declaration with the Manifest Control subsystem. Upon accomplishment of all Customs formalities, the inventory in the Manifest Control subsystem will be written off. Automated data reconciliation or matching forms an important part of the system process. Discrepancies can be highlighted and reported as over- or under –declaration. CD RT can then take immediate action. This action also applies to the transit and transshipment movement. The Declaration Control subsystem will allow the data captured to be matched when the goods leave the country. The declaration information can be captured at entry and matched and written off when the goods are produced at the exit point. F.
The Warehousing Control Subsystem (WCS)
60
The WCS comes into play when the Declaration Control subsystem detects the Temporary Storage regime applied for. The Declaration Control subsystem will process the submission and transfer the data to the WCS. The WCS will create an inventory database for the purpose of control and monitoring of the storage of duty unpaid goods within the warehouse concerned. Subsequent withdrawal from the warehouse under another Customs regime will trigger the change in inventory of the warehouse.
61
The WCS database serves the needs of CD RT officers. Warehouse operators are expected to have their own independent inventory systems. The operators will produce monthly reports of the remaining inventory in their warehouse to CD RT. This report can be in electronic form in a manner to be set by CD RT. The submission of the report will be matched against WCS records. Discrepancies will be highlighted to the CD RT Warehousing officers. When CD RT Warehousing officers are assigned to carry out inventory checks, the WCS subsystem can generate a report of existing inventory. This will assist the officers in carrying out their tasks.
62
A Duty Free Shops Management subsystem could also be formed under the WCS. The function of this subsystem is similar to temporary storage under a warehousing system. The subsystem will monitor and track the movement of duty free goods from warehouses and taken into duty free shops and their disposal at the shops to eligible persons. Sales would be monitored through the passenger name, flight numbers and date of arrival/departure. The subsystem thus keeps an inventory of goods in each duty free shop with functionalities to register the receipt of goods into duty free shops and sales of such goods.
G.
The Excise Control Subsystem
63
Customs Declarations of products that are subject to excise duties will be catered for under the Excise Control subsystem. The subsystem is similar to WCS for monitoring the movement of the goods and the payment of excise duties by way of excise stamps. Excise stamps are required to be affixed on products and reported in the Customs Declaration. Each Declaration will contain the serial numbers of excise stamps used. The system will keep a record of the excise stamps in the custody of CD RT; those purchased from CD RT by the traders/companies and will write off the
Final Release
Private & Confidential
Page 22 of 245
TA4451-TAJ
Final Report
December 2006
records of stamps used. No excise stamp number can be repeated. Discrepancies will be highlighted to the Excise officers. H.
The Tariff Nomenclature Subsystem
64
The Tariff Nomenclature subsystem will comprised a table (module) of the complete common EurAsEC Tariff Codification Book used for the classification of goods. This module will contain all the tariff lines of Codification Book, the MFN and preferential tariff rates of import and export, excise rate and the VAT. The table will also be flexible to provide for countervailing or anti-dumping rates as and when they arise. The database will also contain separate tables providing for the internationally accepted codes used in the data elements such as port code, country code, product code and CD RT national codes such as location of entry/exit clearance office or border posts. Current clearance offices border posts are designated in a numerical format. For example, Dushanbe-2, a rail clearance point is listed numerically as “76104”. CD RT may wish to review this to provide for an alphanumeric format with 5 characters. Dushanbe-2 within the Dushanbe Regional Office could be listed as DDU02, the first character being the Regional Office and the rest of the characters being the actual location. A second rail clearance point Dushanbe-1 could be listed as DDU01. The Tariff Nomenclature subsystem will provide for authorized officers to update the tariff rates (import and export, excise and VAT) should any of the rates be changed. The system administration will provide access to only two high level management officers to perform this task. CD RT would have to designate the appropriate officers. The first officer could be the head of the Tariff Regulation subdivision. He enters the rate changes. The second officer could be the Divisional Head. His task is to confirm the changes.
I.
Valuation Subsystem
65
The Valuation subsystem contains the database of all values declared for imported and exported goods. The system will also program a range of acceptable values for products based on the input by CD RT. The acceptable values of each product should be based on country of origin, date of purchase or import/export. The database would capture product names, product codes (if any), country of origin, dates of purchase or date imported/exported, year of manufacture and the like. The data would be useful, as transaction values declared might be rejected and CD RT would have to follow the hierarchal order of deriving acceptable values under the other five methods of the Valuation Agreement Code.
J.
Customs Conditions Subsystem
66
The Customs Conditions subsystem will contain all the normative rules provided in the Customs Code and/or other conditions that CD RT may establish. This database is part of a Business Rule Engine. Conditions imposed could include the remainder of providing sufficient funds in bank account for deduction of customs duties and taxes.
K.
Duty Payment Subsystem
67
The Duty Payment Subsystem will handle the assessment, verification, monitoring and generation of revenue reports. This subsystem will also link up with banks to cater for e-payments. Interfaces with other subsystems such as Tariff Nomenclature will confirm the accuracy of the rates of duties and taxes declared. The subsystem automatically calculates duties and other taxes for each Customs declaration based on the customs value, classification of the goods, and rates of duties and taxes. A
Final Release
Private & Confidential
Page 23 of 245
TA4451-TAJ
Final Report
December 2006
linkage with the Ministry of Finance (MOF) will be necessary. MOF monitors and projects revenue collection from each regional office and border posts and provides performance targets for them to attain. Monitoring reports would have to be generated and positive or negative variance of the projected performance targets would be highlighted to MOF. L.
Fees and Billing System Subsystem
68
Traders will from time to time require Customs services or Customs services are provided for a fee. The Fees and Billing Subsystem will generate the invoices requesting the traders and other clients for the payment. The payment could also be deducted from the banks if authorized by the clients. Thus there will be an interface with banks for e-payment where appropriate.
M.
Customs Statistics Subsystem
69
The Customs Statistics subsystem will cater for the production of trade statistics derived from Declaration Control subsystem. Statistical reports will be generated and the subsystem will be able to produce soft-copy reports for submission to the government agencies involved and to foreign administrations when required.
N.
Security Deposit Subsystem
70
CD RT requires security deposits from traders to guarantee they fulfill their obligations. This is to safeguard the goods from entering illegally into free rotation without payment of customs dues and taxes.
71
A Security Deposit system administers the security deposits lodged by traders. A record of each deposit will be created upon presentation to CD RT. The system will track and monitor the status of the security deposits. Reports will be generated to inform CD RT on the requirement to return the security deposit or request for the renewal of the deposits or request for topping up insufficient security required.
72
It is proposed that security deposit be used as a means of monitoring, controlling and ensuring the accomplishment of Customs formalities for Customs Declarations For example, a trader can lodge a specified amount of security deposit in the form of a bank guarantee for temporary storage purposes. When he declares, for example, a Customs Declaration, the amount of duties and taxes is debited (subtracted) from his security deposit. There is no actual deduction, only a temporary suspension of the amount of duties and taxes he would have paid if he withdraws the goods into free rotation. This amount will be credited back to the security deposit when he accomplishes all Customs formalities for the specified consignment (exported or withdrawn for free rotation with duties and taxes being paid). The suspended amount cannot be greater than the security deposit lodged. When he declares another Customs Declaration, the amount of duties and taxes is debited again. If he does not accomplish all Customs formalities to close the Customs Declaration, the amount of suspended duties and taxes continues to be suspended. If he further declares another Declaration and the amount of duties and taxes suspended added to the previous suspended amount is greater than the security deposit, the system will alert CD RT. A request will be made for the trader to top up his security. This system of debiting and crediting security deposit for each Customs Declaration made will ensure that CD RT interests are not compromised. At all times, the security deposit secures the revenue, which would have been paid if the goods cannot be accounted for. Security deposits under this system would ensure that traders accomplish the
Final Release
Private & Confidential
Page 24 of 245
TA4451-TAJ
Final Report
December 2006
formalities in the shortest time possible; else they would be subject to further topping up of the security. O.
Risk Management System
73
The Risk Management System will be responsible for producing the Selectivity Criteria for examination. There is no single methodology to identify and assess risks. There are a number of developed processes for identifying, assessing and managing risks. The Australian and New Zealand Customs developed a systematic cycle of the examination of risks management. CD RT in identifying risks will have to include in their consideration the environment within which they operate, the clients and relationship to CD RT (this takes into account the compliance rate of clients which can be ascertained from the Customs Offence Records), the transactions carried out by clients (element of risks of imports from country of origin and level of risk, patterns of trade from different countries, value of transactions), and the consequences of each risk identified. In assessing the risks, CD RT would consider the effects of each risk and the level of it happening (the more serious the risk, the less acceptable the risk – thus consignments would be targeted for examination). In managing risks, the next step would be to prioritize the risk and measures to deal with these. In all likelihood, total elimination of risk is not possible; reduction to acceptable level is.
74
In developing risk management techniques, the DC RT should select their “Risk Indicators. These are specific items, for example, a particular product, a particular country of origin, which can be targeted for potential of Customs infringements. Risk Profiling would be a combination of the risk indicators, which have been studied and analyzed from information gathered from the Customs Declaration, Customs Offence System and other sources.
75
The Customs Declarations System will interface with the Risk Management System that will contain the selectivity criteria which determines the action by CD RT clearance officers and to alert Post Audit Clearance. The system will indicate the appropriate channel of clearance such as “Red” for thorough examination, “Yellow” for partial examination and “Green”, no examination required and consignment to be cleared. Examining officers will also have to produce a report of the results of their examination and post it back to the Risk Management System. Officers who override the systems decision, for example, examining “Green” channel consignments or releasing “Red” channel consignments will similarly have to produce a report to account for their actions.
P.
Customs Offence System
76
This system maintains records of Customs offences committed. The details that shall be contained include names of company, name of offender (declaring agent or other persons), Customs Declaration type and approval number, date of offence, place of offence, type of offence, type of goods involved, action taken (composition fine, court action and amount of fines imposed/paid), name of detecting officer, name of investigating officer, and investigation file reference.
Q.
The Travelers Management System
77
Residents and non-residents enter and leave the country through three means of transportation, by rail, air and road. The airline and railway operators can facilitate the management of travelers by air and rail with the presentation of passenger manifests. The passenger manifests are key sources of information for the Customs to decide on the thoroughness of examination of persons profiled as high-risk targets.
Final Release
Private & Confidential
Page 25 of 245
TA4451-TAJ
Final Report
December 2006
The extraction of information from the manifests will also provide profile of the selected persons’ movement, the frequency of such movements and the level of potential risk to Customs. Road travelers pose a larger threat to revenue loss. The lack of data on the travelers through the borders can and does result in travelers (living near the borders) moving across the borders many times in a day. This can lead to them carrying goods across the border in small quantities or in part shipment to avoid payment of Customs dues and taxes. 78
The Travelers Management System will comprise the establishment of a Black List of Suspected Offenders. This Black List will be build by CD RT based on a Risk Profile from information gathered or risk indicators selected. The Black List can be downloaded to a Border Control Department (BCD). BCD is the first point of contact. The BCD can alert CD RT when blacklisted travelers are detected at the border crossing. CD RT can then carry out their examination. Reports will be prepared and kept within the Travelers Management System.
R.
Conclusion
79
The current manual system is to be replaced under the framework of a single electronic window (SEW) serving the CD RT community. The SEW will be the electronic platform to bring together all stakeholders, from both the private and public sectors. The integrated information and management system providing both internetbased and host-to-host connection will facilitate the exchange of information, eliminate the manual submission of Customs Declaration, facilitate the legitimate trader through faster clearance and the minimization of human intervention and enable CD RT to move from a people-driven process to a system-driven workflow, with business rules and artificial intelligence built into the system. This will help to increase transparency and predictability of service. The UAIS should support all international standards of message format such as XML, UN/EDIFACT, RosettaNet, and ANSI X-12 support inter-agency exchange of data and with other foreign customs administrations.
Final Release
Private & Confidential
Page 26 of 245
TA4451-TAJ
Final Report
V.
December 2006
INTER-AGENCY COORDINATION
A.
Inter-agency Cooperation and Coordination
80
Gaining the support of the competent authorities, which are responsible for processing of controlled goods is vital to facilitate the one-stop approval clearance process in the CD RT UAIS. The active participation of competent authorities for a single administrative document is important for establishing a synchronous one-stop clearance and to avoid unnecessary delays in processing and clearance of the Customs Declaration. The strategies which CD RT should adopt are as follows: 1. Establish regular dialogues and consultation with the inter-agencies to gain support for the single window concept 2. Include all agencies related to trade facilitation including the Ministry of Trade and Economy, Ministry of Industry and Ministry of Transport. The Ministries play important roles in the promotion of trade. 3. Establish the preparation of a Product Listing of all the goods under control and the agency responsible. The products are to be listed by Harmonized System Code under the present Tariff Nomenclature of CD RT. This List is to be constantly updated and kept on the proposed UAIS Certification & Licensing subsystem. 4. Include several of the agencies for study visits and/or training sessions related to CD RT UAIS to enable the agencies to gain and understanding of the benefits of a single window one-stop system. 5. Invite from time to time agencies to lecture CD RT officers on the rationale for placing goods under control and techniques adopted by the agencies to approve the goods. 6. Request the agencies to empower CD RT the responsibility of performing their tasks for them such as the examination and/or extraction of sample for these agencies of products that require clearance; and 7. To include the agencies in the Project Steering Committee. In the event a National Trade and Transport Facilitation Committee (NTTFC) is establish to oversee trade facilitation strategies, the agencies should also be involved as active participants.
Final Release
Private & Confidential
Page 27 of 245
TA4451-TAJ
Final Report
VI.
December 2006
UNIFIED AUTOMATED INFORMATION SYSTEM (UAIS)
A.
Objective of UAIS
81
Tajikistan UAIS proposal aims to develop a full suite of integrated, robust and intuitive software systems that leverages on stage-of-the-art technology to support the streamlined CD RT key processes.
82
The UAIS will modernize CD RT workflow and help it achieve the following main objectives: i.
Provide a more effective customs control through risk assessment, profiling, and data mining.
ii.
Provide a more efficient Customs clearance through the use of electronic forms and auto-processing rules, including general automation of Customs procedures and electronic exchange of information.
iii.
Provide a more uniform application of Customs law by programming them into the system and subject all stakeholders to the same rules.
iv.
Provide a more efficient revenue collection method through direct interface with banks and real-time debit from accounts.
v.
Provide a more effective data analysis through pre-defined reporting rules and generating reports from error-free and timely data.
vi.
Provide a more efficient production of trade statistics, where trade statistics can be generated from data with up-to-the-minute accuracy.
vii.
Provide quality of data by enforcing validation rules and checks uniformly throughout the system.
83
The proposed UAIS solution shall be cost-effective and have the ability to best meet the requirements of the CD RT. At the same time it will contain features that are found in modern Customs systems.
B.
Design Consideration of UAIS
84
The design of the UAIS software has to take into account the local conditions of RT, as well as the likely usage pattern. The two main groups of users of the UAIS are the trade and logistic community, and the CD RT.
85
The trade and logistic community consist of the following groups of users: • • • •
86
Rail and air terminal operators, freight forwarders, and carriers; Customs brokers and Customs specialists; Licensed warehouses; Traders, importers, and exporters.
Design considerations for the above users are: •
Final Release
Able to make users more productive without increasing their cost. The cost of using UAIS should be the same or less than the current cost without UAIS.
Private & Confidential
Page 28 of 245
TA4451-TAJ
Final Report
December 2006
•
Able to be a one-stop application for users. For example, users should be able to make document submission, payment of charges, and receiving back Customs approval, all within the UAIS.
•
Able to cater to declarants and end-users from all over the country. This means that the UAIS software has to be easily installed and supported at different geographical regions and locations.
•
Able to increase user’s productivity. For example, by using the UAIS, users should be able to do much more declarations per day than previously.
•
Able to support multiple users at a single location. This is because there may be more than one Customs Specialists in a company, and they have to be distinguished.
•
Able to work well in low bandwidth situation. This is because in many places of RT, the telecommunication infrastructure is still not mature yet.
87
The second group of users is the CD Officers. They consist of the personnel at Customs HQ, including the existing six divisions, Regional Office personnel, and the Border Post Officers.
88
Design considerations for CD RT users are as follows:
89
•
Able to handle large volume of data submitted by users of the system. This is because users from all over the country will be submitting electronic documents to CD RT.
•
Able to do data-mining, data-warehousing, and flexible reporting due to the number of reports and statistics that CD RT needs throughout the year.
•
Able to have access to UAIS data in real-time. This is important because CD Officers need up-to-date data for risk management, processing, and reporting.
•
Able to access the UAIS from any location at anytime. The UAIS has to be designed such that the Regional Offices and Border Posts are able to have access to it easily.
•
Able to provide CD Officers everywhere with the same visibility of data. For example, CD Officers from different Regional Officers should be able to have access to the same data from the database.
Keeping in mind the above, the UAIS also has the following additional requirements: •
It has to provide connectivity to other Agencies and Ministries. For example Ministry of Finance of RT, Ministry of Health of RT, Ministry of Agriculture of RT, Tajikstandard, and Tajikistan Chamber of Commerce and Industry, etc. The connectivity can be in the form of a file interface, or a user interface for users from these organizations to use.
•
It also has to provide connectivity to financial institutions (banks). For example National Bank of RT. This is to facilitate auto-debit of funds from traders and declarants.
Final Release
Private & Confidential
Page 29 of 245
TA4451-TAJ
Final Report
December 2006
•
It has to be a secure system, from data transmission to data storage.
•
It has to be expandable, and easily adapt to increase in trade volume or the addition of more functionality.
•
It has to be compatible, in terms of features and technology, with other modern Customs system.
C.
UAIS Technology
90
The UAIS will be large-scale software that is installed at Customs HQ. It will operate out of the HQ. The reason is that it is cheaper to build one major infrastructure to support the UAIS hardware. If the UAIS were to be a distributed system, with hardware and software installation in many locations, then the maintenance and support cost will be much higher. With only one location, the cost of hiring and training support personnel for the UAIS will also be lower as well.
91
The UAIS will have a central database, such as the Oracle Relational Database Management System (RDBMS). The central database will facilitate data mining and data-warehousing. With one database, it will ensure data integrity, and it is also easier to archive data and generate Customs report from.
92
The technology used for the UAIS software is recommended to be Java 2 Enterprise Edition (J2EE). J2EE standards allow portability to multiple platforms such as UNIX, AIX and Windows. This means that there can be more choice in the hardware.
93
J2EE is also multi-tiered, which means the user interface layer can be customized without affecting the domain layer that holds the essential business processing logic of the UAIS. J2EE also has the advantage of being the technology of the Internet and is highly scalable to cater for higher volume in the future.
94
Since Java is a popular programming language, the cost to CD RT will be lower if it were to maintain an in-house team of programmers to develop additional functions to the UAIS.
95
Even though J2EE and Java will be used, in some cases an alternative technology has to be considered too.
96
For the trade and logistic community, since they require lots of data entry, without the need of real-time connection, it is suggested that Visual Basic program can be used. Data can be stored locally in a Microsoft Access database. Only when there is a need to communicate with the UAIS, then data will be transmitted to Customs HQ.
97
A summary table of the technology proposed for the UAIS software is shown below: Component
Technology
Software for the community Software for CD Officers Software for Ministries and Agencies or to link with them
Microsoft Visual Basic and Access database Web-based from Customs HQ servers Web-based from Customs HQ servers, or could be file interface through a secured channel
Final Release
Private & Confidential
Page 30 of 245
TA4451-TAJ
Final Report
Software for linking with external parties like foreign governments and organizations UAIS software Database
December 2006
File interface through a secured channel
Java and J2EE Oracle RDBMS
D.
UAIS Architecture
98
The UAIS software should be made up of 3 logical layers, they are listed as follows, from the bottom layer to the top: • • •
The Service Layer The Domain Layer The Interface Layer
99
The Service Layer consists of the basic applications and systems that will be used by all the subsystems in the upper layers. This also includes interaction with the database.
100
The Domain Layer consists of applications that hold the business logic processing and other types of processing. It is the link between the interface layer and the service layer.
101
The Interface Layer consists of either user interfaces that allows user to interact with the system directly, or an application that allows other systems to interact with the UAIS.
102
A diagram of the software architecture and an example is shown below:
Final Release
Private & Confidential
Page 31 of 245
TA4451-TAJ
Final Report
December 2006
103
The UAIS server-software explanation:
104
Basically, UAIS software that needs the Web Browser to connect to Customs HQ’s URL is called the sever-software. It requires either an Internet or Intranet connection to work.
105
Users will have to use Web Browsers like the Internet Explorer, FireFox, Safari, or Netscape on their PC to connect directly to the URL of CD RT. This is so that users can use the software that is installed at the Customs HQ servers, and have access to the central database there.
106
A diagram showing the use of server-software is shown below:
Final Release
Private & Confidential
Page 32 of 245
TA4451-TAJ
Final Report
December 2006
107
The UAIS client-software explanation:
108
The UAIS software that does not need the Web Browser to function, and can store data locally on the PC, is called the client-software. It does not need an Internet connection to work.
109
Users will have to launch the application on the PC. All data will be stored locally and there is no need to connect to Customs HQ till needed.
110
A diagram showing the use of server-software is shown below:
Final Release
Private & Confidential
Page 33 of 245
TA4451-TAJ
Final Report
December 2006
E.
UAIS Overview
111
The UAIS software can be logically divided into four main areas: • • • •
The UAIS Core Systems; The UAIS Subsystems; The UAIS Common Services; and The Messaging Gateway
112
The Core Systems will exist as client-software as well as server-software. The clientsoftware allows the Trade and Logistic Community to send various electronic documents to CD RT. The data will pass through the Messaging Gateway to the server-software for processing. The server-software will provide functionality for CD RT to process the data submitted by the users.
113
The proposed Core Systems include the following:
Core Systems 1
2
Final Release
Manifest Control
Declaration Control
Main Functionalities •
For submission of electronic manifest pre-arrival or upon actual arrival of vessel at the border posts or terminals of Tajikistan.
•
Enable CD RT to auto-process the submitted manifest documents according to the rules set into the System.
•
Enable CD RT to do risk assessment on the shipment. It also allows Customs to reconcile the manifest information with the goods declaration information that is submitted later.
•
For submission of electronic import, export, transshipment, or Customs declaration of any Customs Regime. Approved declarations will be returned with a permit number by the System.
•
Enable CD RT to auto-process or manual-process submitted Customs declarations. The System will reconcile the declarations with the shipping manifests received.
•
Will auto-calculated duties and taxes payable by declarants, and auto-deduct the appropriate amount from their bank account.
•
It is linked with several other Subsystems of the UAIS.
Private & Confidential
Page 34 of 245
TA4451-TAJ
3
4
Final Report
Warehouse Control
December 2006
•
Enable Warehouse Operators to store and submit inventory data and cargo valuation data to CD RT. It can handle goods for duty free shops, as well as general goods movement or transfers.
•
Allow tracking of all licensed warehouses’ inventory based on approved Customs declarations. All movement of cargo to and from the warehouses is tracked. It can also generate comprehensive reports for CD Officers to do post Customs Control audit and inspection.
Certificate and • License Control
Allow submission of electronic Certificates or Licenses.
application
for
•
Allow Officers of the Agencies and Ministries to login to receive and process application for certificate or licenses.
•
Auto-calculates fees payable by applicants, and deduct the appropriate amount from the designated financial institution.
114
The Subsystems consists of applications that are used by CD RT personnel to support their daily work. The Subsystems will exist as server-software, with no clientsoftware, because only Customs personnel will have access to them.
115
The proposed Subsystems include the following: Subsystems 1
2
Final Release
Registration
Administration
Main Functionalities •
Provide a centralized application where the trade and logistic community can be registered with the UAIS as users. They will receive user ID and password to the system.
•
Keep the bank account information of users as well, to be used for billing and duty deduction.
•
Allow CD Administrators to assign user roles and rights to Customs officers. It is similar in concept to the Registration Subsystem, but for CD RT and related personnel only.
•
Serve as the communication center for CD RT to send information to stakeholders of the UAIS. It can store and send notices and circulars, as well as make announcements to external parties.
Private & Confidential
Page 35 of 245
TA4451-TAJ
3
4
Final Report
December 2006
Tariff Nomenclature •
Enable CD Officers to manage and control the codes that are used throughout the UAIS. For example HS Code, country code, port codes, and product codes etc. CD Officers can also use the Subsystem to set the tariff rates to the goods. The codes managed by the Subsystem can be international standard codes, or RT standard codes.
•
Allow new or updated codes to be sent to the Core Systems’ client-software.
•
Enable CD Officers to track the standard value of goods. CD Officers can use it to create and maintain the goods valuation database.
•
Handle the validation of cargo value that is declared in declarations. It will analyze the declared value and flag any non-conformance. It automatically adjusts its database of values as it collects more data.
Valuation
5
Customs Conditions
•
Enables CD Officers to “program” RT Customs Code into the UAIS. This can be done using the Rule Editor of the Rule Engine.
6
Post-Clearance
•
Perform two main functions. One is the inspection scheduling and tracking. The other is post audit team (CD Inspectors) management.
•
Handle inspection requests that are triggered by the Manifest Control, Declaration Control, or the Warehouse Control System. CD Officer will use it to schedule inspections, as well as view detail of cargo that requires inspection. CD Officer can also deploy Inspectors with the Subsystem.
•
Enable Customs Inspectors to enter inspection result and offence data. The Customs offences will be tracked in the UAIS database.
•
Enable CD Inspectors in the recording and categorizing of offence data, as well as interface with Risk Management and Intelligence Subsystem. Inspection results are feedback into the Risk Management Subsystem in order to improve its effectiveness.
7
Final Release
Customs Offence
Private & Confidential
Page 36 of 245
TA4451-TAJ
8
9
Final Report
Duty Payment
Fees and Billing
10 Security Deposit
11 Currency Control
12 Excise Control
Final Release
December 2006
•
Perform two main functions. One is to handle duty and charges calculation and collection. The other function is to link up with financial institutions, for example banks, to deduct the funds from declarants’ accounts.
•
Able to automatically calculate duties and other taxes for each Customs declaration based on the customs value, classification of the goods, and various duties, taxes and fee rates applicable.
•
Perform the function of billing and collecting money. It will generate monthly bills to users of the UAIS, and also helps CD RT to collect fines from declarants who had committed Customs offences.
•
Allow CD Officers to manage the billing cycle and charge codes of the UAIS, among other things.
•
Provide facilities for managing securities lodged by traders, importers, or exporters. This is to cover both goods moving in and out of Customs territories. Information such as security applicants, providers, as well as forms and types of security are captured and stored online. CD RT will maintain such information.
•
Functions such as review request, discharge request, liquidation request, and exemption request are also provided in this Subsystem.
•
Allow CD Officers to track the export revenue of companies and the validity of payments for imported goods in a foreign currency.
•
It will store and manage the transaction certificates of traders, as well as securing control on the amount that exceeds the contract.
•
Automates the excise stamps department activities. For example, registration of applications for purchase of excise stamps, payment made for excise stamps and issue of stamps on the receipts to the control of stamps utilization and application closure.
Private & Confidential
Page 37 of 245
TA4451-TAJ
Final Report
13 Risk Management And Intelligence
14 Customs Statistics
December 2006
•
Perform two main functions. First is that it helps to identify and flag any potential threats or nonconformance, and alerts the CD Officer. Second is that CD Officers can specify and set the risk criteria for each of the Core Systems.
•
It can be used to build risk profile for companies as well as individual; this can be referred to as the Blacklists.
•
It can also take in risk data from external systems and incorporate this data into its criteria for consideration. However, this data has to be of predefined file format, or it has to be converted through the Conversion Engine.
•
Has the ability to analyze trends and projections. The overall goal is to provide Customs with an intelligent system that allows it to direct its limited resources to potentially high-risk consignments.
•
Allow CD Officers to generate customs and trade statistics for the CD RT or the Ministry.
•
It can be scheduled to generate routine reports, or be operated to generate reports on-demand. Data will be drawn from the UAIS central database.
116
The Common Services consist of software components that are used by the Core Systems and Subsystems. These components are the underlying building blocks, and they provide essential functionality to UAIS.
117
The Common Services include the following components: 1. 2. 3. 4. 5. 6.
118
Access and Password Services; Notification and Alert Services; Audit Services; Report Engine; Rule Engine; and Reconciliation Engine;
The Messaging Gateway is an important part of the UAIS that allows communication between client-software and server-software. It also acts as the interface between external parties and the UAIS. It supports all standard communication protocol and implements secure connection for message depository and retrieval. The Messaging Gateway has a built-in Conversion Engine to format messages if needed.
Final Release
Private & Confidential
Page 38 of 245
TA4451-TAJ
119
Final Report
December 2006
A diagram of the overview of the UAIS is shown below:
Final Release
Private & Confidential
Page 39 of 245
TA4451-TAJ
Final Report
December 2006
120
The different applications of UAIS will interact with each other through programming interfaces. An interaction grid between the applications of UAIS is shown below. The grid is based on the functional requirement that had been drafted.
121
The functional requirements for the UAIS software are detailed in Appendix D. They contain description of all the functionality needed in each UAIS component and System.
Final Release
Private & Confidential
Page 40 of 245
TA4451-TAJ
Final Report
VII.
December 2006
IT INFRASTRUCTURE AND NETWORK FOR UAIS
A.
Introduction
122
The current infrastructure of Customs Department Headquarter (Customs HQ) and Regional Offices (RO) is inadequate to support the full implementation of the UAIS.
123
It is proposed to adopt a centralized model for the UAIS whereby all trade related processing and data are hosted at Customs HQ. The users at regional offices, border posts, terminals and the Trade and Logistics community at large will access the Custom HQ for all trade transactions. The IT infrastructure and network is designed based on this guiding principle.
124
Having a de-centralized model will not be cost-effective, as it will mean duplicating the infrastructure at Customs HQ to the Regional Offices to a large extent. Having a de-centralized model will also complicate the workflow such as having to synchronize the data and software between Customs HQ and Regional Offices.
B.
Assessment of current ICT Infrastructure
125
The current ICT Infrastructure is not adequate for Customs Modernization. summarized assessment is shown in the table below: -
Current ICT Infrastructure • • • • • •
C.
Assessment • •
Hardware is inadequate Most hardware is obsolete
•
No overall IT network for connection Customs HQ, Regional Offices, and Border Posts No Data Center (DC) to host the servers
•
Steps for UAIS setup 1.
126
Most PCs are Pentium II and III running Windows 98, ME No servers for hosting web-bases Customs transaction applications Limited Internet connection Regional Offices have no LAN Data transmission via diskettes and Codan radio modem Customs HQ has LAN but no Data Center
A
Equip CD RT with ICT equipment such as PCs, printers and scanners and UPS.
The UAIS needs to be supported by all these peripheral equipment so that users can interact with the system electronically and in an effective manner. Appendix F shows the type of equipment, quantity and estimated cost that is needed to equip the whole of CD RT.
Final Release
Private & Confidential
Page 41 of 245
TA4451-TAJ
2. 127
Final Report
December 2006
Setup a UAIS network based on the framework as shown below:
The diagram below shows the overall high-level view of the proposed network infrastructure that will be needed for the implementation of UAIS:
Figure 1: Diagram showing the connectivity scenarios for the UAIS
Final Release
Private & Confidential
Page 42 of 245
TA4451-TAJ
128
Final Report
December 2006
The network connectivity alternatives for UAIS is also shown in the table below: -
Leased line
Telephone Telephone Radio Radio waves - Wi-Max line – ADSL line – dial- waves – Codan modem modem up modem GPRS (Internet) (PSTN) (Internet)
Satellite
Customs HQ to DR Customs HQ and Regional Office Regional Office and Border Post Customs HQ and Border Post
129
There is a need for on-line synchronization of data between Custom HQ and Disaster Recovery centre and for security and performance reasons, a leased line is preferable for linking the 2 sites.
130
Telecommunications is available at Customs HQ and Regional Offices and hence it is possible for these sites to link to internet via ADSL modem, GPRS or do a modem dial-up using the Public Switched Telephone Network (PSTN)
131
At the border posts, especially those in remote areas such as KHATLON and GORNO-BADAKSHAN, telecommunications infrastructure may not be available and hence it is necessary to transmit the Customs declaration via Codan radio modem to the regional offices where the information will then be entered into the UAIS. This is a temporary solution until the telecommunications infrastructure is available to such areas.
132
We have proposed VSAT (Satellite) and WiMax for network alternatives, but these were considered not viable taking into account the specific conditions in Tajikistan.
Network Alternatives (not viable) VSAT (Satellite)
WiMax
Reasons High Cost - estimated costs $50,000 per installation $3,000 to $5,000 monthly charges Wave frequency is not allowed
Table showing reasons for the not viable alternatives
Final Release
Private & Confidential
Page 43 of 245
TA4451-TAJ
133
Final Report
December 2006
The monthly telecommunications charges (based on Babilon) of using the network alternatives is shown below:
64 kbps 128 kbps 256 kbps 512 kbps 1024 kpbs
ADSL
Dial-up modem
GPRS
$192 $384 $768 $1536 $3000
$30 -
$30 -
Table showing the monthly telecommunication charges 134
The current average file size (based on 34 data items) of Customs declarations is around 1 kilobyte per declaration. Appendix L shows the Customs declaration volume for the year of 2005. The data show that around half of the border posts have less than 10 transactions per day. Assuming a file size of around 5 kilobyte per transaction for the UAIS (all the 54 data items are captured), most border posts can use the bandwidth of 64 kbps via dial-modem (or GPRS) to submit the transactions to Customs HQ.
135
The Traders can make use dial up modem to access the Customs HQ. This is shown in the diagram below. The traders will use the UAIS front-end applications on their PC, and after which they can connect using modem to dial up and submit or retrieve messages from the UAIS Messaging Gateway.
Diagram of the network connectivity through dial-up modem 136
The remote access server (RAS) will receive the call and authenticate the call through radius server. Upon successful authentication, the server will connect to the modem and allow data to pass. The firewall will intercept the data allowing only certain protocol to pass through the Messaging Gateway.
Final Release
Private & Confidential
Page 44 of 245
TA4451-TAJ
137
December 2006
Regional offices and border posts with higher transactions such as Dushanbe-2 that process up to a maximum of around 150 declaration transactions per day can use the ADSL modem of 128 kilobytes per second (kbps), which should be of sufficient bandwidth. 3.
138
Final Report
Equip each Regional Office with LAN and connectivity to UAIS network.
A typical LAN setup using ADSL to connect to ISP/Internet is shown below:
Diagram: Regional Office with ADSL connection 139
A LAN network that is protected via firewall and Intrusion Prevention System will connect each regional office. A VPN concentrator enables the regional offices to have a secure and private connection to the Customs HQ through the Internet. The specifications for the regional office hardware are shown in Appendix F.
Final Release
Private & Confidential
Page 45 of 245
TA4451-TAJ
4. 140
Final Report
December 2006
Equip the priority Border Post with LAN and connectivity to UAIS network
A typical LAN setup using ADSL to connect to ISP/Internet is shown below:
Diagram: Border Post with ADSL connection 141
In the high priority border posts where there are more than 4 PCs, a LAN and a server will be installed to connect and administer the PCs and printers. The LAN is protected by firewall, which is built-in on the router. The specifications for the border post hardware are shown in Appendix F.
Final Release
Private & Confidential
Page 46 of 245
TA4451-TAJ
Final Report
December 2006
Diagram: Border Post with GPRS connection 142
In places where no PSTN is available, the cellular phone GPRS network can be used to connect to the Internet and to Customs HQ. The workstation is connected to the cellular phone via cable or Bluetooth, which will in turn use GPRS to access the Internet.
Final Release
Private & Confidential
Page 47 of 245
TA4451-TAJ
5. 143
Final Report
December 2006
Setup Customs Intranet Zone using Virtual Private Network
The network for the UAIS is divided into 2 main parts: Local Area Networks (LAN) and Wide Area Network (WAN) component interconnecting these LAN’s. LAN component shall consist of functional local area networks: (i) (ii) (iii) (iv)
Central office Six functional divisions Dushanbe, Tursunzade, Sughd, Khatlon and Gorno-Badakhshon regional offices All customs internal/border posts
Diagram showing VPN connection between Customs HQ, Regional Offices and border posts 144
Between the regional offices and HQ, hardware VPN concentrators are used to enable secure connection through the Internet. At the border posts, the software VPN clients on the PCs are used for secure access to the Customs HQ and Regional Offices.
Final Release
Private & Confidential
Page 48 of 245
TA4451-TAJ
6.
Final Report
December 2006
Setup a Data Centre to host the servers at Customs HQ and setup a Disaster Recovery (DR) site at least 5 km away from Data Centre
145
HQ will have a Data Center that will host the UAIS back-end. In addition, it will have an infrastructure that will support the following:
146
The UAIS Production Environment. This consists of three layers, the Demilitarized Zone, Application layer and the Database layer.
147
The UAIS Development Environment, which is a scaled-down version of the Production Environment. Developers to deploy and test the UAIS software before moving it to Production Environment use this segment.
148
The Management Segment Zone is where network and system administrators will work. The zone shall manage the firewalls, routers, servers, security devices and other network infrastructure.
149
The Core Network Zone, which is where the workstations of the Customs are connected by switches.
150
The Disaster Recovery Centre is a scale-down size of the Data Center and will be connected to the Data Centre via a leased line.
Final Release
Private & Confidential
Page 49 of 245
TA4451-TAJ
151
Final Report
December 2006
The hardware specifications for Data Centre and Disaster Recovery Centre are shown in Appendix F.
7.
Setup a centralized database at Customs HQ using Oracle as RDBMS
152
Data is an asset that should be protected to safeguard its integrity, confidentiality and availability. Hence t is important for Customs to have a centralized database to store and manage the data using a RDMS database such as Oracle.
153
Some of the most important data to keep in the Customs’ database are shown in the diagram below.
Application Layer
Customs Declaration Warehousing
Database Layer
Manifest
Black List
Manifest
Risk Management
Code Management
Customs Declaration
Valuation
HS code
Travelers Data
Valuation
Exchange Rate
License
Post Audit Custom Clearance
Risk Managemen
Goods Inventory
154
The most important data in the database is the Customs declarations data that provides source information such as the declarant’s particulars, HS-code, country of origin and value of goods. The information is used in other subsystems such as the risk management whereby based on certain rules, the Clearance officer decide on the need for goods inspection. Any deviation in the goods valuation from the normal range may trigger an alert to the Post Clearance Audit officer who may then conduct a post audit of the company.
155
The centralized database will enable the UAIS to manipulate and compare data. For example, the manifest data can be compared against the Customs declaration data to check that the items and quantity are correct and the UAIS will flag an alert if there are any discrepancies. A centralized database will enables UAIS to generate statistics for tracking key information such as Performance Indicators.
156
The centralized database will also keep the reference data such as HS code, Exchange Rate and Tariff nomenclature. These information needs to be published to Declarants as they will need to reference these information when doing Customs declarations.
Final Release
Private & Confidential
Page 50 of 245
TA4451-TAJ
Final Report
December 2006
157
Proper design of database using relational database technology is needed to ensure data integrity, data is secured against unauthorized access and database performance is optimized.
D.
General Requirements 1.
158
The network between the Regional offices and Headquarter shall have high availability of 99.95%. This is done by operating system clustering or load balancing of the servers. Application that cannot be cluster will be using load balancer to direct traffics to multiple servers. The bandwidth supporting the regional offices to Headquarter shall be sufficient to support various applications without degrading the performance of the application.
2. 159
Availability
Performance
Online response time for a transaction is the elapsed time starting from an event such as a click of a button using a mouse (to activate a transaction) to the time where the computer generated output is seen on the screen of a PC. The network infrastructure should be designed such that such that the online response time for the system in the intranet shall meet the specified performance standards for at least 80 percent of the transactions. Transaction Type Submit transactions Search transactions Reports
160
The network infrastructure should be designed such the online response time for the system in the extranet shall meet the specified performance standards for at least 80 percent of the transactions. Transaction Type Submit transactions Search transactions Reports
3. 161
Response time (seconds) 5 seconds 8 seconds 12 seconds
Response time (seconds) 12 seconds 15 seconds 20 seconds
Security
The network infrastructure shall be designed such that the intranet zone is secured against unauthorized access and is not accessible to non-Customs users in the extranet zone.
Final Release
Private & Confidential
Page 51 of 245
TA4451-TAJ
VIII. A.
Final Report
December 2006
QUALITY ASSURANCE AND SECURITY REQUIREMENTS OF UAIS
Quality Assurance 1.
Processes for software development and quality assurance
162
The supplier shall be preferably be ISO 9001:2000 certified and have been appraised at CMMI level 5
163
If the supplier does not meet the requirements of ISO 9001:2000 and CMMI level 5 as specified in the above clause, the supplier shall substantiate that they have equivalent processes in place for the development and maintenance of the system.
164
The supplier shall propose the software development methodology for the project. As part of the software development, the supplier shall put in place processes to ensure that the system delivered is of high quality standard and free of defects.
165
Appendix G shows the framework of processes required for software development and quality assurance. The development methodology shall support the list of processes.
166
The supplier shall propose additional processes that are needed for producing good quality products and for successful completion of the project.
167
The supplier shall propose the relevant software development standards and guidelines for the processes. Examples of standards and guidelines are design and programming standards, versioning control standards and user interface guideline.
168
The supplier shall prepare a Quality Assurance (QA) plan for the project and submit for approval.
169
The QA plan shall outline how quality is built into the software and documentation. The QA plan shall contain the following items, but not limited: i. List of processes and products to be evaluated. ii. Checklists to be used for conducting evaluations and generating QA evaluation reports iii. Standards for the processes and products. iv. Quality metrics for measuring process performance and product quality v. Processes for tracking non-compliances and corrective action processes to be used vi. Project schedule for QA activities.
170
Some of the more important quality metrics for monitoring are: i. Project schedule (deviation from planned schedule) ii. Manpower effort (deviation from planned effort) iii. Testing coverage (requirement specifications covered by test scripts) iv. Number of test scripts not executed after completion of testing v. No of bugs not resolved after completion of testing vi. Number of non compliances to processes (audit findings) vii. Number of peer review bugs not resolved
Final Release
Private & Confidential
Page 52 of 245
TA4451-TAJ
171
Final Report
December 2006
The supplier shall ensure that the standards stated in QA plan are met and the products and quality records as specified in Appendix G are available for inspection when required. 2.
Testing Requirements
172
The supplier shall propose the testing methodology to be used for the project.
173
Appendix H describes the testing phases that should be used in the project. The testing methodologies shall support the stated testing phases. These tests are to be conducted by the supplier before User Acceptance Testing. i. ii. iii. iv.
Unit Testing Integration Testing System Testing QA Testing
174
The supplier shall state what the testing tools are used to facilitate the testing and debugging process and detection and recording of bugs.
175
The supplier shall keep and maintain all testing records such as test plans, test specifications and test results for each of the testing phases and make it available for inspection when required.
176
The supplier shall conduct user acceptance tests comprising of i. ii. iii. iv. v.
System Functional Tests System Integration Tests Business Flow Tests Performance and Load Tests Security Tests
177
The details of the user acceptance tests are described in Appendix H.
178
The supplier shall ensure that realistic databases and the number of transactions based on production workload are used for performance and load tests.
179
The response time for passing Performance and Load Tests for the intranet and extranet zone are as specified in paragraph B of the IT Infrastructure and network of the UAIS section
180
In addition all data migration from existing system to new system shall be subjected to user acceptance tests. The supplier shall ensure that all data are converted and migrated successfully.
181
The supplier shall develop an acceptance test plan and procedures and submit for approval.
182
All user acceptance test specification and scripts shall be developed by supplier and submit for approval.
Final Release
Private & Confidential
Page 53 of 245
TA4451-TAJ
B.
December 2006
Security Requirements 1.
183
Final Report
General assessment infrastructure
of
security
controls
of
the
current
ICT
The current ICT infrastructure consists of PCs and servers connected by LAN at the Customs Department at Dushanbe. At the regional offices, the infrastructure consists of mostly standalone PCs. The main software used are Microsoft Operating System such as Windows 2000 and Windows XP, Novell network software and Microsoft Visual FoxPro for processing trade declaration data. Risk in Confidentiality of Data
184
At the frontier posts and terminals, trade declaration data is entered using Microsoft Visual FoxPro database system running on PCs. There appear to be no access control such as by user identification and password on accessing the FoxPro system on the PCs. This will pose some security risk, as anyone who can access the PCs will be able to access the data for viewing or manipulation. Data must be protected by access control that will involve some form of identification, authentication and authorization.
185
Trade data is sent to the regional office via dial-up radio modem on a daily basis. Diskettes are also used as the medium to transmit the data to regional office. The diskettes are dispatched manually. It is established that the data stored on the diskette are not encrypted during the transmission. Without encryption, the security risk is that unauthorized persons can intercept data during the transmission and as information is in the clear the confidentiality of data is jeopardized. Data transmitted by radio waves can also be intercepted and they must be encrypted at all times. The violation of data integrity can be either intentional or accidental. Intentional violation includes alteration of data by unauthorized persons and this is a possibility here, as the system does not have proper access control and encryption. Risk in violation of Data Integrity
186
Currently Custom Brokers submit the declaration manually using Customs trade declaration forms. The declaration is then entered by Customs into the FoxPro database system. Some front-end software is used for entering trade declarations such as such as “ALTA GTD”. But it is not compatible with the FoxPro system used by Customs and hence the information has to be re-entered by Customs. This reentering of data is prone to human mistakes and it might affect the accuracy of data. The integrity of the data could be better protected if the system allows the traders to enter the data electronically that are then routed to Customs for approval, so that data is entered only once.
187
It is established that the FoxPro database system only validates the date field. To improve the accuracy of the data, the system should have proper input validation controls. This could include validating the fields such as Country of Origin, Place of Loading and Modes of Transport. Other relevant business rules should be incorporated into the system to catch any errors before the data gets updated into the system.
188
The FoxPro database system does not maintain audit trails of transactions. This makes it difficult to have accountability in the system whereby users know they are accountable for their actions on the system and also avoid activities could damage the system. For every action taken on the system, there should be a relevant log
Final Release
Private & Confidential
Page 54 of 245
TA4451-TAJ
Final Report
December 2006
entry containing the information of the name of user (or user ID), date and time of the activity, action taken and the result of that action. Having audit trails will provide a method of tracking and logging that allow for tracing security-related activity such as unauthorized modification of trade data. Risk in Availability of data 189
From security point of view, the availability of the data right when it is needed is crucial for the operations of the Customs. There are UPS to protect the PCs and servers from power surges and outages. There are backup procedures in place. Data at frontier posts and terminals is duplicated at regional office. There is a backup server at Customs Statistics division. Since all the processing of trade data is done at Central Office, it is important to have an off-site recovery centre in case there is disaster at the Central Office so that data is still available and the disruption to trade data processing is minimized. Network Security
190
Having firewalls in place to protect the LAN at Customs Department protects network security and there are also anti-virus software installed on PCs. Having Intrusion Detection Systems to report and alert any violations of security could better protect the critical network points and servers.
191
PCs are installed with virus scanning software. The risk of PCs infected with malicious software such as virus, Trojan horse and worms is low if the PCs are scanned regularly and the software is updated with the latest patch. 2.
Security Framework
192
A comprehensive security framework should be implemented to protect the UAIS from unauthorized access and hacking. The framework consists of 3 layers comprising of Prevention, Control and Monitoring.
193
The foundation of any security framework consists of the following activities: i. A comprehensive Security Policy needs to be established for Customs. It should encompass network administration, system access, server administration, change control policy, personal computer usage, data centre, and incident investigation and response policy. There should be security guideline for various IT devices. ii. To effectively pinpoint the risk and select the control to reduce the risk, a risk assessment needs to be carried out on the ICT infrastructure. iii. Provide security training for the staff. This includes awareness training for all staff and security testing techniques for IT staff. iv. Security Audit needs to be carried out to detect any lapses in security policy Prevention
194
Prevention activities consists of: i. Network security review of the network structure and configuration
Final Release
Private & Confidential
Page 55 of 245
TA4451-TAJ
Final Report
December 2006
ii. System security review includes looking at servers’ access controls and security software patches updates. iii. Vulnerability testing is scanning the network for any vulnerability. iv. Penetration testing on the system and application based on the latest vulnerabilities, hacking technique and hacking tools.
Control 195
Based on the results of vulnerability and penetration testing, it may be necessary to put in place access controls so as to allow only authorized person to access the appropriate resource.
196
Different levels of access control are implemented in most of the cases. i. Network Access Control: Production network is separated from internal network to prevent internal malicious activities. Three layers of firewall are designed to protect different security levels of network. ii. Remote Access Control: Remote access to network is through VPN; appropriate access control is implemented to provide security to remote network access. iii. System Access Control: Every operating system has access control sub-system to manage the user access. This is done through user account management and user
197
Monitoring i. System activity is monitored to detect malicious activity against system. There is a need to centrally monitored the availability and performance of all systems including servers, database, routers, switches, firewalls, IDSs, etc. Activities and security information is collected centrally, and analyzed to detect suspected activities.
ii. Network monitoring monitor the network performance, utilization, security, and Internet usage. Network performance is monitored to pinpoint the bottleneck, network utilization is reported periodically to high-light the problem protocols, security is monitored to detect any denial of service attack or sabotage against network devices, Internet usage are monitored to ensure the compliance with government regulations.
iii. Different types of Intrusion Prevention Systems (IPSs) are deployed to protect network. Host-based IPS protects critical servers in UAIS iv. Multi-layers firewall should segregate the critical systems into separate subnet and provide strict controls to the connections between subnets and systems.
Final Release
Private & Confidential
Page 56 of 245
TA4451-TAJ
3.
Final Report
December 2006
General
198
The supplier should preferably be ISO/IEC 27001/ BS7799 certified.
199
If the supplier does not meet the requirements of BS7799 as specified in the above clause, the supplier shall show that they have equivalent processes in place for the development and maintenance of the system.
200
The supplier shall explain in detail the security and control features of the system to prevent unauthorized access and intrusion to system and vulnerability to virus attack.
201
All system software including antivirus scanning software shall be updated with the latest security patches to prevent any security breaches from occurring.
202
The supplier shall develop a risk management plan to identify, analyse, prioritize and respond to security risks and include procedures to monitor and control the risks.
203
In the intranet zone, the system shall support Virtual Private Network (VPN) for secure connection between regional office and HQ and Secure Shell (SSH) shall be used for system administration support. The system shall support Secure Socket Layer (SSL) for Custom users accessing Custom applications through web browsers.
204
In the extranet zone the system shall support SSL for secure connection through Internet using web browsers. Secure File Transfer Protocol (SFTP) shall be used for connection using dial-up modem via telephone lines.
205
The details specifications for security are as shown in Appendix I. The system shall conform to the specifications.
4. 206
System Access
Access control system shall be able to implement the following password policies which shall be configurable: i. Minimum password length of not less than 8 characters ii. Required character usage of both alpha and numeric iii. Disallowed usage of previously used passwords
207
The system shall store passwords in encrypted format.
208
The access control system shall enforce the use of automatic password expiration after a configurable specific timeframe on PCs and require user to choose a new one.
209
The access control system shall allow the System Administrator to reset the password for user and the system shall force the user to change the password to a new password upon successful log-on to the system.
210
The system shall suppressed display of passwords when it is entered.
211
The access control system shall track the number of unsuccessful logins and if the number of unsuccessful logins is more than three, the access control system shall disable the account.
Final Release
Private & Confidential
Page 57 of 245
TA4451-TAJ
Final Report
December 2006
212
The access control system shall implement auditing of passwords. This includes any changes to the password, resets to the password and changes to account status.
213
The access control system shall allow on-line addition, updates or deletion of accounts without affecting the operations of the system.
214
The access control system shall allow the implementation of the principle of least privilege where all rights and permissions necessary for an account can be given, but no more than what is needed.
215
The access control system shall allow the implementation of role-based model where different access rights and constraints can be associated with the role.
216
The system shall allow the System Administrator to temporarily disable an account if required.
5.
Network and System Security
217
All transmissions between the servers and the clients shall be encrypted with minimum key size of 128 bits for symmetric algorithms and using standards such as Triple DES (3DES) and Advanced Encryption Standard (AES). SSH shall be used for login to network equipment. For asymmetric algorithms, the key size shall be at least 1024 bits.
218
Intrusion Prevent System/Detection System (IPS/IDS) shall monitor the critical servers for hostile activities. Network IPS/IDS. Shall be used to monitor the entire network.
219
In case of problems such as intrusion, alarms shall be installed to alert administrators. These notifications can include paging, calling a telephone number and email to deliver a message.
220
Firewalls shall be installed to separate the all servers in external world and Internet from the servers in the internal networks.
221
All servers in internal network should use private IP address.
222
Firewalls shall also be installed to separate the production environment from development environment.
223
The production environment shall be separated in three zones – Demilitarized Zone (DMZ) containing web servers, application zone containing application servers and database zone containing the database servers. The three zones shall be separated by firewalls.
224
Standard protocols (such as http and https) and ports (80, 443) shall be allowed for connection from external network to internal network.
225
All unused ports and protocol shall be blocked by firewalls.
226
There shall be antivirus software to scan all incoming traffic such as e-mails, documents and images. All workstations should also be scanned and monitored daily for virus using antivirus software.
Final Release
Private & Confidential
Page 58 of 245
TA4451-TAJ
Final Report
December 2006
227
There should be Change Control process in place to ensure that any configuration changes taking place in software or hardware will not adversely affect the security of the operational systems. Examples include changes or upgrades to hardware; service packs or hot fixes on operating system software and changes to firewall rule.
228
Configuration of the system shall be documented and maintained up-to-date.
6.
Application Security
229
Application should not contain malicious code such as Trojan Horse, Viruses, Worms and Logic Bombs. It should not contain unwanted functionality and back doors to the system.
230
Application should have robust input data validation so that it is not attacked by exploits such parameter tampering, buffer overflow, cross-site scripting and session hijacking,
231
Application shall maintain audit trails to capture users’ actions. The audit trails should be accessible only by the system administrator and should be protected against tampering.
232
The error message displayed should be user-friendly and should not contain any system error code and messages
233
If an error is encountered, the application should handle the error gracefully without abrupt exit of the process to the operating system level and instruct the uses how to overcome the error.
234
Where cookies are needed for web application, session cookies shall be used and the cookies shall not contain sensitive data. If the cookies contain sensitive data, the data in the cookies must be encrypted.
7.
Physical Access to System
235
The system’s servers and equipment should be housed in a secure location where the entrance is restricted to only authorize personnel.
236
An audit trail shall be maintained for personnel entering and leaving the secure location.
Final Release
Private & Confidential
Page 59 of 245
TA4451-TAJ
Final Report
IX.
December 2006
PROPOSAL FOR THE REORGANISATION OF THE CD RT
237
The CD RT present organization structure is contained at Appendix E. With the establishment of a UAIS, a reorganization of the CD RT is proposed and depicted at Appendices D1 to D8.
238
One of the major proposals is to establish a Computer Information System Division (CISD), within the CD RT rather than as a separate entity like in the MSRD, to take charge of all ICT matters. The centralization of CD RT UAIS under the CISD will ensure that the ICT personnel are well tuned to the needs of the CD RT. They would have been trained on CD RT business process and thus will be able to attend to CD RT special needs. Their hands-on experience of CD RT business process will also facilitate their commitment to the department. The presence of CISD officers will also facilitate immediate response to systems failure. There will be two major components in the Division. One sub division, the Systems Development subdivision with systems analysts and programmers will take charge of the Applications Systems. Programmers under this sub division will also be attached at the five Regional Offices to ensure the smooth running of the UAIS. Other functions may include producing ad hoc programmes on request by Regional Office’s Director, for example, statistical tables not already provided for and which are to be used. The other section will be Systems Maintenance sub division responsible for maintenance of the systems. The Data Centre (DC) which houses the CD RT systems will be manned by operators from the Systems Maintenance sub division. The DC is expected to run twenty-four hours with systems downtime necessary for maintenance work. Operators will man the DC in three shifts. Each shift is proposed to have 3 operators.
239
Another sub division will also provide administrative Support. This unit will also supervise the Customs Administration System that is tasked with allocating and generating user-ids and passwords to internal users (CD RT staff, government agencies, Ministries’ representatives, banks, CCI personnel and representative of foreign administrations) and the dispatch of the user-ids and passwords to the appropriate persons.
240
A Training Division is proposed. The Division will undertake the organization, preparation and conduct of Customs skills courses such as Valuation, Risk Management and Classification of Commodities. The basic training course for new recruits would also form part of the training tasks. The training organized could also include invitation of external trainers from the public and private sectors on subjects of interest to Customs. For example, the Division could organize courses by competent authorities on their functions and methodologies. The responsibilities of the Training Division would thus include the following: 1. 2. 3. 4. 5.
241
To conduct studies on CD RT training needs assessment To provide regular training on Customs skills To provide and coordinate inter-agency training To conduct training for the private sector To coordinate and conduct professional, management and other midmanagement training courses for CD RT
A Corporate Affairs Division will deal with public relations matters of the CD RT including the promotion of the organization’s public image, production of information materials, answering to queries raised by the private and public sectors and organization of official meetings with national and international guests visiting the
Final Release
Private & Confidential
Page 60 of 245
TA4451-TAJ
Final Report
December 2006
department. Promoting the image of the CD RT is important. For example, the Philippines Bureau of Customs establish a mission “to be held in high esteem in the public view, its role for national development and international trade facilitation shall be imbued in the hearts and minds of every Customs official and staff as the Bureau moves forward in its other roles of promoting National Security, Justice, Health and other objectives”. 242
Minor changes to the present organization of the enforcement divisions are also proposed. An Intelligence sub division is proposed with the main responsibility for collection, collating and analyzing information and intelligence received from overseas and locally and from Customs Offences committed. The Intelligence sub division will carry out field surveillance; provide support to Investigations sub division and the Post Clearance Audit and the Regional Offices as well. As part of its function Intelligence sub division will also be the contact point for RILO CIS receiving, analyzing and providing the necessary statistics to RILO CIS. The sub division will provide reports of RILO CIS information to the field offices. It is also tasked with the maintenance of the Customs Offence Records. After investigations of offences have been completed, the files will be sent to the sub division for it to enter data into the Customs Offence Record.
243
The proposal for the reorganization of the CD RT is to rationalize and support the establishment of the UAIS. The Regional Offices and their staff will undertake the tasks related to Customs control and clearance. Similar units of the Central Office such as CISD (mentioned above) and post clearance audit units can be formed within the Regional Offices. However, for these officers their main line of reporting will be to the Central Office Divisions.
Final Release
Private & Confidential
Page 61 of 245
TA4451-TAJ
Final Report
X.
December 2006
PROPOSED INFRASTRUCTURE REHABILITATION
244
CD RT infrastructures at regional offices and border posts vary accordingly. Some small posts that had little traffic have been closed whilst others have been constructed. In recognition of the inadequacy of the infrastructures, MSRD drew up a master plan to rehabilitate and reconstruct the offices and border posts. Several have been completed whilst some are on going. Although the master plan had been drawn up, budget for the rehabilitation had not been approved.
245
The civil works manager of the MSRD had, however, carried out preliminary studies and estimated the costs at the selected sites. 47 sites were identified within the five Regions. Several posts had also been left out of the program as these were being built under sponsorship of international agencies such as USAID. However, we were told that sponsored posts would also require minor construction works. We were provided an example of a sponsored post not being adequately finished. The international agency was said to have built the post together with a bridge into a neighbouring country. It was said that the building had toilet facilities constructed within the premises of the post; but there were no piping providing for the facility. CD RT would have to construct toilet facilities outside the premises. Other posts such as Ainy (a rail clearance point) in the Dushanbe region was completed although yet to be occupied. CD RT would have to consider the rehabilitation of 3 warehouses that had been taken over by the government. These would serve as temporary storage premises for the movement of the rail cargo.
246
Several posts were provided with technical aids and equipment. Their usage or in most cases non-usage was dictated by the availability of electrical energy and utilities. For example, the border post at Dusti in the Tursunzade region neighbouring Uzbekistan had an X-Ray machine. However, the machine was not used much owing to the lack of electricity. Most of the regional border posts faced the same problem. In addition to the rehabilitation and reconstruction, generators are proposed for these posts.
247
Based on the master plan drawn up by the MSRD, we have targeted 25 posts and offices to be rehabilitated on an urgent basis. The proposal also includes the Data Center, housing the CD RT UAIS, and the Disaster Recovery Center (DRC), which houses the back-up systems of the CD RT UAIS. The DRC takes over when the main systems at the Data Center fail. Preferences are also given to the Sughd and Dushanbe Regions. The offices and border posts of the two regions have been selected as the pilot test sites for the UAIS.
248
The review and upgrade of border posts is not dependent entirely on the high volume of traffic of trade. Several have low volume but are significant as they border the neighbouring country’s crossing and are possible sites for smuggling of drugs. A new border post, Langar, located in the Gorno-Badakhshan Region is well laid out with separate clearance points for cargo traffic and passenger clearance. Although there were drawings made for the construction of a container/truck clearance system using full capabilities of a full scale X-ray equipment, the costs for such a structure can be prohibitive (in the region of at least US$1 to US$3 million). A portable or XRay machine with conveyor belt system would be more appropriate. The cargo volume was also not high. Inspection equipment such as drugs detector kits or portable spectrometer equipment to test for drugs is more appropriate.
249
Provision has been made for the supply of X-ray machines at major points of clearance such as the Customs Terminal where goods are examined. Inspection equipment such as
Final Release
Private & Confidential
Page 62 of 245
TA4451-TAJ
250
Final Report
December 2006
The upgrading of the border posts must ensure that the technical aids and equipment are properly housed and located where they can be effectively used. As mentioned earlier the major constraint of lack of electrical energy supply can be met with provision of generators. Inoperative systems owing to lack of energy would cause delay in clearance and longer waiting time for the traders and the hauliers.
Final Release
Private & Confidential
Page 63 of 245
TA4451-TAJ
Final Report
XI.
December 2006
CHANGE MANAGEMENT & TRAINING
A.
Objectives
251
The success of the UAIS implementation will largely be dependent on how the CD RT manages the impending organizational change brought about by the modernization and automation of the customs work processes. One of the perceived fears of computerization, by individuals of the new work requirements that automation will place upon them, is that they will not be able to cope. This could be particularly true of an environment in CD RT where computers have not been any part of the working experience for officers manning the border posts. Providing them training could allay this fear. Another concern is redundancy. Redundancy, if any, can be met by natural attrition of staff vacancies. However, it is more effectively contained by redeployment as new business process are re-engineered. Several other concerns should be borne in mind when implementing change. Officers are supportive of change if they understand the necessity for change supported by information provided to them. Sharing and exchanging information increases understanding. Lack of information creates rumours and is highly disruptive. A method of spreading information is to require officers returning from overseas training and/or observation visits of other Customs Administration to present their findings. During the development of the systems, regular contact should be made to secure the officers’ confidence. The officers’ should be represented on project teams thus encouraging their participation. This places officers in a position of active participants, not merely observers. Their in-depth knowledge and experience of the manual system can facilitate contributions to form design, screen layout and report layout. Active participation could lead to total commitment. The staff must also be convinced emotionally that change will bring about improvements. Sometimes this may have to take the form of monetary rewards.
252
CD RT must also focus on the clients in the private and public sectors. The private sector such as traders and brokers will also be anxious to understand the impact of UAIS on their businesses and what they need to do to ensure compliance and take advantage of the prospective benefits. Clients must see the value accrued as a result of change. The active participation of clients in the development of changes will be a positive factor.
253
It is thus important for the CD to introduce a well-developed change management program implemented as a continuous process targeted at both internal (i.e customs management and staff) and external (i.e private traders and brokers) stakeholders.
254
The proposed change management program serve to achieve the following objectives: 1. To develop positive attitudes and mindset among CD officers and staff towards the modernization and reform program 2. To create awareness and prepare all relevant public and private stakeholders to ensure broad-based support for the customs modernization process. 3. To provide relevant training to equip the CD officers with the necessary skills and technical knowledge to harness the benefits of the UAIS
B.
Proposed Change Management Plan
Final Release
Private & Confidential
Page 64 of 245
TA4451-TAJ
Final Report
December 2006
255
The proposed change management plan will be focus on (a) providing, gathering and analyzing information on the organization, organizational culture and attitudinal change to the personnel of CD RT and the clients; and (b) providing training directly related to the introduction of the UAIS.
C.
Dissemination of Information
256
An attitudinal survey should first be carried out among Customs personnel to gauge amongst other requirements their willingness to change, the way they perceived Customs business process should be conducted and their position of importers and exporters including competent authorities as clients and partners rather than as adversaries, suggestions for improvement of Customs services, ability to adapt to changes and the proficiency in the use of ICT. The purpose of the survey would be to identify difficulties in developing positive attitudes towards change favourable to Customs modernization programs. Identification of potential areas of capacity building requiring more training resources could also be derived.
257
CD RT could also implement the selection of change agents. Change agents can champion the cause of change. They can be trained to communicate the purposes and objectives of change. The emphasis is on the positive effects of modernization. They remove the rumours and guesswork from the change process. Changes agents can thus be used as a resource to disseminate information of modernization and training activities to be developed. The emphasis, however, must be on teamwork rather than on the individual.
258
Workshops and seminars form another avenue to disseminate information to CD RT personnel and the clients they serve. The first subject should be the introduction of the UAIS. Speakers at workshops and seminars should include representatives of foreign administrations to discuss their experience with the UAIS in their country. The representatives could be from within the region or from countries with more matured systems. Workshops and seminars should include the participants from CD RT clients. Clients should also be invited to present papers that could touch on the impact of the UAIS on their business and what they can do to support CD RT programs of risk management and ensuring compliance with CD RT legislations. Workshops and seminars could be conducted half yearly during the implementation phase. Workshops conducted within CD RT and for CD RT staff could be ad hoc.
259
Prior to and during the development phase of the UAIS, CD RT could conduct study missions to countries operating UAIS. This is to gain first hand knowledge of the UAIS operating in other countries, problems faced during each country’s embarking on UAIS and the solutions adopted. Best practices employed by countries could also be gained during the visits. The representatives that are selected for such missions should be directly involved in their implementation of the program. CD RT may consider the inclusion of participants from the private sector and the competent authorities. This is to ensure that the participants can appreciate the role their counterparts play in other countries to ensure the successful implementation of the UAIS. On their return the participants should share their knowledge gained through talks and lectures to the officers and CD RT clients.
260
From time to time during the development and implementation phase, information of the UAIS should be disseminated to the staff and the general public. This could be in the form of notices and circulars, publication of brochures, publication within CD RT Newsletters and the CD RT web site. The publications could also highlight the potential benefits of forthcoming changes in the business process and issues that may arise during each stage. For a wider spread of information (and to project the
Final Release
Private & Confidential
Page 65 of 245
TA4451-TAJ
Final Report
December 2006
image of CD RT) around the country, CD RT should conduct exhibitions within each Region to inform the public of CD RT’s adoption of the UAIS and the benefits which can be reaped. D.
Training Programmes
261
The key to the successful development and implementation of CD RT UAIS is to upgrade the professionalism and skills of the staff. Training can also be divided into two parts, user training (to include all CD RT staff) on broad-based skills to enable officers to function in the new Customs environment; and secondly technical training to provide CD RT staff knowledge on use of the new systems in an ICT environment.
E.
User Training
262
User training programmes include the provision of courses on basic computer skills. This has the objective of equipping CD RT staff the basic skills of operating computers and the uses of the peripherals. It is proposed that external trainers such as the polytechnics or computer training institutions within the country carry out this skills training. The CD RT staff should also be provided other Customs skills training on Customs subject matters such as Risk Management, Valuation and Classification of Goods since these have an impact in the UAIS system. Customs skills training could in time include distance learning. The WCO has developed several e-learning programmes related to Valuation and Classification of Goods that CD RT may consider.
263
In addition the user training will also focus on the UAIS User Subsystems. Inadequate or lack of training in the use of the system could lead to delays and disruption of the system. The perception that computers can solve all problems at the touch of a button is a myth. Different screen formats appear on computer screens of officers performing clearance or processing tasks. They must be able to understand the requirements or actions that they must perform. The systems developers and the PMO and ICT Division officers will conduct the user training. Detailed training on each system is normally part of the contractual obligations of the systems developer. The PMO and ICT staff will also be trained by the systems developer to undertake training of the CD RT officers.
264
The user training of application subsystems would also be extended to CD RT clients in the trading community and the Ministries or competent authorities. Each application system and the operating of each screen format will have to be documented as an Operating Manual to be referenced by CD RT staff or the clients when the need arises.
F.
Technical Training
265
Technical training is direct to specialized training in maintenance of the UAIS systems to be provided officers of the ICT Division. The subjects include training in Systems Administration, Network Administration, Database Administration, Application Development and Quality Assurance and Security. Systems Administration equips ICT Division staff with skills in maintaining systems operations and the proper operations of servers’ functions, capacity and resource planning. Network and Database Administration concerns the daily maintenance of the network and the database respectively. Application Development provides skills in designing and coding of the UAIS. Quality Assurance and Security Testing provide ICT staff with knowledge to perform quality assurance and security testing. The training also provides concepts and methodologies used.
Final Release
Private & Confidential
Page 66 of 245
TA4451-TAJ
Final Report
XII.
December 2006
COST ESTIMATES OF UAIS
A.
Introduction
266
These are cost estimates that are prepared for budgetary purpose. The actual cost of UAIS will depend on the solution proposed by the suppliers implementing the UAIS. The monetary figures presented in this chapter are the summarized figures. The details of the costs are as shown in Appendix J.
B.
UAIS Software Costs
267
For CD RT to implement the UAIS, it has to first obtain the necessary software. There are several options in which CD RT can do that. The options are described below, but all of them require that CD RT calls for a tender with the Functional Requirement Specification given in Appendix D. Successful bidders have to deliver the UAIS software according to the functions detailed in Appendix D.
268
From experience with previous tenders, usually e-Customs software with the features stated in Appendix D has a price range from US$1.5 million to US$2.5 million. The variation depends on several factors such as features requested, complexity, customization options, length of contract, etc.
269
Thus we will budget the UAIS software at US$2.0 million. The software costs include the cost for conducting pilot testing for the 2 regions which is estimated to be US$210,000. The hardware to be used for pilot testing is assumed to be the same hardware used for production implementation. As such the main cost of pilot testing is the manpower cost of employing international and local staff to assist the Custom users during the duration of 3 months of pilot testing. Location International staff Local staff Total
Number 10 25
Estimated Cost per month(USD) 6000 400
Total Cost (3 months) $180,000 $30,000 $210,000
270
The budget include the UAIS software, as well as licenses for its supporting software, such as Oracle RDBMS, Weblogic, JReport, Microsoft Visual Studio, etc.
C.
Main Equipment and Communications Technology Costs
271
The cost figures given in this section is based upon Tajikistan list prices in US dollars. However, if the local price is not available, international list prices are used. For example the Data Center equipment cost is based on international list prices.
272
Prices of equipment may fluctuate under different market condition. We recommend that the prices be re-evaluated again just before the procurement.
273
The Data Centre is the heart of the Customs modernization. The Data Centre hosts the UAIS production and development servers and the centralized databases. The Data Centre is a 3-tier architecture providing better security and scalability and equipped with security devices such as firewalls, intrusion prevention system and VPN. The total cost of the Data Centre is around US$1.7 million. The other main ICT cost component is the Disaster Recovery Centre that is a smaller version of the Data Centre and this amount to around US$0.7 million.
Final Release
Private & Confidential
Page 67 of 245
TA4451-TAJ
Final Report
December 2006
274
At the 5 regional offices, cost centered on providing basic IT equipment such as computers, printers and scanners and providing the telecommunication equipments. All regional offices have to be wired up with LAN and connected to the Internet. There is no need to provide for DBMS licenses for regional offices and border posts as the UAIS is based on the centralized database hosted at Customs HQ. The total cost for ICT equipment in regional offices and border posts is around US$1.4 million.
275
The table below shows a summary of the estimated cost for the UAIS hardware equipment and communication equipment: Location
Estimated Cost (USD)
Data Center Disaster Recovery Centre Customs HQ Regional Offices and Border Posts Training Total
$1,733,495 $711,000 $156,345 $1,464,420 $55,530 $4,120,790
D.
Civil Works and Customs Equipment Costs
276
The estimated cost of upgrading the border posts civil works is around US$2.1 millions and the cost of providing the border posts with Customs equipments is around US$1.1 millions. There is a need to visit these border posts to obtain a more detailed and accurate upgrading costs. The border posts are prioritized in terms of reconstruction upgrading. The plan is to upgrade the border posts with highest priority and those in the pilot testing regions (Dushanbe and Sughd) so that the UAIS schedule roll-out is not affected. A more detailed roll-out plan for each border posts will be worked out to ensure that the infrastructure upgrading is in synchronization with the ICT equipment purchase and installation in these border posts.
E.
Change Management and Training Costs
277
The estimated cost for change management and training is around US$517,000. The bulk of the cost (around US$346,000) will be spent on training users how to use the computer and UAIS application components.
F.
Consultancy Services and Contingency Plan
278
Provision has also been made for the Consultancy Services (Loan TA) with an allocated sum of $550,000.
279
Physical consultancy has also been taken into account for infrastructures and equipment including ICT equipment. This is worked on the basis of 5% increase. Price contingency applies to the purchase of ICT software on the basis of 1.5%.
Final Release
Private & Confidential
Page 68 of 245
TA4451-TAJ
Final Report
December 2006
G.
Total Cost
280
The total cost and breakdown of the above 4 components is shown below. The Percentage of Budget column is the percentage of spending against the US$10.7 million budget that ADB has provided. Estimated (USD)
Cost Component 1 2 3 4 5 6 7
UAIS Software (inclusive of pilot testing) Customs IT and Communication Equipment Border Posts Upgrading and Customs Equipment Change Management and Training Consultancy Services (Loan TA) Physical Contingency Price Contingency Total
% of loan
$2,000,000 $4,120,790
19% 38%
$3,200,000 $517,250 $550,000 $230,000 $80,000
30% 5% 5% 2% 1%
$10,698,040
100%
(The total costing provided above does not take into account the taxes payable for ICT equipment and/or civil works infrastructure. The computation of funds to be allocated is based on ADB’s contribution and has not taken into account Government financing). 281
Pie chart of the proposed cost:
4 5%
5 5%
6 7 2%1%
1 19%
3 30%
2 38%
Final Release
Private & Confidential
Page 69 of 245
TA4451-TAJ
Final Report
December 2006
H.
Procurement of the UAIS
282
The cost of the UAIS hardware and software takes up about 60% of the loan structure. But we would like to point out that they are based on our proposed UAIS functionality, design and implementation.
283
We acknowledge that vendors who bid for the tender may propose different UAIS concepts to the one we recommend. For example, their UAIS software may have different functionality than the ones in Appendix D. Or their hardware and Data Centre may have different equipment. We will have to adjust the budget and cost accordingly if that is the case.
284
There are several options that the CD RT can obtain the UAIS software. The following lists the options, as well as their advantage and disadvantage. CD RT has to consider each option carefully before proceeding. 1. CD RT engages a vendor to build from scratch (meaning vendor with no Customs software experience): Advantage •
•
Disadvantage
Full control over the functionalities and features of the software. Software will be developed with CD RT needs in mind.
• • •
• •
CD RT may not have the expertise to supervise the software vendor. Usually a costly option because software is developed from scratch. It is risky because vendor may not be able to deliver the software within the timeframe specified due to the inexperience. Risky because vendor has no track record. Maintenance and support will be an issue in the future.
2. CD RT buys the software, without modification, from vendors who already have Customs software deployed in other countries. Advantage •
• •
Disadvantage
Could be a cost effective option, since the vendor can implement the same software in Tajikistan immediately. Timeline to implement UAIS will be much shorter. No maintenance issue, since the vendor can do this.
•
•
•
Final Release
Private & Confidential
CD RT may have to adapt its processes and workflow to the software, which is usually very undesirable. Usually Customs software for one country cannot cater for another country’s Customs entirely, thus there will be resistance to the adoption of the software. Any change to the software could be costly. Page 70 of 245
TA4451-TAJ
Final Report
December 2006
3. CD RT engages vendors of existing Customs software to customize their software to the functional requirements of CD RT. Advantage • •
Disadvantage
Good tradeoff between cost and features. Software will be developed according to CD RT requirements and processes.
• •
Vendor will need time to customize the software. Customization cost may be high.
4. The forth option is CD RT obtain the Customs software for free. Advantage • •
Disadvantage
No start-up cost for CD RT. Timeline to implement the UAIS will be much shorter.
•
•
•
Final Release
Private & Confidential
Depending on the contract, the maintenance or running cost may be very high. Usually such software needs to be customized, and customization fees may be very high. CD RT may have to adapt its processes and workflow to the software, which is usually very undesirable.
Page 71 of 245
TA4451-TAJ
Final Report
XIII.
December 2006
IMPLEMENTATION PLAN OF UAIS
A.
Overview
285
Implementation covers from the start of the tender process to the full implementation of the UAIS for the whole country and as specified in the ADB Project Preparatory Technical Assistance report dated May 2004, the estimated project completion date is 31 December 2009. With this end date in mind, the goal is to ensure that implementation is carried out smoothly with the UAIS system fully functioning within a three year timeline. Besides the application systems development of the UAIS, the implementation will concurrently include the development of communications infrastructure, capacity building at the border posts and the change management process so that the users and stakeholders of the UAIS are committed and trained to use the System.
B.
Strategy
286
In view of the complexity of the project that involves different components, it is important to strategize the implementation process to achieve the desired goal. These are as follows: 1.
287
The implementation will target the 5 regional offices and its border posts. Of the total of 87 border posts, there are 47 border posts that are have Customs declarations and will be covered by the implementation. The phased implementation will be carried out in the following order - Dushanbe and Sughd regions, followed by Tursunzade, Khatlon and Gorno-Badakhshon regional offices. 2.
288
Phased implementation by regions
Pilot testing of 2 regions which have significant Customs transactions
The implementation plan will include pilot testing lasting 3 months, involving Dushanbe Region (10 border posts) and Sughd Region (15 border posts). According to latest Customs Statistics gathered for 2005 and 2006 (over 6 months), Dushanbe and Sughd regions account for around 70 percent of Customs declarations. During pilot testing, live data will be used in the transactions and it is expected that only if the pilot testing is deemed successful, will the phased implementation to other regions be carried out. The system warranty period will only begin after the pilot testing is successful.
Region Dushanbe
Final Release
Border Posts Petroleum/Energy Regional Office Terminal Airport Dushanbe-1 Dushanbe-2 Ainy Rokhati Kafarnigan Jirgital Postal baggage Private & Confidential
Code 762001 762100 762101 762102 762103 762104 762105 762106 762107 762108 762109 Page 72 of 245
TA4451-TAJ
Final Report
Sughd
3. 289
Sughd Regional Terminal Excise Customs Khujand airport Railway transport Khojent district/Auchy- Kalacha Matcho district/Kuruksai /Fatehabad Nau district/Platina/Hashtyak/ Farmon Kurgan Kanibadam district/Kanibadam/Patar/Ravat Isfara district/Isfara3/Dahana/Batkent/Yaka-Uruk Penjikent district/Yaka-Uruk In Zafarabad /DEU – 58/Zoamin/Comsomol Asht District/Navbunyod/Uzbek-Okjar In Istraushan district/«Havotag Jabor Rasulov / Madaniyat
December 2006
762200 762201 762202 762203 762204 762205 762206 762207 762208 762209 762210 762211 762212 762213 762214
Synchronize the implementation of the infrastructure upgrading and the ICT equipment installation at the border posts
For those border posts that require infrastructure upgrading, the implementation plan has to synchronize the activities such that infrastructure upgrade is completed before installation of ICT equipment. 4.
Start change management activities and training early and continuously held throughout the 3 years implementation plan
290
There are around 700 Customs users of the UAIS system and the UAIS will also be used by external agencies such as banks, competent agencies and Ministries Activities such as seminars, workshops and trainings have to be scheduled in the implementation plan for these groups of users to increase awareness and equipped them with the knowledge of revised Customs procedures and the technical skill-sets for using the UAIS system.
C.
Implementation Plan
291
The implementation plan is shown in Appendix K and divided into 3 components. 1.
292
Component 1 – Development of ICT
This involves the development of UAIS system and communications infrastructure. As shown in the implementation plan, the UAIS system is expected to be developed over a period of 1 years and 6 months after the award of the tender. This is followed by the pilot testing for 3 months and then phased implementation by regions. The Pilot Testing is a parallel run of UAIS system and manual system. There will be a system warranty period of 1 year after the successful completion of pilot testing. To reduce project risks, it is recommended that the development strategy be based on iterative prototyping approach with intermediate users’ feedback on the prototype so that misinterpretation of users’ requirements can be minimized. Development of
Final Release
Private & Confidential
Page 73 of 245
TA4451-TAJ
Final Report
December 2006
telecommunications infrastructure for Customs has to go hand-in-hand so that telecommunications infrastructure is ready for User Acceptance Testing and Pilot Testing. 2. 293
One critical milestone for development of Infrastructure is the User Acceptance Testing phase. The Infrastructure of Data Centre, Disaster Recovery Centre and border posts should be ready and installed with ICT equipment before User Acceptance Testing. The other milestone is that the infrastructure of border posts involved in the pilot testing (Dushanbe and Sughd) regions should be completed before pilot testing begins. 3.
294
Component 2 – Development of Infrastructure
Component 3 – Change Management and Training
The change management activities will be held continuously over the 5-year implementation plan. In particular to improve the computer literacy, the implementation plan includes basic computer training for all Customs’ staff who will need to interact with UAIS system and regular classes will be conducted. Priority should be given to tanning those users who are involved in User Acceptance Testing and Pilot Testing. To improve the knowledge and skill-sets of Customs management, the implementation plan includes risk management and post clearance audit courses by external trainers. Training for IT staff on operation and maintenance of systems and network, application development, quality assurance and security testing are also included so that there is a pool of trained personnel to maintain the UAIS and ensure that the system is running smoothly with high availability and performance.
Final Release
Private & Confidential
Page 74 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX A OVERVIEW OF THE CUSTOMS DEPARTMENT, REPUBLIC OF TAJIKISTAN
Final Release
Private & Confidential
Page 75 of 245
TA4451-TAJ
Final Report
APPENDIX A.
December 2006
OVERVIEW OF THE CUSTOMS DEPARTMENT
1
The Customs Department of the MSRD RT is entrusted to develop and implement customs policy directed on immunity protection and economic security of the Republic of Tajikistan, promotion of economic relation of Tajikistan in a system of world economic relations, assurance of protection of civil rights, market participants and state bodies as well as compliance with commitments on customs affairs.
2
Customs Legislations. The CD of the MSRD RT is governed by Customs Code and other Legislations of the Republic of Tajikistan. The Customs Code governs the actions required to accomplish the customs clearance process. The Customs Code contains, 7 Sections, 62 clauses comprising 508 articles. The present code determining legal economic and organizational bases of customs affairs, is directed on protection of sovereignty and economic safety of the Republic Of Tajikistan, promotion of economic relation of the Republic in system of world economic relations, assurance of civil rights protection, market participants and state bodies as well as compliance with commitments on customs affairs.
3
The Government Regulations sets rates on Customs Tariff. The Tax Code of Tajikistan is also applicable to CD in respect of definitions contained therein and such actions as are required for excisable goods.
4
Customs & Excise Duties and VAT. Tajikistan has a liberalized trade regime with a majority of goods already enjoying relatively low tariffs. The import tariffs range from 0%, 5%, 10%, and 15%. Tajikistan is a member of the Eurasia Economic Community (EurAsEC) comprising the Russian Federation, Belarus, Kazakhstan, Uzbekistan (a member from 25th January 2006), Kyrgyzstan and Tajikistan. The EurAsEC member states are also part of the Shanghai Forum, except Belarus, which includes China and Uzbekistan.
5
The tariff classification process is based on the World Customs Organization (WCO) Harmonized Systems (HS) developed under the Convention on the Harmonized Commodity Description and Coding System.
6
Excise tax is levied on goods manufactured locally and is applied to imports as well. Tajikistan imposes a value added tax of 20% on all goods and services. There is however no export taxes. Quotas and import licenses are placed on imported goods, that is tobacco, intoxicating liquors and fuel.
7
The Customs Department. CD is managed by a Head of Customs (the Deputy Ministers of MSRD). He is assisted by 2 Deputy Heads who are entrusted with the monitoring over the execution of orders/instructions. CD is organized with a Central Office structure located within the headquarters of the Department. The supervision, management and operation of Customs clearance within the country is administered by 5 Regional Offices, located in the regions of Dushanbe, Khujand, Khatlon, GornoBadakhshan and Tursunzade.
8
The Central Office. The Central Office comprises 6 functional Divisions namely (a) Division of Audit and Post Customs Control; (b) Division of Tariff Regulations and Customs Revenue; (c) Division of Customs Statistics; (d) Division on Anti-Smuggling and Customs Offences; (e) Division of the Organization of Customs Control; and (f) the Customs Laboratory. By and large the Divisions of the Central Office take on supervisory and monitoring roles rather than operational field duties.
Final Release
Private & Confidential
Page 76 of 245
TA4451-TAJ
Final Report
December 2006
9
The Division of Audit and Post Customs Control comprises 4 sub-Divisions of (a) Explanation and Control of Execution of Customs Control; (b) Methodology, Analysis and Control; (c) Post Customs Control; and (d) Analysis and Management of Risks.
10
A vital function within the sub-Division of the Methodology, Analysis and Control is the establishment of acceptable Customs value. The sub-Division extracts valuation data from the Statistics Division and this is augmented through the submission of a CD-designed document, the “Declaration of Facts”. The document is required to be submitted by importers/exporters with the trade declarations where the value of the goods exceeds US$1,500. The “Declaration of Facts” provides details of the goods Imported/exported such as the costs related to the goods, discounts (if any), etc. The “Declaration of Facts” is required to be accurate in all aspects. Comparison of the values of similar products (the data extracted from Statistics Division) is performed and amendments to the “Declaration of Facts” will subject the declarant to a monetary penalty. All “Declaration of Facts” is kept at the Regional Offices and hard copies are submitted when required by the Sub-Division. The document also requires the derivation of acceptable values based on the six methods of valuation (transaction value, identical or similar goods value, etc). Data on prices are also maintained at the Regional Offices.
11
Post Customs Control requires site inspections of the premises selected and are carried out by the officers drawn from the Regional Offices. Post-clearance audits (this term is used in the same context as post-Customs control as indicated in the Customs Code of the Republic of Tajikistan) are normally based on information received on possible Customs infringements.
12
The Analysis and Management of Risks Sub-Division collects and analyses information of imports/exports. Currently the CIS countries on a mutual administrative assistance arrangement within the region largely derive analysis of trade information from those provided. The Sub-Division develops profiles of traders but these are kept within the unit.
13
The Explanation and Control of Execution of Customs Control Sub-Division serves as a central registry receiving correspondences directed from the Ministry. All foreign and local correspondences on Customs control, in particular, the request for information, are channeled to the MSRD. The Minister will then route the requests to the CD. The Sub-Division is responsible for registering the correspondences received and to channel the requests to the appropriate Division/Regional Offices for follow-up action. On receipt of the reports and replies from the appropriate body the SubDivision prepares the reply for approval by MSRD. A performance indicator of a reply within one month of the receipt of the request has been established.
14
The Division of Tariff Regulation and Customs Revenue consist of 3 Sub-Divisions of (a) The Account, Analysis and Methodology of Collection of Customs Revenue; (b) Tariff and Non-Tariff Regulations; and (c) Currency Control and Tariff Preferences.
15
The first mentioned sub-Division is entrusted with the main role of preparing fiscal reports on Customs duties, excise and VAT collected. The data is derived from Regional Offices submitted through telephone and email. Data is submitted to the Sub-Division and each complete report from the Regional Office is received on the 10th day of the following month. The Regional Offices only submits daily data from the 16th day to the end of the month whilst no daily data is required for the first 15th days. The Sub-Division may also call for data on an ad hoc basis. The monthly reports generated by the Sub-Division also depict the projected revenue targeted to be collected by the Regional Office and the actual collections made. The Customs
Final Release
Private & Confidential
Page 77 of 245
TA4451-TAJ
Final Report
December 2006
revenue reports are required to be submitted to the Ministry of Finance (MOF). MOF provides the projected (target) revenue to be collected by each Regional Office. CD RT can only revise the targeted revenue (to meet state budget needs) with MOF’s sanction. Such request for change must be substantiated by historical data or other viable reasons. Revenue collected by the Regional Offices is transferred to the MOF’s account daily. 16
The Tariff and Non-Tariff Sub-Division is responsible for the preparation of legislations on tariff and non-tariff regulations as well as their review and revision when required. The Sub-Division also projects the revenue collected/lost from adoption of preferential schemes in conjunction with the Ministry of Economy and Industry. The Sub-Division prepares 10 reports monthly.
17
The Currency Control and Tariff Preferences also deals with the preparation of reports from data received by hand, electronic mail, telephone or the Internet. Internet submission is discouraged owing to the sensitivity of the data. Data on tariff preferences consists of 19 attachments from the Regional Offices. Data on currency control and tariff preferences provided to other organizations require the sanction of MOF. Close coordination is maintained with the Statistics Division for the validation of data received.
18
The Statistics Division serves as the central nerve centre of information. The Division is equipped with the most ICT equipment consisting of 10 computers, connected to LAN (with an administrator for the LAN) and 2 servers (one with access to the Internet). Radio modems are used for communication and transfer of data from the 5 Regional Offices. The Regional Offices are required to inform the Division prior to the transfer of data via the radio modems.
19
Data is collected from the Regional Offices once every 10 days. Data is received through the radio modems, diskettes or in physical hard copies. Offices near the CD headquarters dispatch their information by hand. Data via the radio modem is collected on 1 computer connected to the radio modem and is manually distributed to the staff for validation checks and report compilation. The Gorno-Badakhshan Regional Office dispatches physical copies of Customs declarations to the Statistics Division for manual reconciliation and extraction of data.
20
The Division has been maintaining information databases since 1996. The Division generates the required statistical reports for submission to CD’s management by the 5th day of the following month. The reports are subsequently submitted to the MSRD by the 10th day of the month. The Division is required to prepare 35 reports monthly.
21
The Division of Anti-Smuggling and Customs Offences has 4 Sub-divisions of (a) Anti-Smuggling and Infringement of Customs Rules; (b) Customs Investigations; (c) Analytical (National Communication Centre); and (d) Interdiction of Narcotic Drugs.
22
The Anti-Smuggling and Infringement of Customs Rules Sub-Division provides a monitoring and supportive role to the Regional Offices. Visits are made to the Regional Offices to assist in identifying methods to be adopted to prevent entry/exit of contraband. The unit also identifies types of goods that are normally the subject of smuggling. The sub-division also checks for weaknesses in the system and provides training to the officers of the Regional Offices. In addition the unit establishes profiles of Customs offenders (other than drug offenders) that are disseminated to the Regional Offices. On detection of Customs offences by the Regional Offices, the information is transferred to the Sub-Division after follow-up actions have been completed by the Regional Offices.
Final Release
Private & Confidential
Page 78 of 245
TA4451-TAJ
Final Report
December 2006
23
The Customs Investigations Sub-Division receives the reports of Customs offences detected. It collects and analyzes the information pertaining to the Customs offences detected. The Sub-division then prepares and recommends action to be taken against the offenders to the Ministry of Justice within 10 days of the receipt of the report on the offence detected.
24
The Analytical Sub-Division serves as a centre for the analysis, collection and dissemination of information on Customs offences. Intelligence to support Customs clearance and the prevention of smuggling is thus a key responsibility of the unit. The Sub-Division is also tasked with issuing instructions to prevent smuggling. The Sub-Division also plays a major role in international cooperation in respect of mutual administrative assistance. It is also the contact point for the World Customs Organization (WCO) Regional Intelligence Liaison Office (RILO) CIS region. [RILO CIS region has its head office Moscow. RILO is a part of the WCO's regional projects to establish and enhance information exchange among Customs administrations in individual countries concerning illicit drug trafficking and strengthening the analysis of information on trends in smuggling in respective regions]. The Sub-Division is also required to prepare and submit reports to the RILO office in Moscow on the local smuggling scene and the detection and seizures of illicit drugs.
25
The Narcotics Drugs Sub-Division is tasked with the prevention and interdiction of import/export of narcotic drugs including precursor materials. The Sub-division provides support to the Regional Offices on intelligence and profiles of narcotic drug offenders and methods of smuggling. The Sub-Division also takes follow-up action (such as the method of smuggling, the weakness in the system, if any, and the contacts of the offenders) when drugs are detected by the regional neighbours and which are believed to have originated from Tajikistan. The analysis of information received also assist the unit in formulating and developing strategies to combat drug smuggling. In all the Sub-Division has 7 Narcotic Detector Dogs in service and these are largely based near the Afghanistan and China borders. Within the region and under the auspices of the UN, the officers of the narcotic detector dog programme receive a three-months training course at Almaty. A narcotic detector dog is also provided to the country after the training course.
26
The Division of the Organization of Customs Control comprises 3 Sub-Divisions (a) Customs Regime; (b) Special Customs Sub-Division; and (c) Customs Clearance.
27
The Customs regime Sub-division prepares instructions and legislations related to the 18 Customs regimes established in the country. One of the standard operating procedure developed by the sub-division relates to the preparation and procedures on the completion of the Customs declaration. The sub-division also seeks the expert opinions/advice of the other Divisions and the controlling agencies (competent authorities which have controlled over the imports of products such as medicine (Ministry of Health), arms and explosives (Ministry of Defence) etc).
28
The Sub-division is also responsible for the registration of Customs Brokers. To assist interested persons, a bulletin was developed to provide information on procedures and requirements for the registration of a Customs broker. The subdivision also arranges dialogues with other stakeholders. Most dialogues arranged are not on a regular basis except for a quarterly meeting with the Customs Brokers, Customs Specialists and major traders. The quarterly meeting constitutes a Consultative Body for the airing of views of the Customs and the other stakeholders on major issues.
Final Release
Private & Confidential
Page 79 of 245
TA4451-TAJ
Final Report
December 2006
29
The Customs Special Sub-division is tasked with overseeing and monitoring of the Customs regime in respect of the import/export of electrical power and fuel (natural gas) resources. Tajikistan, except for the winter period, is a major exporter of energy resources to Uzbekistan, Kazakhstan, Kyrgyzstan and Afghanistan. The subdivision pays site visits to the energy generating plants for verification and accounting of exports. The sub-division works closely with the Ministry of Energy that has overall control over such establishments. Customs declarations are submitted quarterly since 2003 and actual exports are adjusted according for accounting and payment of Customs dues.
30
The Customs Clearance sub-division is responsible for providing clarifications to the other Division and Regional Offices in respect of the operation of the various types of Customs regimes. The sub-division established 3 types of Customs declarations namely incomplete declarations, provisional declarations and the regular one. Incomplete declarations are valid for 45 days but this form of declaration is rarely used owing to the lack of adequate information technology structure to keep track of the declarations. Such declarations developed were not restricted to types of goods and were introduced to facilitate traders’ cash flow problems and the lack of supporting documents. Provisional declarations are on a temporary basis subject to providing a complete regular declaration within a week.
31
The sub-division provides management reports on the Customs regime from data received monthly from the Regional Offices. A quarterly report is submitted to the management. However, data on the use of TIR carnets are provided after three days on entry into/exit from the country. Reports on use of temporary storage and bonded warehouses are required by the 10th day of the following month.
32
The Customs Laboratory provides support to the CD in the verification of authenticity of goods (including signatures on Customs documents) when required, conducts tests to ensure national standards are met and to provide expert opinions on the classification of goods sent to the laboratory for confirmation.
33
The Regional Offices. Each Regional Office has under its purview Customs subdivisions and posts (premises for carrying out customs clearance) and frontier customs posts located along the land-locked frontiers (designated entry/exit points) of Tajikistan's neighbors (Uzbekistan, Kyrgyzstan, China and Afghanistan). A total of 87 customs posts and stations are located in the country.
34
Except for frontier posts which are border crossings located near the borders of her neighbours, other Customs posts comprise either (a) terminals (road, rail and/or air) where goods are moved for temporary storage prior to gaining clearance and (b) Customs Clearance Posts where Customs clearance is accorded. For example, the Regional Office of Tursunzade oversees a frontier post (Dusti) overlooking the border of Uzbekistan and three terminals consisting of a truck terminal, a railway post (Regar) and an excise factory (Tajik Aluminum Factory). Other Customs Clearance Posts include one at Gizar and another at Shahrinav. In the Regional Office of Dushanbe, there is no frontier post. However there are 2 rail terminals, a truck terminal and an airport terminal that undertakes customs clearance of air travelers and air cargo. Other Customs Clearance Posts include Ainy and Kofarnigan.
35
To a large extent, only basic Customs clearance formalities, such as examination of the Customs declarations and supporting documents and placement of Customs seals or Customs escorts of convoys to terminals, are carried out at the frontier posts. The Dusti frontier post, for example, may have adequate land space to permit the construction of adequate facilities to accomplish Customs clearance (subject to
Final Release
Private & Confidential
Page 80 of 245
TA4451-TAJ
Final Report
December 2006
the supply of adequate electrical and water resources and the availability of funds). The frontier post adequately serves the clearance of overland commuter traffic (including movement of people by foot) from Uzbekistan despite the fact that the border between the two countries is wide open and with no physical barrier to separate them. This explains the establishment of a Border Guard Camp close to the border. 36
Rail traffic, for example, from Uzbekistan also does not stop at the border, as there are no stations thereat. Clearance of train passengers is carried out further inland at Regar where the facilities are of the barest minimum. Passengers are cleared at Regar before re-boarding the train for the continued journey to Dushanbe. Travelers may exploit the situation by disposing of illegal goods along the way (for example, by throwing the goods out along the tracks). Rail cargo is sealed before their onward journey to Dushanbe (where there are 2 railway terminals (one a shunting yard and terminal at Dushanbe-2 for holding of containers and rail wagons and the other Dushanbe-1 that also caters to rail passenger traffic) for Customs formalities.
37
The state-owned Tajik Rail Corporation operates the rail terminals. Basic storage facilities are established at such terminals and offices for Customs and other stakeholders such as Customs Brokers and rail traffic agents. Customs pays rental for the use of the office space within the terminal. A constant misgiving of the Customs attached to the terminal is the lack of facilities such as sheltered areas for checking cargo especially in bad weather conditions and a storage warehouse for goods found to have infringed Customs laws and regulations. Cargo not examined by Customs at the terminals is moved to private warehouses for extended storage and accomplishment of the appropriate Customs regime. Private warehouses (also licensed by Customs) are found in the vicinity of the rail terminals. The operators are required to furnish inventory control reports to the Customs on the goods held within their premises.
38
The rail operators provide Customs with rail manifests (rail bills of lading) that are presented under seal and only opened by the Customs authorities. The rail operators will inform the owners of the goods when the cargo arrives at or departs from the terminals. Customs performs selected examination of cargo usually based on local expert knowledge since their clients are known to the Customs. At Dushanbe-2, for example, an import of 30 twenty-foot equivalent units (TEUs) of containers is received. However, half of the cargo is imported by aid organizations.
39
An Airport Command manages clearance of air travelers and air cargo. There are no dedicated commercial cargo flights and goods are imported together with the normal flights arriving in the country. The flights carry 3 copies of air manifests. Most air cargo is cleared within 2 days of their arrival. All cargo is examined owing to the small number of imports that is about 2 to 3 tons per week.
40
Air travelers are required to undergo Customs clearance and a dual-channel (Red & Green) system is in place. However, most if not all passenger baggage is required to pass through the X-ray machines maintained by the Customs. The Customs do no receive prior information of the passengers and this is known only when the flight arrives and air manifests are presented. The Airport Command is also required to submit reports on air cargo received and their eventual disposition weekly and monthly to the Headquarters. Revenue collected at the terminal is transferred daily to the state budget.
41
Road Terminals for temporary storage of trucks are operated and maintained by the national Association of International Automobile Carriers (ABBAT). Movement of
Final Release
Private & Confidential
Page 81 of 245
TA4451-TAJ
Final Report
December 2006
trucks to the terminals is normally under Customs escort and in convoys. This would require that trucks be laid up at the frontier border before a convoy is gathered for the trucks to be escorted to the designated terminals. ABBAT officials at the frontier border determine the routes to be taken by the trucks. This is to ensure that the conditions and usage of the roads traveled by the particular trucks satisfy the weight and volume limit imposed by the Ministry of Transport. (This is done despite the absence of a weighing platform at the frontier border). Escorts fees amounting to about twice the salary of the escort officers are payable. 42
Trucks are permitted with Customs endorsement to travel inland to their designated points without escort. A bank guarantee (or insurance company guarantee) or cash deposit is required for such movements to prevent possible abuse. Clearance time ranges from 3 hours with proper trading documents being presented to between 15 to 50 days for cargo which have no complete (or required) trade and other supporting documents. Goods, which are not cleared under a proper Customs regime within 50 days, must be removed from the country. Temporary storage of cargo is allowed within the private warehouses for a period not exceeding 4 months. All exports are produced to the terminal for examination. Customs at road terminals are required to send monthly data to ABBAT through the regional Offices. Other data and reports submitted by the Customs at truck terminals include information on the amount of humanitarian and emergency aid received. Such imports are not subject to payment of Customs taxes.
43
Most of the data captured for transmission to the HQ are done manually in view of the scarcity of computers. The possibility of erroneously transcribing data exists. For example, 13 computers are spread over the Regional Office command of Tursunzade. Apart from the lack of computers, the frontier post of Dusti suffers from a lack of electrical and water resources. An X-ray machine for the examination of cross-border travelers baggage or packages lies idle. Dusti Post also does not have a weighbridge platform for the measurement of the trucks weight. The weight is a significant factor for the directing of the vehicle to the proper terminal or customs clearance post using the proper highway in compliance with the transport rules on road usage. The lack of electrical energy is likely to be resolved in 2006 with the introduction of energy generating projects undertaken by the government by this year.
44
The Regional Office allocates an officer to handle requests for data submission from the respective Central Office Divisions. For example, an officer at the Customs posts or offices & stations is designated the Statistics Division officer and all requests from the Statistics Division is undertaken by him.
45
Customs officers are also housed in the respective Customs posts to conduct Customs clearance. The private operators rent some of the offices out to the CD; whilst some are provided free.
Final Release
Private & Confidential
Page 82 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX B OVERVIEW OF STAKEHOLDERS RELATED TO CUSTOMS OPERATIONS AND TRADE FACILITATION
Final Release
Private & Confidential
Page 83 of 245
TA4451-TAJ
Final Report
APPENDIX B.
December 2006
OVERVIEW OF STAKEHOLDERS
1
Several stakeholders have been mentioned in the earlier description of the operations within the CD Regional Office. Other stakeholders apart from the CD include parties from the private and public sectors. Within the public sector, the controlling agencies play a vital part in determining the fast track clearance of cargo and/or the lowering of business costs.
2
The public sector is normally involved in the provision of licenses and certificates of approval. The bodies involved in the Tajikistan context consist of the following Ministries i. ii. iii. iv. v.
Ministry of Economy & Industry Ministry of Agriculture Ministry of Health Ministry of Defence Ministry of Transport
3
The establishment of national standards in line with international ones, certification, legal metrology and accreditation by the Tajikistan Standardization and Metrology Department. The Customs Laboratory also plays an important supporting role in this context as well.
4
The private sector comprises players such as: i. The Chambers of Commerce and Industry of the Republic of Tajikistan (CCI RT) ii. Freight Forwarding Organizations and in particular ABBAT, the national Association of International Automobile Carriers iii. Banks iv. Importers/Exporters v. Warehouse Operators vi. Telecommunications Operators
5
The CCI RT with 500 members from all sectors of the industry serves as a vehicle for the private sector to push for foreign investment. It has also developed a guide for foreign investment with the help of the EU and maintains a directory of import and export information within its website. In the present context the CCI RT is vested with the responsibility for the issue of Certificates of Origin (CO). The CO is in accordance with the UN CEFACT format. The issue of COs takes no more than an hour to accomplish. The CCI also has a Department for Inspection of Export and Import Goods certifying the purpose and results of the inspection. In the event of major calamities, the department also issues the “Certificate of Force Majeure Circumstances”. The CCI RT also issues preferential COs (pertaining to goods under free trade agreements (FTAs). The organization conducts survey of imported goods upon requests (although the officials expressed the wish to be present at all instances of import clearance) made to the department. Apart from such tasks the CCI RT conducts training programmes for its members. One such training program was the seminar on the Customs procedures contained in the Customs Code introduced in 2004. There is no existing use of electronic submissions and approval of COs though this is being looked into. Dialogues between the Customs and the organization are not on a regular basis and are ad hoc ones. The organization disseminates information in facsimile form or in circulars. The CCI RT expects Customs as well as other controlling agencies to expedite clearance and reduce the
Final Release
Private & Confidential
Page 84 of 245
TA4451-TAJ
Final Report
December 2006
burden of trade. The CCI RT also perceives that public sector must support their operational efficiency. 6
ABBAT has 7 members and was established on 6th December 1995. It is a member of the International Road Transport Union (IRU) located in Geneva. The IRU administers the UNECE Customs Convention on the International Transport of Goods under Cover of TIR Carnets (TIR Convention) (“TIR" stands for Transports Internationaux Routiers”, International Road Transport) which provides for the transit movement of goods from one country to another (including moving across several member countries without payment of Customs taxes and simplified Customs formalities. ABBAT represents Tajikistan as the guaranteeing association for uses of TIR carnets. It issues licenses and required documents for the organization of international transportation within and without the republic. ABBAT was established under a legislation providing for its setup as a non-governmental organization. Besides being responsible for the control of movement of international carriers in the country and the issue of TIR carnet nationally (at a price of US$100 per application), several other tasks have been discussed earlier, that is, the operation of truck terminals and the determination at the frontier borders for designated routes to be used by the international transport carriers. The Association also provides training such as use of the TIR to Tajik nationals and the traffic rules and regulations of other countries. It works closely with the government, in particular, the Ministry of Transport. Officials of ABBAT mentioned the plans for a dry port complex (to be managed by ABBAT) near the border crossing with Uzbekistan where most trucking traffic originate. Although land space is available the complex has not been built. ABBAT perceives the dry port complex as a one-stop clearance point for the complete accomplishment of Customs formalities thus doing away with the requirement to move to inland depots. The present clearance of trucks from the borders is said to be about 3 hours.
7
Banks in Tajikistan do not operate cheque payment systems and all transactions are either through payment by cash or bank transfers made electronically. The latter was introduced from 2000 onwards. Real time on-line transfers can be made between the Central Bank of Tajikistan (which administers the government’s accounts) and other local banks. However, in view of shortage of power supplies in the winter months, manual transactions have to be resorted to. The possibility of direct debit systems exists although electronic fund transfers is rarely conducted between the banks’ clients and the government sector. Local banks have recently provided for Internet banking services.
8
In the telecommunication sector, the republic has 10 operators in this sector. By far the largest private company is the Babilon Telecommunications Group. The operators in expanding their services are not aware of any national master plan for the provision of infrastructures to support their operations. Communications can be through the means of satellite, radio waves and through optical fibres. Babilon, for example, plans to expand its services through WIFI means via satellite means. In remote regions the company can ride on the lines provided by the national communications authority.
9
The warehouse operators provide logistical support for importers/exporters within premises that can consist of warehouse storage space, open container yards and open spaces for bulk cargo. Cargo not cleared cannot be removed pending Customs inspection. Although warehouses are licensed by the Customs, a complain expressed was the visits made by other controlling agencies as well. In one case, it was expressed that the Police officers also arrived for audit checks. Separate visits may also be made by the Customs and Tax Departments. A concern expressed was
Final Release
Private & Confidential
Page 85 of 245
TA4451-TAJ
Final Report
December 2006
the high costs of moving trucks from one location to another that could amount to US$50 per truck. Physical examination of 100% of the cargo especially in rail wagons and trucks (even though there was no infringements) tended to be adverse to the operators bottom line. Although provided by the rail or road terminal operators a 3 days free storage, the requirement to examine the complete shipment tended to cause delays and increase costs to the operators. Human intervention was felt to be a major issue giving rise to corrupt practice. An operator, in particular, expressed that there was no renewal notices that were sent to them prior to the expiry of their licenses. 10
The Customs Broker. By far the most important stakeholder is the importer/exporter or in all, if not most instances, his representative, the Customs brokers. A Customs Brokerage System is adopted by the Customs to facilitate import and export transactions. The Customs Broker may be a local juridical person, included in the Customs Broker Register (customs broker representative) (article 140 of CC RT). State Company (Enterprise) cannot act be as a customs broker (representative of customs broker).
11
Customs Brokers are individuals who have been certified and licensed by the Customs, after having attended a training course and successfully passed an examination conducted by the Customs. They obtained license “ Of conducting activity on customs affairs”.
12
Customs brokers are required to be registered with the CD. The broker is to produce the following supporting documents: Company Charter (or Certificate issued by the Ministry of Justice), a letter from his bank attesting to his credit-worthiness and the curriculum vitae of at least two (if not more) of his personnel qualified for training as Customs Specialists. The CD of MSRD issues a Certificate with a registration number to the Broker. Likewise CD also records the Certificate in a Register of Division on organization of Customs Control.
13
Individuals are eligible to become Customs Specialists so long as they attend the Customs training courses and successfully passed the examination. Successful Customs Specialists are registered with the CD. CD's objective is to ensure that individual who prepares and submits trade declarations is familiar with the declaration processes and be professional in their work attitudes.
14
A Customs Specialist is required to attend re-training if he commits more than 3 errors in his declaration submission. CD by way of training at least 2 persons from a customs broker's organization is to ensure that training is cascaded down to other staff of company through the trained specialists. The other staff should pass the examinations in CD after which they will be given identification numbers and allowed to execute Customs Declaration processing.
15
In the current system, the customs broker prepares a Customs declaration with supporting trade documents (commercial invoices, packing lists, certificates of origin) submitted by his clients. Most trade documents are prepared manually by the Customs Brokers whilst others have used front-end software such as “ALTA GTD” developed in Russia and modified for use in Tajikistan. The software is an integrated system, which mirrors the Customs declaration forms. Several databases are housed in the software including the tariff classification structure, exchange rates (updated every 10 days through notices and circulars from CD), etc. The software used by the brokers are however not compatible to the Customs system, the latter having developed using the Microsoft Visual FoxPro database program.
Final Release
Private & Confidential
Page 86 of 245
TA4451-TAJ
Final Report
December 2006
16
The customs brokers have also formed an association, which is about three months old to date. One of the associations' objectives is to seek consultation and participation of the CD for a more effective capturing of trade data. No electronic data interchange (EDI) transaction or simplified flat files of data on disks or other media for Customs purposes is available at this present stage. The end result is that trade data captured by the brokers will have to be re-entered by Customs officers when a declaration is submitted by the Customs Brokers to the Customs.
17
Based on the trade information entered into their systems, the broker prepares a declaration to be lodged with Customs. The declaration form which hold 54 fields is based on the United Nations Lay-Out Key (UNLK) and is common in the Commonwealth of Independent States (CIS) of which Tajikistan is a member (other members include Azerbaijan, Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russia, Turkmenistan, Uzbekistan and Ukraine). All the CIS countries had the advantage of starting from the same basic level in the development of a trade declaration form.
18
In view of their experience and knowledge through their past dealings with the CD, the brokers will notify their clients on the potential unacceptability of good values declared by the clients. Brokers typically maintain a database on acceptable range of values of products, in particular, motor vehicles. An important supporting document submitted with the declaration is called a “Declaration of Facts”, and it provides codes of the products, and their values, etc.
19
A trade declaration consists of a fan-fold set of 4 pieces of self-carbonized forms. One copy of the declaration is submitted to the Customs Statistics Division for the processing and extraction of trade data. The Statistics Division is also responsible for the timely submission of statistical trade data to the MSRD. The Statistics Division also collects, collates and submits to National Committee on Statistics of the Republic of Tajikistan. In addition, supporting units of the Division housed at Customs offices and stations at the Regional Offices prepares and submits their results to the Central Office.
20
The trade declaration forms are government-controlled documents serially numbered and can be purchased from the MSRD or the Regional Offices. The purchaser must produce a company letter to provide him with authorization to procure the declaration forms. Each form costs the buyer US$0.50. Lost Declaration forms have to be reported to the CD of MSRD. Each declaration submitted to CD for processing also costs about US$4.00.
21
The first copy of the declaration retained by Customs contains on the reverse side, the actions taken by Customs officials, and the results of checks and inspections conducted, etc. There is also a limit of a 100 line items to be submitted in a declaration to CD. The original copy of the declaration has space for 1 line item only. Additional declaration of line items will require use of continual declaration sets with each form providing for 3 additional line items. To date, the CD has not encountered declaration containing more than 100 line items. Declaration with more than 100 line items is normally related to temporary export or import out of/into the country for exhibitions.
22
The broker does not maintain any revolving credit system with Customs or his clients. No electronic fund transfer system is currently in place to facilitate the payment of duties and taxes. On completion of the preparation of the declaration, the broker will require payment from his clients for the payment of customs duties and other taxes in cash.
Final Release
Private & Confidential
Page 87 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX C OVERVIEW OF CUSTOMS PROCEDURES AND PROCESSES
Final Release
Private & Confidential
Page 88 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX C. OVERVIEW OF CUSTOMS PROCEDURES AND PROCESSES 1
The Declaration Process. The law requires traders to be registered n the Republic of Tajikistan as legal entities. To participate in the trade, the legal entities are required to register and be licensed by the TD of MSRD RT. A unique Tax Identification Number (TIN) is allocated to the registered traders. The TIN is required to be entered in trade declarations made to CD.
2
There are a total of 18 Customs regimes as follows: i. ii. iii. iv. v. vi. vii. viii. ix. x. xi. xii. xiii. xiv. xv. xvi. xvii. xviii.
Release for home use; Export; International customs transit; Processing in the customs territory; Processing for home use; Processing out of the customs territory; Temporary import; Customs storage; Re-import; Re-export; Destruction; Refusal in favor of state; Temporary removal; Duty-free trade; Free customs zone; Free storage; The displacement of supplies; Special customs regimes.
3
Clearance and Control (Import). Goods crossing the frontier are directed to Customs clearance offices and stations for examination and clearance. These offices consist of Road, Rail and Air Terminals. All imports and exports are required to be transported to the nearest Customs office and stations, or to a site chosen by the importer (or his representative, ie the broker) and with the consent of CD. Customs clearance is not completed at the frontier posts. Seals are usually placed on the cargo to ensure they are intact when directed to Customs offices and stations.
4
The Customs Specialists deposits the declaration at the appropriate Customs office and station. The Customs officials will verify the accuracy and/or acceptability of the declarations made. Subsequently the statistic subdivision’s specialist in regional offices is required to enter 16 fields of declaration into the FoxPro database program. CD had not continued to modify the database program for the capturing of the complete data available. The indication of technical difficulty was raised as a reason for the non-development of the input system. Customs statistics of foreign trade of the Republic of Tajikistan is maintained in accordance with “Integrated methodology on maintaining international trade statistics in the CIS countries” approver by the Decree of the Government of the Republic of Tajikistan No. 363 dated August 5, 1999.CD has no system of electronic declaring. Customs Declaration is filled in manually, all operations are duplicated during data entry into data base system. It often results in incorrect data capture.
5
Payment of customs duties and taxes may be made in advance to CD's deposit account; otherwise all payments are made at the time of clearance. Payments are
Final Release
Private & Confidential
Page 89 of 245
TA4451-TAJ
Final Report
December 2006
typically made in cash or via the mode of fund transfers. No cheques are used. Normally the confirmation of the receipt of monies by the CD is 2 days. 6
It was also established that imports made under a foreign currency value (other than in US$) were required to be first converted to US$ (using the CD determined exchange rate). The converted value in US$ was subsequently required to be converted to the local currency (somoni) for duty and tax payment purposes.
7
Export and import of controlled goods determined by legislation require approval and/or certification from other ministries and agencies of the republic. These include the Ministry of Agriculture, Health or Veterinary, State Inspection of Communication, Tajikstandard, Foodstuffs Corporation, Ministry of Environment, Ministry of Internal Affairs, Chamber of commerce & industry, Ministry of Energy.
8
The number of trade declarations for the first 10 months of 2005 was 44079. The number of declaration in 2004 was 57,915. Based on 2004’s statistics the average number of declarations per day are 241(using 57,915 declarations in 240 working days).
9
Clearance and Control (Export). Declarations are submitted to the Customs accompanied with supporting trade documents. Exports with claims for preferential treatment in the country of destination require the Certificate of Origin under Preferential Treatment issued and endorsed by the Customs.
10
Exporters are required to produce their consignments to the nearest Customs office and station. All exports are examined for infringements of currency control, export of national treasures and prohibited items.
11
Clearance and Control (Enforcement Measures). The physical examination of cargo is vested with the Regional Offices at the various Customs offices and stations. Additional control is performed by mobile teams (fast response teams). To facilitate trade the CD has also recently adopted post clearance checks of documents.
12
Risk Management. Risk management appears to be limited based on information received from EurAsEC member states. The risk management concept was also introduced at the start of this year and is aimed at facilitating trade based on the directive from the MSRD. A major problem is the building up of risk profiles as a result of a limitation of electronic databases.
13
Sharing of information between Customs offices and stations and between the Regional Offices is thus encouraged. The Post Clearance and Audit Division has also drawn up an elaborate checklist for the field officers to support a program for risk profiling. The procedure has not yet been adopted and is currently seeking Customs management approval.
14
It appears that there is a lack of shared responsibility for the introduction and the adoption of risk management techniques. The strategic promotion of risk management as a continuous process internally in the CD is also not apparent, as not every officer is involved in the risk management process. Constant monitoring and review and the treatment of risks is thus worthy of consideration.
15
Valuation and Classification. It is one of Tajikistan’s long-term economic goals to apply for membership to the World Trade Organization (WTO). Although some resemblance to the Customs Valuation Code is written into the Customs Code, the Tax Code may vary in terms of value being based on “market price”. This may be
Final Release
Private & Confidential
Page 90 of 245
TA4451-TAJ
Final Report
December 2006
similar to the application of the Brussels Definition of Value (BDV). BDV determined the basis of customs value as being the normal price paid or payable for a sale in the open market. The valuation was generally a notional one subject to arbitrary uplifts and the like. 16
The Rules of Valuation set down the methods of valuation to be applied in a step by step basis should the transaction value be rejected for reasons such as improper, inaccurate and suspect integrity of supporting trade documents. The various transaction value shall then be determined by the following: i. ii. iii. iv. v.
Transaction value of Identical Goods; Transaction Value of Similar Goods The Deductive Value The Computed Value The Fallback Method
17
The use of the “Declaration of Facts” can be considered a useful document towards the building up of a database for values of goods. CD appears to have made a good start and seems to be supported by brokers who are maintaining a generally “acceptable” value database, which hinges on the experience with Customs.
18
Where customs value is determined by MSRD RT, the importer can challenge the valuation. The dispute resolution mechanism is laid down in the Customs Code with reference first being made to CD and the last resort of taking the matter to court.
19
Classification of goods is based on the Harmonized System Codification, and a common EurAsEC Codification Book used by the Customs Statistics Division. The tariff codification is based on a 10-digit entry with the last two digits being used for local (in this case, regional) statistical reasons.
20
There are few requests for classification of goods from the private sector, including the customs brokers. The CD also does not charge for providing classification codes when requests are made.
Final Release
Private & Confidential
Page 91 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX D FUNCTIONAL REQUIREMENTS OF UAIS
Final Release
Private & Confidential
Page 92 of 245
TA4451-TAJ
Final Report
APPENDIX D.
December 2006
FUNCTIONAL REQUIREMENTS OF UAIS
1
This section states the software requirements of the UAIS. This means the software features that are absolutely necessary for the UAIS to work as planned are listed down.
A.
Manifests Control System 1.
2
Introduction
The Manifest Control System is for the following group of users to submit electronic manifest to CD RT: • • •
Rail and air terminal operators; Freight forwarders; and Carriers
3
The submission of electronic manifest can be either pre-arrival or upon actual arrival of vessel at the border posts or terminals of Tajikistan.
4
The main purpose of manifest submission is for Customs to do risk assessment on the shipment. It also allows CD RT to reconcile the manifest information with the goods declaration information that is submitted later.
5
Another important functionality of the Manifest Control System is that it allows CD RT to auto-process the submitted manifest documents according to the rules set into the System. 2.
Functional Requirements
6
The System shall consist of client-software and server-software processing.
7
Client-software processing handles the electronic manifest declaration and submission by the declarants. Declarants, in this case, are the terminal operators, carriers, and freight forwarders. Server-software processing consists of rule checks, validations and controls set by CD RT.
8
The Manifest Control client-software has the following functions:
9
It shall have a user interface (UI) for declarants to manage the electronic manifest. For example they can create, save, update, copy, delete, or print the manifest information using the application.
10
It shall allow declarants to make electronic withdrawal or amendment requests on the manifest that they had submitted.
11
It shall be able to validate user input and check for input or syntax errors before saving it to the database.
12
It shall allow declarants to manage user codes within the System. Examples of user codes are consignee information, product information, vessel or vehicle information etc.
Final Release
Private & Confidential
Page 93 of 245
TA4451-TAJ
Final Report
December 2006
13
It shall allow the submission of electronic manifest to the server-software through the Messaging Gateway. The submission of electronic withdrawal and amendment requests shall also be through the Messaging Gateway.
14
It shall allow the retrieval of Customs responses from the server-software after the submissions. This will also be through the Messaging Gateway.
15
It shall have a user interface (UI) for declarants to manage the Customs responses that they have received. For example they can view, or print the response details using the application.
16
It shall allow the retrieval of updated Reference Codes into the client-software. Examples of Reference Codes that can be downloaded are country codes, port codes, and unit of measurement etc.
17
It shall allow the declarants to generate timely reports in either hardcopy or softcopy.
18
The Manifest Control server-software has the following functions:
19
It shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manualprocessing area. All electronic manifests will be routed to auto-processing logic first.
20
It shall be able to receive electronic manifest documents from the client-software application through the Messaging Gateway.
21
It shall perform Customs rule validation check on the submitted manifest documents. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.
22
It shall flag document for follow-up by the CD Officer if the document fails certain rule checking. The document will be re-routed to online-processing area.
23
It shall be able to assess the risk of the shipment. This function is provided by interface with the Risk Management and Intelligence Subsystem.
24
It shall flag high-risk shipment for follow-up and the document re-routed to onlineprocessing area.
25
It shall be able to reconcile the manifest document with the goods declaration document. This function is provided by interface with the Reconciliation Engine.
26
It shall be able to trigger post Customs Control audit and inspection of cargo. This function is provided by interface with the Post-Clearance Subsystem.
27
It shall allow fees and payments to CD RT to be deducted from the declarant’s bank account. This function is provided by interface with Fees and Billing Subsystem.
28
It shall allow CD Officers to manually process documents that are flagged for followup by the auto-processing mechanism.
29
It shall allow CD Officers to view the details of the submitted document. For example, view the data fields of the document.
Final Release
Private & Confidential
Page 94 of 245
TA4451-TAJ
Final Report
December 2006
30
It shall allow CD Officers to assign follow-up action to the shipment. Examples of follow-up action at this stage would be for Customs Inspectors to inspect the shipment.
31
It shall allow the submitted electronic manifest to be tagged with a status after processing. Examples of status are Cleared, Approve, Reject, Additional Document Needed etc.
32
It shall be able to return both manual-processing and auto-processing response back to client-software through the Messaging Gateway.
33
It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.
34
It shall be able to generate reports in hardcopy as well as softcopy format.
B.
Declaration Control System 1.
35
Introduction
The Declaration Control System is for the following group of users to submit electronic Customs declaration to CD RT: • •
Brokers; and Customs Specialists
36
The declaration can be for import, export, transshipment, or Customs declaration of any Customs Regime. Approved declarations will be returned with a permit number by the System.
37
Approved declarations are needed for any movement of goods in and out of the country. Therefore submission of declaration for approval is to be done before the cargo arriving at the border posts or terminals, so that the permit can be obtained in time for cargo clearance.
38
Another important functionality of the System is that it enables CD RT to autoprocess or manual-process submitted Customs declarations. The System will reconcile the declarations with the shipping manifests received.
39
The System will auto-calculated duties and taxes payable by declarants, and deduct the appropriate amount from their bank account. It will also provide accurate data for Customs statistics reports. 2.
Functional Requirements
40
The System shall consist of client-software and server-software processing.
41
Client-software processing handles the electronic Customs declaration and submission by the declarants. Server-software processing consists of rule checks, validations and controls set by the CD RT.
42
The Declaration Control client-software has the following functions:
Final Release
Private & Confidential
Page 95 of 245
TA4451-TAJ
Final Report
December 2006
43
It shall have a user interface (UI) for declarants to manage the electronic Customs declaration. For example they can create, save, update, copy, delete, or print the declaration information using the application.
44
It shall allow declarants to make electronic withdrawal or amendment requests on the Customs declaration that they had submitted.
45
It shall be able to validate input and check for input or syntax errors before saving it to the database.
46
It shall allow declarants to manage user codes within the System. Examples of user codes are importer, exporter, and forwarders information, as well as product and goods information etc.
47
It shall allow the submission of Customs declarations to the server-software through the Messaging Gateway. The submission of electronic withdrawal and amendment requests shall also be through the Messaging Gateway.
48
It shall allow the retrieval of Customs responses after the submissions through the Messaging Gateway. Response includes the approved Customs declaration.
49
It shall have a user interface (UI) for declarants to manage the Customs responses that they have received. For example they can view, or print the response details using the application.
50
It shall allow the retrieval of updated Reference Code into the System. Examples of Reference Code that will be downloaded are HS Code, country and port codes etc.
51
It shall be able to retrieve updated Customs Exchange Rate through the Messaging Gateway. This exchange rate will be used by the client-software when there is a need to convert from foreign currency to the RT currency.
52
It shall allow the declarants to generate timely reports in either hardcopy or softcopy.
53
The Declaration Control server-software has the following functions:
54
It shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manualprocessing area. All electronic Customs declarations will be routed to autoprocessing logic first.
55
It shall allow Border Post Officer to check on an approved Customs declaration either by bar code scanning, or entering the permit number. The status and follow-up action for the permit will be displayed to the Officer. Example of follow-up action will be to let the cargo pass, or to conduct a check on the cargo.
56
It shall be able to auto-receive Customs declarations from the client-software application through the Messaging Gateway.
57
It shall have the capability to auto-process and return processing response back to client-software. CD Officers shall have the ability to set and edit the auto-processing rules by the Rule Engine.
Final Release
Private & Confidential
Page 96 of 245
TA4451-TAJ
Final Report
December 2006
58
It shall perform Customs rule validation check on the submitted declaration documents. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.
59
It shall flag document for follow-up by the CD Officer if the document fails certain rule checking. The document will be re-routed to online-processing area.
60
It shall be able to assess the risk of the cargo that is declared. This function is provided by interface with the Risk Management and Intelligence Subsystem.
61
It shall be able to validate the correctness of the cargo value that is declared. This function is provided by interface with the Valuation Subsystem.
62
It shall flag high-risk cargo for follow-up and the document re-routed to onlineprocessing area.
63
It shall be able to reconcile the goods declaration document with the manifest document. This function is provided by interface with the Reconciliation Engine.
64
It shall be able to calculate and compute the duty and tariff that is applicable to the cargo declared. This function is provided by interface with the Tariff and Duty Management Subsystem.
65
It shall be able to update the Warehouse Control System whenever the declaration contains cargo movement to or from licensed warehouses and lots. This function is provided by interface with the Warehouse Control System.
66
It shall be able to compute and calculate the security deposit balance whenever the declaration contains cargo that requires security deposit. This function is provided by interface with the Security Deposit Subsystem.
67
It shall be able to validate the certificate and license number that is provided in the electronic Customs declaration. This function is provided by interface with the Certificate and License Control System.
68
It shall be able to trigger post Customs Control audit and inspection of cargo. This function is provided by interface with the Post-Clearance Subsystem.
69
It shall allow fees and payments to Customs to be deducted from the declarant’s bank account. This function is provided by interface with Fees and Billing Subsystem.
70
It shall allow CD Officers to manually process documents that are flagged for followup by the auto-processing mechanism.
71
It shall allow CD Officers to view the details of the submitted declaration. For example, view the data fields of the document.
72
It shall allow CD Officers to assign follow-up action to the Customs declaration. Examples of follow-up action at this stage would be for Customs Officers to seal the cargo, or for Customs Inspectors to inspect the goods at the warehouse.
73
It shall allow the submitted Customs declaration to be tagged with a status after processing. Examples of status are Approve, Reject, Additional Document Needed etc. In addition, a permit number shall be returned once the declaration is approved.
Final Release
Private & Confidential
Page 97 of 245
TA4451-TAJ
Final Report
December 2006
74
It shall be able to return both manual and auto processing status back to clientsoftware through the Messaging Gateway.
75
It shall provide functionality for CD Officer to manage Customs Exchange Rates within the System. Updated rates will be sent to client-software through the Messaging Gateway.
76
It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.
77
It shall be able to generate reports in hardcopy as well as softcopy format.
C.
Warehouse Control System 1.
Introduction
78
The Warehouse Control Subsystem is mainly for CD RT to track and account for all its licensed warehouses’ cargo quantity and value, as well as track inter-warehouse transfers.
79
The client-software of the System will be used to store and submit inventory data and cargo valuation data to the server-software. It can handle goods for duty free shops, as well as general goods.
80
The server-software is used to track all licensed warehouses’ inventory based on approved Customs declarations. All movement of cargo to and from the warehouses is tracked. It can also generate comprehensive reports for CD Officers to do post Customs Control audit and inspection. 2.
Functional Requirements
81
The System shall consist of a client-software and server-software processing.
82
Client-software application is used to capture the cargo data and cargo value that is in the warehouse. It also handles the electronic submission of the quantity and valuation data to the server-software.
83
Server-software application keeps track of warehouse inventory and content by drawing data from Customs declaration that is submitted. It will also tally its data with the information submitted by the client-software.
84
The Warehouse Control client-software has the following functions:
85
It shall have a user interface (UI) for Warehouse Operator to manage the warehouse and lot information. For example he can enter, save, update, copy, delete, or print the warehouse and lot information using the application.
86
It shall allow the Warehouse Operator to manage goods movement to and from the warehouses and lots. In other words, add or subtract the cargo quantity and Stock Keeping Unit (SKU) as they arrive and leave the warehouse.
87
It shall allow the Warehouse Operator to manage inventory value of stocks that are being stored. In other words, adjust the inventory value of the SKU as they arrive and leave the warehouse.
Final Release
Private & Confidential
Page 98 of 245
TA4451-TAJ
Final Report
December 2006
88
It shall be able to validate input and check for input or syntax errors before saving it to the database.
89
It shall allow the electronic submission of inventory quantity and inventory valuation to the server-software through the Messaging Gateway. Data to be submitted to the server-software includes approved Customs declaration number, warehouse number, lot number, goods quantity, and goods value.
90
It shall allow retrieval of Customs response through the Messaging Gateway.
91
It shall allow the retrieval of updated Warehouse Code into the System. Examples of Warehouse Code that will be downloaded to client-software are inventory transfer codes, removal codes, or inventory unit of measurements etc.
92
It shall allow the Warehouse Operator to generate reports in either hardcopy or softcopy.
93
The Warehouse Control server-software has the following functions:
94
It shall allow CD Officers to manage warehouse and lot data. Example of the information that can be managed is the warehouse and lot numbers, the cargo that it can contain etc.
95
It shall allow CD Officers to manage Warehouse Operators’ details. Example of the information that can be managed is the Operator license and name, expiry date, TIN number etc.
96
The server-software of the System shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manual-processing area.
97
It shall be able to auto-receive inventory quantity and valuation report from the clientsoftware through the Messaging Gateway.
98
The report from client-software shall trigger the System to tally the figures received against the figures that the System tracks in its database. Discrepancy may trigger an inspection to the warehouse.
99
It shall be able to receive inventory movement report from the Declaration Control System.
100
The report from Declaration Control System shall trigger the System to add or subtract the declared cargo from its warehouse and lot database.
101
It shall perform rule validation check on the submitted data from client-software. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.
102
It shall allow CD Officers to assign follow-up action to the submission. Examples of follow-up action at this stage would be for Customs Inspectors to check on the warehouse or lot.
103
It shall be able to return Customs acknowledgement to the client-software through the Messaging Gateway.
Final Release
Private & Confidential
Page 99 of 245
TA4451-TAJ
Final Report
December 2006
104
It shall provide functionality for CD Officer to manage and maintain Warehouse code within the system. Updated codes will be sent to client-software through the Messaging Gateway.
105
It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.
106
It shall be able to generate reports in hardcopy as well as softcopy format.
D.
Certificate and License Control System 1.
107
The Certificate and License Control System is for the following group of users to submit electronic certificate or license application to CD RT: • • •
108
Importers; Exporters; and Traders
The applicants can apply for certificates from the following Agencies: • •
109
Introduction
Tajikistan Chamber of Commerce and Industry (CCI) Tajikstandard
The applicants can apply for license from the following Ministries (for example): • Ministry of Agriculture of RT • Ministry of Health of RT (this list is not exhaustive and will include all the government agencies which have control over the licensing and approval for the import and export of controlled products such as arms and explosives, artifacts, etc)
110
The applicant can then either print out the certificates or license from the clientsoftware, or collect them at the Agencies and Ministries.
111
An important functionality of the system is that it allows Officers of the Agencies and Ministries to login to receive and process application for certificate or licenses.
112
The System will auto-calculated fees payable by applicants, and deduct the appropriate amount from the designated financial institution. 2.
Functional Requirements
113
The System shall consist of a client-software and server-software processing.
114
Client-software processing handles the certificate or license application used by the trading community to facilitate electronic certificate and license application and printing. Server-software processing consists of rule checks, validations and controls set by the Agencies or Ministries.
Final Release
Private & Confidential
Page 100 of 245
TA4451-TAJ
Final Report
December 2006
115
The Certificate and License Control client-software has the following functions:
116
It shall have a user interface for applicants to manage the applications that they are submitting. For example they can create, save, update, copy, delete, or print the application details.
117
It shall allow applicants to make withdrawal or amendment requests on the application that they had submitted.
118
It shall be able to validate input and check for input or syntax errors before saving it to the database.
119
It shall allow applicants to manage user codes within the system. Examples of user codes are importer, exporter, and forwarders information, as well as product and goods information etc.
120
It shall allow the submission of electronic application to the server-software through the Messaging Gateway. The submission of withdrawal and amendment requests shall also be through the Messaging Gateway.
121
It shall allow the retrieval of Agency responses after the submissions through the Messaging Gateway. Response may include electronic format of the certificate itself.
122
It shall have a user interface for applicants to manage the Agency responses that they have received. For example they can view, or print the response details using the application.
123
It shall allow the retrieval of updated Reference Code into the System. Examples of Reference Code that will be downloaded are certificate types, country and port codes etc.
124
It shall allow the applicants to generate timely reports in either hardcopy or softcopy.
125
It shall allow the printing of electronic Certificate Of Origin or other certificate types.
126
The Certificate and License Control server-software has the following functions:
127
It shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manualprocessing area. All electronic applications will be routed to auto-processing logic first.
128
It shall be able to auto-receive certificate or license applications from the clientsoftware through the Messaging Gateway.
129
It shall have the capability to auto-process and return processing status back to client-software. Agency Officers shall have the ability to set and edit the autoprocessing rules by the Rule Engine.
130
It shall perform validation check on the submitted applications. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.
Final Release
Private & Confidential
Page 101 of 245
TA4451-TAJ
Final Report
December 2006
131
It shall allow the Agency Officer to manually process application for follow-up if the application fails certain rule checking. The application will be re-routed to onlineprocessing area.
132
It shall allow the Agency Officer to view the details of the submitted application. For example, view the data fields of the document.
133
It shall allow Agency Officers to upload certificate or license data to the System via a user interface. An example will be the issued license database, or the permitted certificate users etc.
134
It shall be able to deduct fees and payments from the applicant’s account. This function is provided by interface with the Fees and Billing Subsystem.
135
It shall allow the submitted application to be tagged with a status after processing. Examples of status are Approve, Reject, Additional Document Needed etc. In addition, an electronic copy of the certificate may be returned once application is approved.
136
It shall be able to return Agency Response back to client-software through the Messaging Gateway.
137
It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.
138
It shall be able to generate reports in hardcopy as well as softcopy format.
139
It shall be able to interface with systems of other Agencies or Ministries. This is provided so that the Certificate and License Control System can be expanded to process more types of documents in the future. For example, if the System is linked up with the Ministry of Defense, then it will be able to process application to export or import firearms.
E.
Registration Subsystem 1.
Introduction
140
The purpose of the Registration Subsystem is to provide a centralized application where the trade and logistic community can be registered with the UAIS as users.
141
The CD Administrators have to register companies, then individuals from that company. They can grant access rights to users based on the Core Systems that they use, and assign user roles to them.
142
Other than company and declarant contact information, this Subsystem keeps the bank account information of users as well. The bank account information will be used for billing and duty deduction.
143
The Subsystem is able to verify and authenticate the registration data with national registry in other Ministries to ensure that users of UAIS are accounted for.
Final Release
Private & Confidential
Page 102 of 245
TA4451-TAJ
2.
Final Report
December 2006
Functional Requirements
144
It shall allow registering of company profiles. A company profile identifies a business entity within the UAIS. It will include information such as company name, address, and a unique identifier. The unique identifier for a company is usually its TIN.
145
It shall be able to verify a company’s unique identifier with an external registration database if required.
146
It shall store the company bank account information and payment preferences. This information will be used for billing, as well as any payment needed.
147
It shall allow updating the status of a company account. A company account may have one of the following statuses: Created, Registered, Deregistered, and Blacklisted.
148
It shall allow registering of user profiles. A user profile identifies a person within the UAIS. A user profile is associated with an account, and it usually includes information such as name, address and identification number of the person.
149
It shall be able to verify a person’s identification number with an external registration database if required.
150
It shall allow updating the status of a user account. A user account may have one of the following statuses: Created, Registered, Deregistered, and Blacklisted.
151
It shall allow the CD Administrators to assign user rights and role to each of the user account.
152
It shall allow the CD Administrators to check, verify and approve a company or a user account.
153
It shall allow other Subsystems to query its database for company or user contact information.
154
It shall allow other Subsystems to query its database for bank account information for payment deduction purposes.
155
It shall provide a function for notifying the company or user of the status of their application.
156
It shall provide a function for banks to be notified that it has to setup an auto-debit account for the company or user.
157
It shall be able to generate reports from the company ID and user ID database. There should be various filters that can be used in the generation of the reports.
158
It shall be able to schedule report generation, or produce them on-demand.
Final Release
Private & Confidential
Page 103 of 245
TA4451-TAJ
F.
Final Report
December 2006
Administration Subsystem 1.
Introduction
159
The Administration Subsystem is used by CD Administrators to assign user roles and rights to Customs officers. It is similar in concept to the Registration Subsystem, but for CD RT personnel only.
160
In addition, the Subsystem is the communication center for CD RT to send information to stakeholders of the UAIS. It can store and send notices and circulars, as well as make announcements to external parties. 2.
Functional Requirements
161
It shall allow registering of CD Officers as users of the UAIS. A user account will be created for each CD Officer registered.
162
It shall allow registering of UAIS users from outside the CD as well. For example users from Ministry of Finance, or from Agencies such as the Tajikistan Chamber of Commerce and Industry.
163
It shall allow updating the status of the user account. An account may have one of the following statuses: Created, Registered, Deregistered, and Blacklisted.
164
It shall be able to notify users by email or fax upon any change of the status of the user account in the UAIS system.
165
It shall allow the CD Administrators to assign user rights and role to each of the user account. The user rights will restrict user to which System or Subsystem he can access, while user role will restrict the user within that System or Subsystem.
166
It shall allow the CD Administrators to check, verify and approve officer profile registration.
167
It shall allow the CD Administrators to manage the UAIS Communication Center. The Communication Center consist of user interface to send circular, notices, emails and faxes to stakeholders, as well as external parties.
168
It shall be able to retrieve contact information of stakeholders of the UAIS by interface with the Registration Subsystem.
169
It shall be able to store and retrieve contacts of other Agencies, organizations, and governments.
170
It shall be able to generate reports from the related database tables. There should be various filters that can be used in the generation of the reports.
171
It shall be able to schedule report generation, or produce them on-demand.
Final Release
Private & Confidential
Page 104 of 245
TA4451-TAJ
G.
Final Report
December 2006
Tariff Nomenclature Subsystem 1.
Introduction
172
The Tariff Nomenclature Subsystem is for CD Officers to manage and control the codes that are used throughout the UAIS. For example HS Code, country code, port codes, and product codes etc. CD Officers can also use the Subsystem to set the tariff rates to the goods.
173
The codes managed by the Subsystem can be international standard codes, or RT standard codes.
174
Finally, it can also update the Core System client-software with new or changed code through the Messaging Gateway. 2.
Functional Requirements
175
It shall allow the CD Officer to manage HS Code table. This includes creation, save, update and delete of HS Code, its description, and its standard Unit of Measurement etc.
176
It shall allow the CD Officer to mange Core Systems’ code. This includes creation, save, update and delete of international standard (ISO standard) country code, port code, and other codes etc.
177
It shall allow the CD Officer to manage Subsystems’ code. This includes creation, save, update and delete of permit code, rejection code etc. CD RT usually defines these codes.
178
It shall allow the CD Officer to manage the tariff rates of goods. This includes setting the tariff rates, update, and delete the rates. Tariff rates can be set for individual HS Code, or a broad category.
179
It shall support preferential rate settings.
180
It shall be able to help validate and ensure that correct tariff rate is applied to Customs declaration. This function is provided to the Declaration Control System by an interface.
181
It shall allow the CD Officer to send updated codes to client-software of the UAIS via the Messaging Gateway.
182
It shall allow the CD Officer to notify users of the client-software by circular, email or fax that Reference Code has been updated.
183
It shall be able to retrieve contact information of client-software users of the UAIS by interface with the Registration Subsystem.
184
It shall be able to support upload and download of codes in Comma Separate Value (CSV) format.
185
It shall be able to support effective and defunct of the codes by the date and times defined by the CD Officers and not require any system downtime for them to take effect.
Final Release
Private & Confidential
Page 105 of 245
TA4451-TAJ
Final Report
December 2006
186
It shall be able to generate reports from the related database tables. There should be various filters that can be used in the generation of the reports.
187
It shall be able to schedule report generation, or produce them on-demand.
H.
Valuation Subsystem 1.
Introduction
188
The Valuation Subsystem is mainly for CD Officers to track the standard value of goods. CD Officers can use it to create and maintain the goods valuation database.
189
The Subsystem also handles the validation of cargo value that is declared by declarants. It will analyze the declared value and flag any non-conformance. It automatically adjusts its database of values as it collects more data. 2.
Functional Requirements
190
It shall allow the CD Officer to manage the goods valuation database. This includes create, save, update, copy, and delete the valuation value, its allowable range, and its standard Unit of Measurement etc.
191
It shall be able to handle cargo value validation when requested by the Declaration Control System. The validation will involve matching the goods allowable value with the one in the Customs declaration.
192
It shall be able to flag the Customs declaration for follow-up, or alert the CD Officer when it encounters a non-conformance.
193
It shall be able to collect and adjust its valuation database as more data is analyzed. For example, the allowable value range may be adjusted.
194
It shall be able to generate reports from the related database tables. There should be various filters that can be used in the generation of the reports.
195
It shall be able to schedule report generation, or produce them on-demand.
I.
Customs Conditions subsystem 1.
Introduction
196
The main function of Customs Coding subsystem is to allow CD Officers to program the RT Customs Code into the UAIS. This will ensure all processing of manifest and Customs declaration by the UAIS is carried out according to the Customs Code, with consistency and effectively.
197
CD Officers will program processing rules and logic into the UAIS using the Rule Editor of the Rule Engine. 2.
198
Functional Requirements
It shall allow the CD Officer to create processing rules of the Core Systems. Rule Editor provides this function, which is part of the Rule Engine. Examples of a rule will
Final Release
Private & Confidential
Page 106 of 245
TA4451-TAJ
Final Report
December 2006
be “Import declaration must be submitted before vessel arrival date”, or “Gross weight of cargo must be equal to the sum of all the items declared”. 199
It shall allow the CD Officer to manage rules that have been created. This includes update, copy, and delete.
200
It shall be able to generate reports from its related databases. There should be various filters that can be used in the generation of the reports.
201
It shall be able to schedule report generation, or produce them on-demand.
J.
Post-Clearance Subsystem 1.
Introduction
202
The Post-Clearance Subsystem has two main functions. One is the inspection scheduling and tracking. The other is post audit team (CD Inspectors) management.
203
It can be used to handle inspection requests that are triggered by the Manifest Control, Declaration Control, or the Warehouse Control System. CD Officer will use it to schedule inspections, as well as view detail of cargo that requires inspection.
204
CD Inspectors personnel and contact information is stored in this Subsystem. The CD Officer using the Subsystem can deploy them. 2.
Functional Requirements
205
It shall be able to receive follow-up requests from Core Systems such as Manifest Control, Declaration Control, and Warehouse Control. Follow-up request means that a post Customs Control audit on the cargo is required.
206
It shall allow CD Officer to manage Customs inspections. For example, the CD Officer can schedule inspection based on the schedule of cargo arrival, the location of the cargo, and the personnel available.
207
It shall allow CD Officer to assign Customs Inspectors to declarations that are marked for inspection.
208
It shall allow CD Officer to schedule ad-hoc inspections that are not triggered by the Core systems. This is needed to handle calls from Warehouse Operators to open sealed cargo.
209
It shall lodge a case with the Customs Offence Subsystem whenever an inspection is scheduled. This will ensure that the inspection result is tracked. This function is provided by an interface of the Customs Offence Subsystem.
210
It shall allow CD Officer to send inspection notice to the related CD Inspector to inform him of his inspection schedule.
211
It shall allow CD Inspectors to receive notice of impending inspection schedule. This can be in the form of email and SMS alerts.
212
It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.
Final Release
Private & Confidential
Page 107 of 245
TA4451-TAJ
Final Report
December 2006
213
It shall be able to schedule report generation, or produce them on-demand.
K.
Customs Offence Subsystem 1.
Introduction
214
The Customs Offence Subsystem is used by Customs Inspectors to enter inspection result and offence data. The Customs offences will be tracked in the UAIS database.
215
It assists CD Inspectors in the recording and categorizing of offence data, as well as interface with Risk Management and Intelligence Subsystem. Inspection results are feedback into the Risk Management Subsystem in order to improve its effectiveness. 2.
Functional Requirements
216
It shall have a function for CD Inspectors to manage Customs offence codes. For example, CD Officer can create, save, update, copy, and delete offence codes. Offence codes here means codes that represent different types of offences.
217
It shall be able to create an inspection result case when triggered by the PostClearance Subsystem. This will ensure that all inspections are tracked and result saved into the Subsystem.
218
It shall allow CD Inspectors to input inspection result into the Subsystem. For example the inspection date and time, duration, location, findings and observations. Inspection result may or may not end with an offence.
219
It shall allow CD Inspectors to manage Customs offence details and launch follow-up actions. For example, CD Officer can create, save, update, copy and delete offence details.
220
It shall be able to update the Risk Management and Intelligence Subsystem with the inspection results so that the effectiveness of the Subsystem can be improved in the future.
221
It shall be able to trigger fine payment when an offence is committed. This function is provided by interface with the Fees and Billing Subsystem.
222
It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.
223
It shall be able to schedule report generation, or produce them on-demand.
L.
Duty Payment Subsystem 1.
224
Introduction
The Duty Payment Subsystem has two main functions. One is to handle duty and charges calculation and collection. The other function is to link up with financial institutions, for example banks, to deduct the funds from declarants’ accounts.
Final Release
Private & Confidential
Page 108 of 245
TA4451-TAJ
225
Final Report
December 2006
The Subsystem automatically calculates duties and other taxes for each Customs declaration based on the customs value, classification of the goods, and various duty, taxes and fee rates applicable. 2.
Functional Requirements
226
It shall be able to help the Declaration Control System to compute and verify the duty payable in the Customs declaration. This function is carried out by interface with the Tariff Nomenclature Subsystem.
227
It shall be able to check with the Registration Subsystem whether the declarant is capable of payment of duties by auto-payment method. Whether he still requires manual-payment.
228
For auto-payment, the Subsystem shall be able to trigger auto-payment of duties once the amount payable is verified. This function is provided by interface with Banks. This is known as auto-debit of funds from the declarant’s bank account.
229
If auto-payment is not available for the declarant, CD Officer will wait for the declarant to pay the duties manually, before entering the payment details into the Subsystem to release the Customs declaration.
230
It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.
M.
Fees and Billing Subsystem 1.
Introduction
231
The Fees and Billing Subsystem has an important function – to bill users and to collect money. It will generate monthly bills to users of the UAIS, and also helps CD RT to collect fines from declarants who had committed Customs offences.
232
The monthly bill amount will be based on usage of the UAIS. For example, it can be by the number of electronic Manifest or Customs Declaration submitted, or it can be a flat monthly amount.
233
CD Officers also use the Subsystem to manage the billing cycle and charge codes of the UAIS. 2.
Functional Requirements
234
It shall provide several modes of payment or collection, in accordance to the legislation of the Customs Code. The user through the Registration Subsystem should specify the mode of payment.
235
It shall have function to debit from user’s account the fees calculated by the UAIS. This functionality is provided by direct-debit interface with banks.
236
It shall have function to make repayment (credit) back to users in case they are over charged or had made changes to their Customs declarations.
237
It shall have deferred payment mechanism for late payment.
Final Release
Private & Confidential
Page 109 of 245
TA4451-TAJ
Final Report
December 2006
238
It shall have function to collect surcharge amount from the user for delayed or late payment.
239
It shall allow the CD Officer to manage the billing mechanism of the Subsystem. For example set the auto-billing date, set the billing frequency, or set the billing preferences.
240
It shall allow the CD Officer to manage the charge codes of the UAIS. For example, different methods of charging will have different charge codes.
241
It shall allow the CD Officer to mange the application codes of the UAIS, and associate the applications with charge codes. For example Manifest Control System and Declaration Control System will each have an application code, but they may have difference charge codes to indicate different billing rate.
242
It shall be able to handle transaction triggers from the Core Systems and log the transactions for the monthly billing.
243
It shall be able to handle fees and fine payment triggers from the Customs Offence Subsystem and Registration Subsystem.
244
It shall allow CD Officer to view transaction history of each account or user ID.
245
It shall be able to generate payment notice or payment receipt.
246
It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.
N.
Security Deposit Subsystem 1.
Introduction
247
The Security Deposit Subsystem provides facilities for managing securities lodged by traders, importers, or exporters. This is to cover both goods moving in and out of Customs territories. Information such as security applicants, providers, as well as forms and types of security are captured and stored online. CD RT will maintain such information.
248
Traders can lodge their security applications, which will then be processed by CD Officers with approval or rejection. Functions such as review request, discharge request, liquidation request, and exemption request are also provided in this Subsystem. 2.
Functional Requirements
249
It shall allow CD Officers to manage a list of pre-defined security purposes. There will be procedures and conditions attached to each purpose.
250
It shall allow the CD Officers to capture security applications and its details through an interface. It could either be normal lodge, a waiver application or an exemption application.
251
It shall have a function for CD Officers to check and verify the security applicant and application with financial institutions through the Messaging Gateway component.
Final Release
Private & Confidential
Page 110 of 245
TA4451-TAJ
Final Report
December 2006
252
It shall be able to interface with the Warehouse Control Subsystem to validate whether the security lodge amount is sufficient for the inventory held at the warehouse.
253
It shall be able to handle review request, discharge request, liquidation request, and exemption request and be able to process them accordingly.
254
It shall provide a facility for liquidating filed securities, and determining the amount of security subject for liquidation. This is used for non-compliance with any customs procedures, thus, resulting to liquidation as a form of penalty.
255
It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.
256
It shall be able to generate reports in hardcopy as well as softcopy format.
O.
Risk Management and Intelligence Subsystem 1.
Introduction
257
The Risk Management and Intelligence Subsystem have two main functions. First is that it helps to identify and flag any potential threats or non-conformance, and alerts the CD Officer. Second is that CD Officers can specify and set the risk criteria for each Core System.
258
In addition, the Subsystem can be used to build risk profile for companies as well as individual; this can be referred to as the Blacklists.
259
It can take in risk data from external systems and incorporate this data into its criteria for consideration. However, this data has to be of pre-defined file format, or it has to be converted through the Conversion Engine.
260
The Subsystem can analyze trends and projections. The overall goal is to provide Customs with an intelligent system that allows it to direct its limited resources to potentially high-risk consignments. 2.
Functional Requirements
261
It shall allow the documentation of identified risk with the recording of risk criteria using online tools, so that these new risk can be stored in the database and used in the future.
262
It shall be able to import risk data or profiles from systems external to the UAIS and notify CD Officers of the new threats.
263
It shall be able to analyze and assess the risk of the cargo from the Manifest and Declaration Control Systems. It will alert the CD Officer whenever it detects a threat.
264
It shall be able to analyze data from the Post-Clearance and Offence Subsystems and automatically build up the risk profile of a company, a person, or for certain types of cargo.
Final Release
Private & Confidential
Page 111 of 245
TA4451-TAJ
Final Report
December 2006
265
It shall be able to prompt CD Officer to update the risk criteria and database if it detects that more non-conformances and offences have been committed.
266
It shall allow CD Officers to mange risk profiles of company, person, and cargo. For example, risk profiles can be flagged to ignore or highlighted for follow-up when appropriate.
267
It shall allow CD Officers to specify instruction and the required action upon risk detection.
268
It shall have the function to generate a Blacklist of companies or persons to be used by the Core Systems.
269
It shall include analytical tools to analyze the risk data that it has collected. Analysis result should be able to help CD Officers in determining how to reduce the areas of threat or non-conformance.
270
It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.
271
It shall allow the CD Officer to generate reports of threats or profiles from the risk database, and send them to external systems. For example the HQ of RILO.
272
It shall allow the CD Officer to manually manage the system alerts when threat is detected.
273
It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.
274
It shall be able to generate reports in hardcopy as well as softcopy format.
P.
Customs Statistics Subsystem 1.
Introduction
275
The Customs Statistics Subsystem is used by CD Officers to generate customs and trade statistics for the CD RT or the Ministry.
276
The Subsystem can be scheduled to generate routine reports, or be operated to generate reports on-demand. Data will be drawn from the UAIS central database. 2.
Functional Requirements
277
It shall allow CD Officer to generate pre-programmed reports as well as ad-hoc ones based on the flexible filtering criteria of the Report Engine interface.
278
It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.
279
It shall be able to generate reports in hardcopy as well as softcopy format. Softcopy format include, PDF format, CSV format, and Microsoft Excel format.
280
It shall allow the CD Officer to manage the Report Engine and set the scope and criteria for each report.
Final Release
Private & Confidential
Page 112 of 245
TA4451-TAJ
Final Report
December 2006
281
It shall allow the CD Officer to send softcopy of reports to external parties. For example, reports can be sent to other Ministries or foreign counterparts.
282
It shall allow the CD Officer to generate consolidated reports from the central database.
283
It shall allow the Customs Administrator to archive data that are more than 1 year old. Archive data can be in the form of tape backup or external drive backup.
Q.
Excise Control Subsystem 1.
284
Introduction
The Excise Control Subsystem automates the excise stamps department activities. For example, stamp application registration, paying for stamps and securities and issue of stamps on the receipts; to the control of stamps utilization and application closure. 2.
Functional Requirements
285
It shall allow CD Officers to capture and manage excise stamp requests and application. It will also cater for payment and security calculation.
286
It shall allow CD Officers to draft and submit request for stamps production.
287
It shall allow CD Officers to register marks with certain warehouses and keep track of stamps in the warehouses.
288
It shall allow CD Officers to notify importers of the arrival of stamps and their collection schedules.
R.
Currency Control Subsystem 1.
Introduction
289
The Currency Control Subsystem is used by CD Officers to track the export revenue of companies and the validity of payments for imported goods in a foreign currency.
290
It will store and manage the transaction certificates of traders, as well as securing control on the amount that exceeds the contract. 2.
Functional Requirements
291
It shall allow CD Officers to enter and manage transaction certificate data of traders. This includes functions to create, save, view, copy, update, delete and search transaction certificates in the Subsystem.
292
It shall allow CD Officers to review the list of CCDs that are registered under a certain transaction certificate.
293
It shall allow CD Officers to check the juridical capability of the authorized bank.
Final Release
Private & Confidential
Page 113 of 245
TA4451-TAJ
Final Report
December 2006
294
It shall allow CD Officers to inform the National Bank of Tajikistan on the movement of goods and vehicles through Customs border.
295
It shall allow CD Officers to notify the National Bank of Tajikistan of any infringements of the currency legislations by traders.
S.
Common Services 1.
Introduction
296
The Common Services are centralized services used by all Systems in the UAIS server-software. For example the Rule Engine, Reporting Engine etc. They are the building blocks of the UAIS, and are subsystems that can be extended to provide similar functionality to all the Core and Subsystems.
297
In the future, the Common Services may also be used by external systems to the UAIS if a proper interface is agreed upon. 2.
Functional Requirements a.
Access and Password Service
298
The UAIS shall have the Access and Password Service to authenticate users, and to ensure only authorized users have access to the UAIS.
299
Access to authorized Systems or Subsystems is granted according to the user rights set by the Registration and Administration Subsystems.
300
This Service shall also provide support functions to facilitate administration of users’ accounts, as well as, maintenance of users’ profiles and access controls. It shall have the capability of establishing rules that restrict users to only predefined action in the Subsystem.
301
The passwords to the UAIS subsystems shall be encrypted at all times.
302
The Service shall deactivate the user access when the user has failed to login to the UAIS after a number of consecutive attempts. b.
Notification and Alert Service
303
The UAIS shall have the capability to send out letters or circulars to the targeted external recipients.
304
The notification shall be customized in accordance to the respective Subsystem’s requirement and based on a set of common templates with standard Customs header and footer. It shall indicate that this is a system-generated letter and therefore, no signature is required.
305
Authorized CD Officers shall be allowed to maintain their respective templates, such as update of contents in letters and generating new templates based on existing templates.
Final Release
Private & Confidential
Page 114 of 245
TA4451-TAJ
Final Report
December 2006
306
For notification of the public users (e.g. traders and warehouse operators), the Service shall send out the notification via email or e-fax. The Service shall monitor to ensure successful dissemination of the notification to the targeted recipients.
307
For general notification to internal users, alerts are sent instead of letters or circulars. Alerts include email and SMS.
308
The Service shall have the capability to send out short alert messages to the targeted internal recipients via email, SMS, or electronic fax. The alerts will be informal and have no headers or footers of the CD RT. c.
309
System Audit Service
The Service shall ensure all transactions are adequately logged, including the following information: i. ii. iii. iv. v. vi. vii.
Transaction Date; Transaction Time; User id; Name of System accessed; Activity; Any other details of the event; and Reason for event being logged.
310
The audit trails shall be made available to the authorized users, who can retrieve the records either online or from a long-term archive.
311
The average online retention period for the audit trails is 3 months and archive offline for a period of 7 years.
312
The Service shall ensure that the audit trails are not tampered with and alert the respective officers for any security violations and unauthorized access attempts. d.
Rule Engine
313
The UAIS shall have the facility for CD Officers to enter business rules and validation logic for each of the Core and Supporting System.
314
There shall be a depository where rules can be centrally stored, managed, and deployed throughout the System.
315
There shall be a way for CD Officers to specify new rules, or edit existing ones using rule language that is easy to learn. The tool for managing the rules shall be called a Rule Editor.
e.
Report Engine
316
The UAIS shall support both online and batch generation of reports for the CD Officers, in the format and frequency required. This includes ad-hoc and on-demand basis generation of reports.
317
All reports generated shall be accessible by the respective authorized officers online, and allow them to print or download in PDF and Microsoft Excel compatible formats.
Final Release
Private & Confidential
Page 115 of 245
TA4451-TAJ
Final Report
f.
December 2006
Reconciliation Engine
318
The UAIS shall be able to reconcile the cargo manifest data against goods declaration data.
319
It shall trigger the automatic alert mechanisms to inform Customs Administrators of possible discrepancies in goods declaration if the reconciliation fails. g.
Conversion Engine
320
The UAIS shall have the capability to convert one file format to another in real-time.
321
The Customs Administrators shall have the ability to specify the file format to be converted from, and the file format to be converted to, plus the mapping of data between them.
322
The Conversion Engine shall be able to handle XML, UN/EDIFACT, ANSI X12, and user defined flat files.
T.
Messaging Gateway 1.
323
The Messaging Gateway will be used to facilitate data submission and retrieval between various UAIS Systems as well as with external systems. It is a secured server that supports several secured Internet protocols. Data files can be transmitted in or out of the Messaging Gateway. 2.
324
Introduction
Functional Requirements
The Gateway shall support established and commonly adopted industry standards, which include the following: i. ii. iii. iv.
XML UN/EDIFACT ANSI X12 Flat file formats
325
The Gateway shall use open standard network protocols such as TCPIP, SMTP, SNMP, etc.
326
The Gateway shall support secure communications. The following communication protocols shall be supported: i. ii. iii. iv.
327
Secure File Transfer Protocol (SFTP) HTTP over SSL (HTTPS) Open standard secure web services Message-based queue delivery mechanism
All messages that are sent and received by the Gateway shall be guaranteed delivery. In the event that a message is not successfully delivered, the messaging infrastructure shall be able to accept and store messages until the intended recipient is ready to accept the message.
Final Release
Private & Confidential
Page 116 of 245
TA4451-TAJ
Final Report
December 2006
328
The Gateway shall be able to allow monitoring of the messages in transmission to and from all receivers and senders. It shall allow generation of reports and statistics to report on the usage, messages send/receive, success/failure rates on an ad hoc or periodic basis.
329
External parties that the UAIS interfaces with have to provide the following information in order for the messaging infrastructure to exchange information with them: ii. iii. iv. v. vi. vii. viii.
Format of the interface files; Frequency of transfer; Medium for data transfer; Suitable application protocol for the interface; Security of the transmission; Record size, record header and trailer information; and Data items and field structures.
330
The interface with external parties shall be done through the Messaging Gateway.
331
The proposed internal working of the Messaging Gateway is as follows:
Final Release
Private & Confidential
Page 117 of 245
TA4451-TAJ
U.
Final Report
December 2006
Illustration of the Functional Requirements (Use Cases)
Use Case 1: Manifest Control System client-software
Final Release
Private & Confidential
Page 118 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 2: Manifest Control System server-software
Final Release
Private & Confidential
Page 119 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 3: Declaration Control System client-software
Final Release
Private & Confidential
Page 120 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 4: Declaration Control System server-software
Final Release
Private & Confidential
Page 121 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 5: Warehouse Control System client-software
Final Release
Private & Confidential
Page 122 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 6: Warehouse Control System server-software
Final Release
Private & Confidential
Page 123 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 7: Certificate and License Control client-software
Final Release
Private & Confidential
Page 124 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 8: Certificate and License Control server-software
Final Release
Private & Confidential
Page 125 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 9: Registration Subsystem
Final Release
Private & Confidential
Page 126 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 10: Administration Subsystem
Final Release
Private & Confidential
Page 127 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 11: Tariff Nomenclature Subsystem
Final Release
Private & Confidential
Page 128 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 12: Valuation Subsystem
Final Release
Private & Confidential
Page 129 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 13: Customs Conditions Subsystem
Final Release
Private & Confidential
Page 130 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 14: Post-Clearance Subsystem
Final Release
Private & Confidential
Page 131 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 15: Customs Offence Subsystem
Final Release
Private & Confidential
Page 132 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 16: Duty Payment Subsystem
Final Release
Private & Confidential
Page 133 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 17: Fees and Billing Subsystem
Final Release
Private & Confidential
Page 134 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 18: Security Deposit Subsystem
Final Release
Private & Confidential
Page 135 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 19: Risk Management and Intelligence Subsystem
Final Release
Private & Confidential
Page 136 of 245
TA4451-TAJ
Final Report
December 2006
Use Case 20: Customs Statistics Subsystem
Final Release
Private & Confidential
Page 137 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX E PROPOSED ORGANIZATION CHART
Final Release
Private & Confidential
Page 138 of 245
TA4451-TAJ
Final Report
APPENDIX E.
December 2006
PROPOSED ORGANIZATION STRUCTURE
(In view of the introduction of the UAIS, CD RT may have to review and establish a new organization structure to meet the needs of the organization. The organization chart proposed is only a proposal and should be subjected to the review and study to be undertaken by CD RT through the establishment of an Organization and Methods Committee.) A.
Organization Chart of CD RT
HEAD OF CUSTOMS
DEPUTY HEAD ENFORCEMENT
DEPUTY HEAD CORPORATE SERVICES
COMPUTER INFORMATION SYSTEMS DIVISION
TRAINING DIVISION
STATISTICS DIVISION
CORPORATE AFFAIRS DIVISION
CUSTOMS DOCUMENTATION DIVISION
CUSTOMS CONTROL DIVISION
ANTISMUGGLING DIVISION
POST CLEARANCE AUDIT DIVISION
CENTRAL CUSTOMS LABORATORY
HEAD DUSHANBE REGION
HEAD LENINABAD (SUGHD) REGION
HEAD KHATLON REGION
HEAD TURZUNSADE REGION
HEAD GORNO-BADAKSHAN REGION
Final Release
Private & Confidential
Page 139 of 245
TA4451-TAJ
B.
Final Report
December 2006
Organization Chart of Computer Information System Division (CISD)
Head Computer Information Systems Division [1]
Head Systems Development [1]
Pool of System Analysts and Programmers [17] Systems Analyst (2) Programmers (5) Programmers (10) - 2 for each region
Head Systems Maintenance [1]
Head Adminstration [1]
Pool of System Engineer and Programmers [13]
Administration Clerks [2]
Systems Engineer (2) Programmers (3) Systems Operators in Data Center (8) - 2 persons per shift of 8 hours
The Computer Information System Division (CISD) is proposed for the following reasons : (a) (b) (c)
Final Release
To centralize CD RT operations of the UAIS under the Division Will have hands-on practical experience of CD RT requirements and commitment to CD RT objectives Immediate response to systems failure
Private & Confidential
Page 140 of 245
TA4451-TAJ
C.
Final Report
December 2006
Organization Chart of Training Division
Head Training Division [1]
Pool of Trainers [4]
The Training Division is proposed for the following reasons : (a) (b) (c) (d) (e)
To provide regular training on Customs matters To conduct studies on CD RT training needs assessments To provide and coordinate inter-agency training To conduct training to the private sector To coordinate and conduct professional, management and other midmanagement training course for CD RT
Final Release
Private & Confidential
Page 141 of 245
TA4451-TAJ
D.
Final Report
December 2006
Organization Chart of Corporate Affairs Division
Head Corporate Affairs Divivison
Publicity Materials
Public Relations Officers
The Corporate Affairs Division will take charge of promoting the image of the department. The tasks of the Corporate Affairs include : (a) (b) (c) (d)
E.
Enhance the CD RT Website as a medium for providing information to the public To prepare publicity materials such as brochures announcing the new UAIS and other Customs matters To undertake the preparation of replies to queries from the public for submission for approval of Head CD RT or MSRD To arrange and conduct presentations to national and international guests on CD RT and/or arrange programmes for national and international guests
Organization Chart of Customs Documentation Division
Head Customs Documentation Division
Sub Division of Goods Classification and NonTariff Regulation
Non-Tariff Regulations
Final Release
Currency Control
Sub Division of Valuation Regulations
Classification of Goods
Private & Confidential
Duty Payment Accounting
Tariff Regulations
Page 142 of 245
TA4451-TAJ
F.
Final Report
December 2006
Organization Chart of Anti-Smuggling Division
Head Anti-Smuggling Division
Intelligence Sub Division
Investigations Sub Division
Detector Dog Sub Division
Interdiction of Narcotic Drugs Sub Division
The Intelligence Sub- Division is responsible for collection, collating and analyzing information and intelligence received from overseas and locally and from Customs Offences committed. The Intelligence Sub Division will carry out field surveillance, provide support to Investigations Sub Division and the Post Clearance Audit and the Regional Offices as well. Intelligence Sub Division will also be the contact point for RILO CIS receiving, analyzing and providing the necessary statistics to RILO CIS. The Sub Division will provide reports of RILO CIS information to the field offices. The Sub Division will also be responsible for maintaining the Customs Offence Records. After investigations of offences have been completed, the files will be sent to the Sub Division for it to enter data into the Customs Offence Record.
Final Release
Private & Confidential
Page 143 of 245
TA4451-TAJ
G.
Final Report
December 2006
Organization Chart of Posts Clearance Audit Division
Head Post Clearance Audit Division
Risk Management Sub Division
Post Clearance Audit
The Risk Management Sub-Division is responsible for formulating risk assessment, risk analysis and determining the risk level of imports by products, by country of origin, etc. The Sub Division will draw data from all the appropriate computer application sub-systems to develop risk profiles of products, companies and persons.
Final Release
Private & Confidential
Pool of Field Audit Teams
The Post Clearance Audit will have field audit teams to perform audits. Audits can be immediate (alerted by the computer systems on, for example, low values being declared), planned (based on decision to audit by company) and selection by particular product across companies.
Page 144 of 245
TA4451-TAJ
H.
Final Report
December 2006
Organization Chart of Customs Control Division
Head Customs Control Division [1]
Excise Control Sub Division [3]
Head Customs Warehousing Sub Division
Customs Declaration & Security Deposit Sub Division
Administration Support Section Customs Declaration/ ManifestReconciliation Section
Security Deposit Section
Inspection Teams
The Warehousing Division will undertake issue of Customs Warehouse licenses. The officers will carry out inspection of the sites applied for, prepare reports on their findings and seek management approval. The Sub-Division will also conduct inventory control checks on the licensed premises drawing data from the Warehousing Sub System and will initiate action against warehouse operators upon alerts by t he system o r on de te ct in g Cu stoms infringements during their inventory control checks.
Final Release
Private & Confidential
The Customs Declaration Sub Division will be responsible for the maintenance and tracking of use of Customs Declaration, return of Customs declarations to CD RT and Manifest Reconciliation. The Sub Division will also be Custodian of security Deposits and be responsible for requesting addi ti onal secu rit y dep osit s t o be deposited when necessary. The Sub Division will also be responsible for the return of security deposits on finalization of Customs formalities for which the deposits were made.
Page 145 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX F HARDWARE SPECIFICATIONS
Final Release
Private & Confidential
Page 146 of 245
TA4451-TAJ
Final Report
APPENDIX F. A.
December 2006
HARDWARE SPECIFICATIONS
Customs HQ Data Centre 1
General Requirements The room for the Data Centre must be sufficiently big enough to hold current number of network equipments plus various servers and communication equipments. The recommended size of the data centre requires a minimum of 1000 sq ft. The location of the Data Centre is chosen with care whereby it has minimum risks from natural disaster and environment factor. The height of the data centre from the raised floor to the false ceiling has a minimum of 8 ft clearance for the equipments and airflow. Outside the Data Centre, a room with 500 sq ft is used for Network Operation Centre (NOC) where by operator operates 24 x 7 shift. This operation centre staff will monitor equipments availability, server performance and communication links. The NOC staffs will support system engineers and application engineers in simple tasks and monitoring the batch jobs as well as the back up jobs. The NOC staff will adhere to strict control in change management via ISO 9001:2000 and BS 7799 certification. In the event where systems or applications mal function, the NOC staff will center point of contact for escalation to various departments and management team. The NOC staffs will create forms and policies procedures for all operation procedures. In the NOC room, a network management server allows operators to monitor servers, routers and switches. Beside, the NOC, a staging area is required for testing of equipment before it is put up into the production room. This will help to reduce the outage due to spoilt equipment or incorrect configuration of the equipments when it is put into the production area. The staging area is built with enough power socket and workspace for all type testing. The network points in this room are sufficient for multiple equipments to test at the same time. The walls and the partition of the data centre are constructed of fire retarding material. It shall have a minimum of 2 hour fire rating.
2
Data Centre Power The power supply to the data centre and NOC shall come from two different power sources. The two power sources will connect to the two power generators so that when the power supplies cut off the generators will kick in to supply power to the data centre and the NOC. Each generator has an 8hour capacity diesel fuel day-tank. The diesel fuel tank storage capacity of 15,000 liters or more is desirable depending on the calculation of the power consumption per day. The power plant is constructed with soundproof backup area to allow continuous operation without distraction to the community. The generators each operate via parallel switchgear for load sharing and backup system configuration. A pair of UPS with sufficient power rating is connected in parallel to the Data centre and the NOC. This connectivity will allow the power to continuing supply to the equipment without any surge or downtime. The UPS power rating should have sufficient power to supply the equipments for minimum of 30mins. During this time the power generator will automatic start up it operation to generate electricity for the data centre. The power cables that lay to the equipment racks are properly concealed in metal trunking under the raised floor.
Final Release
Private & Confidential
Page 147 of 245
TA4451-TAJ
Final Report
December 2006
UPS
Generator
3
Data Centre Racks All racks supply to the data centre come in 42U 19” EIA full height rack. The racks are mounted with two power strips of ten power sockets supplying to the servers and equipments in the rack. Each rack is supplied with 6.6KVA power supply with 230V 60 Hz single phases. Each power distribution strip connects to different power sources. Hence, any failure from one power source will not affect the power supply to the equipment racks. Each rack is supply with top mounted exhaust fan and four trays for mounting equipments. The racks are enclosed with glass door and secure with locks in front and from the back. The arrangement of the rack shall be flexible to allow rack intervals of 150 cm each for front and rear access. The racks shall be installed with cable management trays for easy cable management.
4
Final Release
Air-conditioning The data centre room need to maintain at the temperature of 19ºc to 20ºc. The air-conditioning units supply to the data centre must have sufficient cooling capacity (BTU) to maintain the data centre at the above temperature for 24 hours operation. The calculation for the cooling capacity need to consider the overall thermal transfer value to the data centre and the NOC, which include heat transmit from light buds, human, glass window, infiltration, servers, routers, switches etc. Three units of air-condition shall be installed for the 24 hours operation, at any one time there will be two units in operation so that one can be off for servicing and standby. The two units of air-conditioner shall have the sufficient cooling capacity to cool and maintain the data centre temperature to 19ºc, and humidity at 60%. The design for the airflow for the air-conditioner shall be take into consideration. Proper design of airflow is depicted as follows:
Private & Confidential
Page 148 of 245
TA4451-TAJ
Final Report
December 2006
Figure 1
The fan coil unit shall have sufficient power to blow the air all the way to the back of the racks so that it is able to cool the equipments behind the room. 5
Raised Floor The raised floor is properly designed to take the load of the various equipments and personal working in the data centre. The stud shown in figure 2 supports the raised floor. The stud is secured (bolted) to the concrete floor so that it shall not be moveable.
Figure 2
The raised floor panels are measure by 61 cm by 61 cm and the vertical clearance under floor height is 46 cm. Each panel shall support at least 455 kg of concentrated load, 2,200kg of axial load and 568 kg of panel rolling load. At the entrance of the data centre a ram slope is constructed for easy access of equipment through trolley. The ramp slope (pitch) should be 1:12. That means that for every inch of raised floor height add 12“ of ramped surface accessing the floor. Example: For a 6" raised floor, a 6-foot ramp would be required to meet ADA Code. A 12” high floor requires a 12’ ramp, an 18” high floor would require an 18’ ramp, etc. A typical ram slope is show in figure 3.
Final Release
Private & Confidential
Page 149 of 245
TA4451-TAJ
Final Report
December 2006
Figure 3
The ram kit shall include: bare concrete filled panels, pedestal bases, ramp swivel pedestal heads, stringers, fasteners, aluminum ADA ramp shoe, galvanized steel bottom angle, ramp threshold, aluminum fascia plate, aluminum fascia trim, non-skid black ramp surface and adhesive. A ramp shoe is the first thing equipment touches when going up a ramp. This heavy duty all aluminum pieces can take years of abuse from equipment caster wheels and personnel traffic. Anchors into your sub floor at the base of the ramp and makes the slope from grade to 1 inch. This ramp shoe is a full 12 inches wide that meets ADA 1:12 requirements for ramped surfaces. Protects the ramp from equipment damage and makes an excellent seamless transition between two surfaces. Figure 4 show picture of RAM shoe.
Figure 4
The data centre allows one entrance from the front and an emergency exit for escape route during emergency. The entrance at the data centre require access mat as show in the figure 5. The access mat shall cover a generous of 4 foot by 6-foot area. The advantages of the access mat are: • • • • • 6
Final Release
Reduce expensive maintenance cost Increases life span of floor Traps water, dirt, sand and oil Easily cleaned Stops harmful particulates from entering the room
Fire Fighting and Detection System (FM-200 System Specification) • The design, fabrication, and installation of the Fire Fighting installation and its components shall be in compliance with the requirements and recommendations of ANSI/NFPA 2001 (2004 edition) • The FM-200 shall interface with the building fire alarm system. • Design of a clean agent fire extinguishing system (FM-200) shall be performed by a currently certified NICET Engineering Technician (NICET Level II or greater) in Fire Protection Engineering Technology. • Submit shop drawings indication detailed layout of system, locating each component. Include control diagrams, wiring diagrams, and written sequence of operation. Private & Confidential
Page 150 of 245
TA4451-TAJ
Final Report
•
•
• • • • •
• • • • • • •
• • • • •
Final Release
December 2006
Submit product data specification of all components used. Include storage cylinders, control valves and pilot controls, control panels, nozzles, pushbutton stations, detectors, alarm bells or horns, switches and annunciators. For total flood hazards, submit design calculations derived from computer program written specifically for clean agent used. Analysis shall include calculations to verify system terminal pressures, nozzle flow rates, piping pressure losses, component flow data, and pipe sizes considering actual and equivalent lengths of pipe and elevation changes. Submit test reports indicating successful completion of tests. Inspect system 6 months and 12 months after substantial completion of project. At each inspection, determine agent contents and pressure, and that system is in proper working order. Include complete checkout of control, detection and alarm systems. Submit documents, certifying satisfactory system conditions. Include manufacturer’s certificate of acceptance of qualifications of Inspectors. Piping materials such as stainless steel or other piping or tubing may be used with approval of the authority having jurisdiction, providing an internal pressure of 300 psi will not cause material stress greater than the materials yield point when calculated according to ANSI B-31.1, Power Piping code All fittings shall have a minimum working pressure of 620 psi, cast iron and Class 150 pound fitting shall not be used. All pipes shall be reamed after cutting so that all burrs and sharp edges are removed. All pipe must be thoroughly cleaned before installation All pipe and fittings installed outdoor or in corrosive areas must be galvanized or treated with a proper protective coating. All screwed pipe shall be coated with Teflon tape or an appropriate pipe joint compound. An experienced welder must perform all welding. Threaded valves such as selector valves, check valves, and solenoid valves shall be installed with a union immediately downstream. Valves having more than two connection points such as shuttle valves and pilot valves shall be installed with union adjacent to the valve in each connection line. Pipe connections to equipment items such as discharge delay devices, pressure switches, etc., shall have a union adjacent to the equipments. Piping to pressure releases shall be as specified above for discharge piping. All take-offs for pressure release piping shall be from the top of the discharge piping. Rigid hangers are required wherever a change in direction or change in elevation in the piping system occurs. All hangers shall be fabricated of steel. All piping shall be attached to rigid hangers by means of U-bolts locked with double nuts, one on each side of hanger. The distance between hangers shall follow the tables
Private & Confidential
Page 151 of 245
TA4451-TAJ
Final Report
• •
Final Release
December 2006
The cylinder shall be fitted with an approved valve design and shall have a threaded steel anti-recoil protective cap. The cylinder shall be mounted in freestanding steel racks or on solid wall and shall be arranged to allow a service aisle for cylinder removal and cylinder weighing. Private & Confidential
Page 152 of 245
TA4451-TAJ
Final Report
• • • • • • • •
B.
December 2006
Each cylinder shall be fitted with a pressure operated discharge valve that includes an integral safety relief device that serves to protect cylinder against excessive internal pressure. Each valve shall be provided with a removable pressure gauge. The smoke detector located in the hazard area will signal the control panel for automatic release of FM-200 gas. Before this operation, the control panel shall sound appropriate alarms to evacuate the hazard area. The nozzles shall be supplied in quantities sufficient to properly cover the areas being protected in accordance with NFPA 2001 Nozzles shall be of corrosion resistant construction and shall be designed specifically for FM-200 system. Electrically actuated fire alarm horns shall be furnished and installed. Alarms shall be adequate to alert Data Centre personnel located in the protected areas. The control panel shall be programmable such that an adequate predischarge alarm period can be set at the time of system test to ensure personnel safety.
Customs HQ 1
Router A router device that will ensure routing of all the connections for the offering of services to be given over UAIS shall be supplied. This router shall have the capacity and capabilities to ensure UAIS services to be established. This router shall have the following features.
Final Release
(i)
The router shall connect to the service provider without any problem
(ii)
Power source and fan shall have spares. Power source shall be capable of working by sharing the load and they shall be hot swappable.
(iii)
The router shall support operation between 100 – 240V AC or -24V to -60VDC
(iv)
The router shall have at least 2 numbers of 10/100/1000 Mbps Ethernet ports
(v)
The router shall have minimum of 6 slots
(vi)
An external flash memory shall be found on the router by default
(vii)
The router shall be manageable by TELNET, Console and graphic user interface.
(viii)
The router shall support WAN connection.
(ix)
The throughput value of the router shall be specified and the throughput value of the device in question shall be at least 10 Mpps.
Private & Confidential
Page 153 of 245
TA4451-TAJ
2
Final Release
Final Report
December 2006
(x)
The router shall have a CLI providing a secure and easy entry of the commands to the running system.
(xi)
The router shall have the characteristic of easily returning to previous configuration from the carried out configuration.
(xii)
The router device shall support Layer 2 and Layer 3 protocols as well as ARP, IPCP, IP forwarding, IP host, IP multicast, TCP, Telnet, TFTP, UDP, transparent bridging, VLAN, MPLS and IPv6 protocols.
(xiii)
The routing device shall support Layer 3 routing protocols as well as IS-IS, OSPF, BGP, PIM and RIP protocols
(xiv)
The router device shall support Network Management and security protocols as well as CHAP, FTP, RADIUS, SNMP, PAP protocols.
(xv)
The router device shall have RFC 1483 (Multiprotocol Encapsulation over ATM AAL5), RFC 1577(Classical IP and ARP over ATM AAL5) protocol support
(xvi)
The router device shall have ARP, RARP, BOOTP, ICMP support
Core Switch (i)
The core switch shall work in pair in the system.
(ii)
The core switch shall have a minimum of 16 pieces of Fiber Gigabit Ethernet port and minimum of 36 piece of 10/100/1000 copper Ethernet ports
(iii)
The backplane capacity of the switches to be used shall be minimum 200Gbps (non-blocking). Also all offered port shall work with wirespeed.
(iv)
The pair of core switch connect to each other shall support 4Gbps
(v)
The core switches are modular chassis and it should be possible to use its slots for Fast Ethernet or Gigabit Ethernet when required.
(vi)
The core switches to be used shall work redundant both within themselves (e.g. power supplies and control unit) and with each other. In the event that any of the units (as the power supply and control unit) or the switch chassis can not continue its services, the other one should without any interruption continue the service without any decrease in the performance and without falling down the throughput value.
(vii)
It shall have L3 support. It shall be possible to use it for VLAN routing purposes. It should have the features of static routing and all kinds of dynamic routing (RIP, OSPF, BGP etc.).
(viii)
It shall have SSH v2 feature
Private & Confidential
Page 154 of 245
TA4451-TAJ
Final Report
December 2006
(ix)
The pair of core switches will backup each other in terms of both L2 and L3. It should ensure Spanning Tree (IEEE 802.1d and all the IEEE 802.1x, 802.1w, 802.1s, 802.1q all of which speed spanning tree up or all their equivalents at different standards (provided that those standards shall be stated as well) features in order to provide L2 redundancy. In the same way, it shall support VRRP or a similar protocol in order to support L3 redundancy.
(x)
It must be possible to assign QoS parameters to the ports.
(xi)
It shall have Multicast support.
(xii)
There shall not be any service interruption; when an error occurs in the software, there shall have a go back feature (going back to the last working configuration).
(xiii)
802.1p traffic priority appointment and, in order to prevent package loss in ports that are used intensively, 802.3x (flow control) standard shall be supported. It shall be possible to identify these features separately for each port.
(xiv)
It shall have 802.3ad Link aggregation feature.
(xv)
It shall support SNMP and RMON standards.
(xvi)
It shall have port mirroring support to be able to perform detailed realtime traffic analysis.
(xvii)
It shall have IEEE 802.1q VLAN support.
(xviii) It shall have RFC 1757 RMON (groups 1, 2, 3, 9) support. (xix)
It shall have RADIUS support and whether it has TACACS support shall be specified.
(xx)
Power supplies shall be redundant. In the event of a breakdown, the spare power supply shall be put in use without the operation is been interrupted.
(xxi)
Restart shall not be required during loading of the patches or corrections and for these to be actively used.
(xxii)
Switches shall support hardware based and more than one priority queues.
(xxiii) Switches shall support ruling according to MAC address, thus it shall be possible to inspect access to the network by unauthorized users. (xxiv) The switches shall block ARP Spoofing. They shall support static and/or dynamic ARP entry. (xxv)
Final Release
Management subsystem or card shall be redundant and in the event of a breakdown, the spare management card shall be put in use without booting and interrupting the operation. The existing switching traffic shall not be interrupted in the time that passes until the spare Private & Confidential
Page 155 of 245
TA4451-TAJ
Final Report
December 2006
management card is put in use and transfer duration shall be stated in terms of milliseconds. (xxvi) It shall support source based routing or policy based routing. (xxvii) The switches shall allow management from Telnet, SNMP, Web and consol ports. (xxviii) IPv6 routing support shall be provided natively. (xxix) The switches shall have the power to be able to work wire-speed even when all the ports are fully populated on the subsystem. (xxx)
The user interface shall be manageable by the web-based management panel. The management software required for management shall be proposed. It shall be possible to perform all configuration operations with this management software.
(xxxi) The switch shall support access control list. (xxxii) The switch shall support Jumbo frame. 3
4
Final Release
Access Switch & DMZ switch (i)
The switches shall be redundant.
(ii)
Each switch device shall be offered with its spare power source.
(iii)
At least 24 of 10/100/1000 Base-T ports
(iv)
The switch device shall have minimum 12 Gbps non-blocking switch fabrics and 1.8 Mpps wire-speed switching throughput value.
(v)
There shall be VLAN support.
(vi)
It shall be manageable.
(vii)
It shall have 802.3ad Link aggregation feature.
(viii)
It shall/should be managed with a web based management console.
Firewall (i)
Firewalls with redundancy shall be offered to the system.
(ii)
In case that it is package or server based, it shall have power source spare.
(iii)
There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site-to-site VPN support on the firewall.
(iv)
Whether the firewall has static packet filtering, dynamic packet filtering and proxy firewall feature shall be specified. Private & Confidential
Page 156 of 245
TA4451-TAJ
5
Final Release
Final Report
December 2006
(v)
The firewall shall be with an active-active load sharing or activepassive structure. If it is positioned in active-passive structure, the other firewall shall continue to work without loading the configurations back from any backup in case that the active firewall has become disabled.
(vi)
The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)
(vii)
Firewall shall support an unlimited number of users.
(viii)
The firewall to be offered should have at least two of TSE ISO 15408, Common Criteria Evaluation Assurance Level 4 (EAL4), FIPS 140-1 Level 2, ICSA, ITSEC E3, VPNC certificates.
(ix)
Access inspection shall be possible according to stateful inspection on the packets coming and going between the target and the source.
(x)
It shall be able to limit the number of premature connections in order to decrease the effects of DoS and DDoS attacks.
(xi)
It shall be capable of performing identity verification server over the external database, to the systems which if provide security to the once who require to access services such as Radius, TACACS, SecureID, LDAP etc.
(xii)
It shall be capable of performing Network Address Translation (NAT). It shall be able to hide Internet addresses of internal machines and ensure access to external networks through a single IP address.
(xiii)
It shall have H323 NAT Traversal support.
(xiv)
Firewall throughput of 300Mbps and above
(xv)
Concurrent session of 50,000
(xvi)
IPSec VPN peers sessions of 250
(xvii)
It should have logging and monitoring features
Network-Based Active Defense System (i)
IDS/IPSs shall be package or card based. The products of two different manufacturers shall be used in the 1st layer and the solutions of any of these two different manufacturers shall be used in the second and the third layer.
(ii)
Signature updates shall be automatically performed from the Internet and the sensors shall be downloaded automatically.
(iii)
The IDS/IPS to be offered shall have minimum the following characteristics. The Tenderer shall offer products with higher characteristics. Private & Confidential
Page 157 of 245
TA4451-TAJ
Final Release
Final Report
December 2006
(iv)
The Tenderer shall offer sufficient amount of device by considering that the firewall throughput and that the IDS/IPS’s will work as in-line.
(v)
In case that it is package or server based, it shall have power source spare.
(vi)
IDS/IPS shall work as in-line if requested.
(vii)
TCP reset or blocking should be applied for suspicious packages, whether Trojan or not, passing through any standard port such as HTTP port which has to be open.
(viii)
New policies should be defined in IDS/IPS and attack definition automatically and manually should be performed.
(ix)
It should send an alarm to the console in case of an attack (with SNMP or its own protocol), monitor the active session, perform reporting, log the packages coming from the attack points.
(x)
For the known attacks such as Syn attack, ICMP flood, port scan, tear_drop, it should be capable of disconnecting TCP connection by reducing the package when the attack is received and should send an alarm to the system administrator with e-mail, SNMP or syslog.
(xi)
It shall have fail-open (automatic by-pass) feature.
(xii)
It shall work according to the attack signature and protocol/application anomalies determination essential (Hybrid mode). While working according to the protocol/application anomalies determination essential it should monitor the traffic as stateful and it should perform IP defragmentation, combining of TCP traffic (stream reassembly), protocol analysis and parsing, asymmetric traffic analysis and protocol normalization.
(xiii)
It should determine Unicode and Whisker attacks.
(xiv)
The following attacks should be determined and prevented: •
Sweep and flood
•
DoS
•
Worm-virus
•
CGI and WWW attacks
•
Buffer floods
•
RPC attacks
•
ICMP attacks
•
E-mail attacks such as SMTP, IMAP, POP3
•
FTP, SSH, Telnet, rlogin attacks
•
DNS attacks
Private & Confidential
Page 158 of 245
TA4451-TAJ
6
Final Release
Final Report
•
TCP hijack attacks
•
Backorifice and similar backdoor attacks
•
Windows and NetBIOS attacks
•
NTP attacks
•
P2P file sharing applications
December 2006
(v)
There should be SSL, SSH support for secure communication with the management subsystem, the attack defining packages should be sent to the management center by being encrypted.
(vi)
When an attack is performed, it shall have the “Forensic” data collection feature that ensures the collection of the proofs assisting in the commencement of a legal process by determining the source, type, size and the access area of the attack.
VPN (i)
The VPN to be offered shall be separate package or server or card based and it shall be offered redundant.
(ii)
In case of the VPN to be offered as package or server based; it shall have power source spare.
(iii)
The specifications of the VPN package shall be specified in detail.
(iv)
That the encryption operations are performed with Hardware Crypto Accelerator cards shall be a matter of preference.
(v)
The VPN solution to be proposed shall support at least 2000 siteto-site tunnels and the maximum client-to-site tunnel supported shall be stated.
(vi)
The throughput value for the packages been encrypted with DES in the VPN or with one or more package shall be minimum 145 Mbps.
(vii)
Packet encryption with DES, 3DES, AES algorithms shall be possible.
(viii)
It shall support IPSec standards. Supported IPSec identity verification methods shall be stated. (SHA-1, MD5, PKI, SCEP (Automated certificate enrollment), OCSP (Online Certificate Status Protocol) etc.).
(ix)
Software/hardware required for the management of VPN packages shall be included in the proposal and for this software/hardware, pricing per site/client shall not be made.
(x)
Remote connections and LAN-to–LAN connections shall be monitored on the monitoring screen.
Private & Confidential
Page 159 of 245
TA4451-TAJ
7.
Final Report
December 2006
(xi)
Even if there is a device performing NAT in between, in order for IPSec not to break, NAT transparency shall be ensured through TCP or UDP encapsulation.
(xii)
All tunneling operations to be made on VPN shall be made on network layer.
Load Balancer (i)
Minimum of 8 x 10/100 Base-T ports
(ii)
Should be able to work in active-standby or active-active mode
(iii)
Should be able to be managed via telnet, ssh, http or https.
(iv)
Should be able to achieve 200k or more concurrent sessions
(v)
Should be rack mountable
(vi)
Should support TCP, UDP, and IP application server load balancing support, including HTTP (persistent and non-persistent), FTP, SSL, SMTP, POP, IMAP, DNS, Telnet, and others
(vii) Should support the following protocols: • • • • • • • • • • • • • • • • • •
8.
10/100/1000 Base-TX (IEEE 802.3) 1000Base-SX/LX (IEEE 802.3) Spanning Tree (IEEE 802.1d) Logical link control (IEEE 802.2) Flow control (IEEE 802.3x) Link negotiation (IEEE 802.3z) VLANs (IEEE 802.1Q) Frame tagging (IEEE 802.1Q) on all ports when VLANs enabled SNMP IP RIPv1 BGP v4 OSPF TFTP (RFC 783) BootP (RFC 1542) BootP (RFC 951) Telnet (RFC 854) EtherChannel-compatible trunking
Servers (i)
All servers shall work with load balancing basis or redundant.
(ii)
All servers (Web, Application and Database) should be of the same brand.
(iii)
All servers within the solution shall be mountable to the rack cabinet.
Web Servers
Final Release
Private & Confidential
Page 160 of 245
TA4451-TAJ
Final Report
December 2006
(i)
The web server shall have minimum of one CPU processor. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed.
(ii)
The web server processor should have the characteristics of 64 bit memory addressing and Simultaneous Multi Threading.
(iii)
The web server shall be at least 2 GB DDR2 RAM with ECC protection on the system and upgradeable to 8 GB of main memory shall be installable for the expansion of the system.
(iv)
Memory DIMM’s should be capable of backup (DIMM sparing)
(v)
There shall be Online Spare Memory support
(vi)
There should be Memory Mirroring feature.
(vii)
The web server shall be 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 72 GB on the server.
(viii)
The disks on the web server shall be configured as RAID1. The system architecture shall support Raid 0, 1 and 0+1.
(ix)
There shall be a remote management card on the web server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.
(x)
There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex.
(xi)
There shall be PCI-X or PCI Express slots for expanding the web servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the systems in question.
(xii)
The web server power sources shall be hot swap redundant and redundant, and the cooling fans shall be redundant.
(xiii)
There shall be at least 2 USB, 1 serial, keyboard and mouse entries on the web server.
Application Server
Final Release
(i)
The application server shall have minimum 2 or more processors. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed. The processor should have the characteristics of 64 bit memory addressing and Simultaneous Multi Threading.
(ii)
The application server shall be at least 4 GB DDR2 RAM with ECC protection on the system and at least up to 12 GB of main memory shall be upgradeable for the system.
(iii)
Memory DIMM’s should be capable of backup (DIMM sparing) Private & Confidential
Page 161 of 245
TA4451-TAJ
Final Report
December 2006
(iv)
There shall be Online Spare Memory support.
(v)
There should be Memory Mirroring feature.
(vi)
There shall be minimum 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 72 GB on the application server.
(vii)
The application server shall be a hot-swap disk slot that minimum 4 disk would be installed by considering the expandability of the system.
(viii)
The disks on the application server shall be configured as RAID 1. The system architecture shall support Raid 0, 1, 0+1 and 5.
(ix)
There shall be a remote management card on the application server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.
(x)
There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex on the application server.
(xi)
There shall be PCI-X or PCI Express slots for expanding the application servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the systems.
(xii)
The application server power source and cooling fans shall be hotswap redundant and redundant.
(xiii)
The application server shall be at least 2 USB, 1 serial, keyboard and mouse entries on the server.
Database Server
Final Release
(i)
The database server shall have minimum 2 or more processors. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed. The processor should have the characteristics of 64 Byte memory addressing and Simultaneous Multi Threading.
(ii)
The database servers shall be at least 8 GB DDR2 RAM with ECC protection on the system and at least up to 12 GB of main memory shall be upgradeable for the system.
(iii)
Memory DIMM’s should be capable of backup (DIMM sparing).
(iv)
There shall be Online Spare Memory support.
(v)
There should be Memory Mirroring feature.
(vi)
There shall be minimum 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 360 GB on the database server before any RAID.
(vii)
The database servers shall be in RAID 5, & RAID 0+1. Private & Confidential
Page 162 of 245
TA4451-TAJ
Final Report
December 2006
(viii)
There shall be a remote management card on the database server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.
(ix)
There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex on the database server.
(x)
There shall be PCI-X or PCI Express slots for expanding the database servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the database systems.
(xi)
There shall be redundant power sources and cooling fans on the database servers.
Development/ Testing Server
Final Release
(i)
The Development and testing servers shall install in a separate network that will not impact on the production segment during testing.
(ii)
The Development/Testing server shall have minimum of one CPU processor. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed.
(iii)
The Development/Testing server processor should have the characteristics of 64 bit memory addressing and Simultaneous Multi Threading.
(iv)
The Development/Testing server shall be at least 2 GB DDR2 RAM with ECC protection on the system and upgradeable to 8 GB of main memory shall be installable for the expansion of the system.
(v)
The Development/Testing server shall be 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 72 GB on the server.
(vi)
The disks on the Development/Testing server shall be configured as RAID1. The system architecture shall support Raid 0, 1 and 0+1.
(vii)
There shall be a remote management card on the Development/Test server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.
(viii)
There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex.
(ix)
There shall be PCI-X or PCI Express slots for expanding the Development/Testing servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the systems in question.
Private & Confidential
Page 163 of 245
TA4451-TAJ
Final Report
December 2006
(x)
The Development/Testing server power sources shall be hot swap redundant and redundant, and the cooling fans shall be redundant.
(xi)
There shall be at least 2 USB, 1 serial, keyboard and mouse entries on the Development/Testing server.
(xii)
The Development/Testing server shall install with 64-bit UNIX or LINUX Operating system
Mail Cluster server (i)
The mail servers shall be at least 8 GB DDR2 RAM with ECC protection on the system and at least up to 12 GB of main memory shall be upgradeable for the system. • • •
Final Release
Memory DIMM’s should be capable of backup (DIMM sparing). There shall be Online Spare Memory support. There should be Memory Mirroring feature.
(ii)
There shall be minimum 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 360 GB on the database server before any RAID.
(iii)
The mail servers shall be in RAID 5, & RAID 0+1.
(iv)
The mail Cluster servers shall have minimum 4 or more processors with minimum 3.4 GHz speed and 2 MB cache in x86 server architecture. The processor should have the characteristics of 64 Byte memory addressing and Simultaneous Multi Threading.
(v)
There shall be a remote management card on the mail server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.
(vi)
There shall be minimum 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex on the database server.
(vii)
There shall be PCI-X or PCI Express slots for expanding the database servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the database systems.
(viii)
There shall be redundant power sources and cooling fans on the database servers.
(ix)
2 pieces of Fiber Channel cards each having a port at 2 GBPS speed on the servers to be connected to SAN system shall be found.
(x)
The server shall install with windows 2003 enterprise operating system or above with clustering capability.
(xi)
The Mail server shall be installed with exchange 2003 or higher edition with the clustering capability (Exchange enterprise edition).
Private & Confidential
Page 164 of 245
TA4451-TAJ
9.
Final Report
December 2006
Disk Storage Subsystems for Clusters and Servers Two (2) Identical Subsystems of Storage Servers each of following requirements: Performance Requirements: Data Transfer Rate ≥ 1500 MB/Sec (+/10%) IO/sec ≥ 500000 (+/- 10%) Note: Performance can be achieved in combination of few storage server devices, but single device is more preferable. Managements Software:
Multi-Path Failover/Load-Balancing Cluster Storage Management Software Point-in-Time (Instant) Copy Software/License Host Access Security- License for 8 Hosts
Architecture:
FiberChannel - 2Gbit (4GBit more preferable) Dual/Redundant RAID Processors Design
Cache:
4GB (or more), battery backed
Host Ports:
Eight (or more) 2Gbit FC, Optical (4GBbit ports are more preferable)
Disk Capacity Expansion:
up to 200 Hot-Swap Drives
Disk Drives Support:
10.
FC-73GB/10K, FC-73GB/15K, FC-146GB/10K, FC-146GB/15K, FC300GB/10K, SATA-250GB/7.2K
Installed Disk Drives:
Twelve 146GB 10K RPM Hot-Swap Hard Disks Sixteen 73GB 15K RPM Hot-Swap Hard Disks
Disk Drives Interface:
2Gbit FiberChannel (or 4Gbit)
RAID Levels Support:
0, 1, 3, 5 and 0+1
Connectivity License:
Support all above listed server’s Operating Systems
Power Redundancy:
Two (or more) Power Supplies
Chassis:
Rack Mountable
SAN Switches for Main Cluster and Main Storage Subsystems Two (2) Identical SAN Switches, each of following requirements:
Final Release
Private & Confidential
Page 165 of 245
TA4451-TAJ
11.
Final Report
December 2006
Architecture:
FiberChannel - 4Gbit
Ports:
Sixteen FC/SW 4Gbit Ports
Cables:
Eight 5m FC Optical Cables Eight 25m FC Optical Cables
Security Features:
Advanced Zoning
Chassis:
Rack Mountable
Tape Library One (1) Tape Library of following requirements:
12.
13.
Managements Software:
Automated Network Backup Software Automated SAN Backup Software Library Management Software
Architecture:
LTO Generation-3
Drives:
Two (or more) LTO Generation-3 Tape Drives
Host Interface:
2GBIT FiberChannel
Tape Slots:
Thirty (or more)
Cartridges:
70x LTO-3 Data & 4x LTO Cleaning Cartridges
Chassis:
Rack Mountable
Racks Form Factor:
19”, 42U, Enterprise Depth
Doors:
Lockable Front, Rear Doors and Sidepanels
Power Distribution Units:
Four 9-Plug Power Distribution Units
Console:
Console Tray w/ 15” TFT Screen & Keyboard 2X8 Ports Console Switch w/ Eight KVM Cables
UPS Two (2) Sets of UPS’es and Racks, each of following configuration:
Final Release
UPS Power Capacity:
Two 5KVA (10KVA Total)
UPS Powerless Runtime:
Not less than 45 minutes
Private & Confidential
Page 166 of 245
TA4451-TAJ
Final Report
December 2006
UPS Management Software: Power Management/Auto-shutdown Software (Compatible to all Operating Systems installed at above specified servers) Rack for UPS and Batteries: 20–30U Rack Rack PDU: C.
High-Voltage input PDU
Regional Office 1
Router A router device that will ensure routing of all the connections for the offering of services to be given over UAIS shall be supplied. This router shall have the capacity and capabilities to ensure UAIS services to be established. This router shall have the following features.
Final Release
(i)
The router shall connect to the service provider without any problem
(ii)
Power source and fan shall have spares. Power source shall be capable of working by sharing the load and they shall be hotswappable.
(iii)
The router shall support operation between 100 – 240V AC or -24V to -60VDC
(iv)
The router shall have at least 2 numbers of 10/100/1000 Mbps Ethernet ports
(v)
The router shall have minimum of 2 slots
(vi)
An external flash memory shall be found on the router by default
(vii)
The router shall be manageable by TELNET, Console and graphic user interface.
(viii)
The router shall support WAN connection.
(ix)
The throughput value of the router shall be specified and the throughput value of the device in question shall be at least 10 Mpps.
(x)
The router shall have a CLI providing a secure and easy entry of the commands to the running system.
(xi)
The router shall have the characteristic of easily returning to previous configuration from the carried out configuration.
(xii)
The router device shall support Layer 2 and Layer 3 protocols as well as ARP, IPCP, IP forwarding, IP host, IP multicast, TCP, Telnet, TFTP, UDP, transparent bridging, VLAN, MPLS and IPv6 protocols.
(xiii)
The routing device shall support Layer 3 routing protocols as well as IS-IS, OSPF, BGP, PIM and RIP protocols
Private & Confidential
Page 167 of 245
TA4451-TAJ
2
Final Release
Final Report
December 2006
(xiv)
The router device shall support Network Management and security protocols as well as CHAP, FTP, RADIUS, SNMP, PAP protocols.
(xv)
The router device shall have RFC 1483 (Multiprotocol Encapsulation over ATM AAL5), RFC 1577(Classical IP and ARP over ATM AAL5) protocol support
(xvi)
The router device shall have ARP, RARP, BOOTP, ICMP support
Firewall (i)
Firewalls working redundant shall be offered to the system.
(ii)
In case that it is package or server based, it shall have power source spare.
(iii)
There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site to site VPN support on the firewall.
(iv)
Whether the firewall has static packet filtering, dynamic packet filtering and proxy firewall feature shall be specified.
(v)
The firewall shall be with an active-active load sharing or activepassive structure. If it is positioned in active-passive structure, the other firewall shall continue to work without loading the configurations back from any backup in case that the active firewall has become disabled.
(vi)
The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)
(vii)
Firewall shall support an unlimited number of users.
(viii)
The firewall to be offered should have at least two of TSE ISO 15408, Common Criteria Evaluation Assurance Level 4 (EAL4), FIPS 140-1 Level 2, ICSA, ITSEC E3, VPNC certificates.
(ix)
Access inspection shall be possible according to stateful inspection on the packets coming and going between the target and the source.
(x)
It shall be able to limit the number of premature connections in order to decrease the effects of DoS and DDoS attacks.
(xi)
It shall be capable of performing identity verification server over the external database, to the systems which if provide security to the once who require to access services such as Radius, TACACS, SecureID, LDAP etc.
(xii)
It shall be capable of performing Network Address Translation (NAT). It shall be able to hide Internet addresses of internal
Private & Confidential
Page 168 of 245
TA4451-TAJ
Final Report
December 2006
machines and ensure access to external networks through a single IP address.
3
4
Final Release
(xiii)
It shall have H323 NAT Traversal support.
(xiv)
Firewall throughput of 150Mbps and above
(xv)
Concurrent session of 50,000
(xvi)
IPSec VPN peers sessions of 250
Switch (i)
At least 24 of 10/100/1000 Base-T ports
(ii)
The switch device shall have minimum 12 Gbps non-blocking switch fabrics and 1.8 Mpps wire-speed switching throughput value.
(iii)
There shall be VLAN support.
(iv)
It shall be manageable.
(v)
It shall have 802.3ad Link aggregation feature.
(vi)
It shall/should be managed with a web based management console.
(vii)
IPv6 routing support shall be provided natively.
VPN (i)
The VPN to be offered shall be separate package or server or card based and it shall be offered redundant.
(ii)
In case of the VPN to be offered as package or server based; it shall have power source spare.
(iii)
The specifications of the VPN package shall be specified in detail.
(iv)
That the encryption operations are performed with Hardware Crypto Accelerator cards shall be a matter of preference.
(v)
The VPN solution to be proposed shall support at least 2000 siteto-site tunnels and the maximum client-to-site tunnel supported shall be stated.
(vi)
The throughput value for the packages been encrypted with DES in the VPN or with one or more package shall be minimum 145 Mbps.
(vii)
Packet encryption with DES, 3DES, AES algorithms shall be possible.
Private & Confidential
Page 169 of 245
TA4451-TAJ
D.
Final Report
December 2006
(viii)
It shall support IPSec standards. Supported IPSec identity verification methods shall be stated. (SHA-1, MD5, PKI, SCEP (Automated certificate enrollment), OCSP (Online Certificate Status Protocol ) etc.).
(ix)
Software/hardware required for the management of VPN packages shall be included in the proposal and for this software/hardware, pricing per site/client shall not be made.
(x)
Remote connections and LAN-to–LAN connections shall be monitored on the monitoring screen.
(xi)
Even if there is a device performing NAT in between, in order for IPSec not to break, NAT transparency shall be ensured through TCP or UDP encapsulation.
(xii)
All tunneling operations to be made on VPN shall be made on network layer.
Border Posts 1.
2.
Final Release
Router (i)
The router shall have the relevant WAN connection. For border post with leased line connection, the router shall support serial connection. For those with ADSL connection, the router should have the interface to provide the connection.
(ii)
The router shall support operation between 100 – 240V AC or -24V to 60VDC
(iii)
The router shall have at least 2 numbers of 10/100/1000 Mbps Ethernet ports
(iv)
The router shall be manageable by TELNET, Console and graphic user interface.
(v)
The router device shall support Layer 2 and Layer 3 protocols as well as ARP, IPCP, IP forwarding, IP host, IP multicast, TCP, Telnet, TFTP, UDP, transparent bridging, VLAN.
(vi)
Can have integrated firewall feature.
Firewall (i)
Shall have a minimum of 2 x 10/100 Base-T Ethernet ports
(ii)
Minimum throughput of 50Mbps
(iii)
The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)
Private & Confidential
Page 170 of 245
TA4451-TAJ
3.
Final Report
December 2006
(iv)
There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site to site VPN support on the firewall.
(v)
Logging and monitoring features
Switch (i)
At least 24 of 10/100/1000 Base-T ports
(ii)
The switch device shall have minimum 12 Gbps non-blocking switch fabrics and 1.8 Mpps wire-speed switching throughput value.
(iii)
There shall be VLAN support.
(iv)
It shall be manageable.
(v)
It shall have 802.3ad Link aggregation feature.
(vi)
It shall/should be managed with a web based management console.
VPN Client
Final Release
(i)
Support for Windows 98, NT 4.0, 2000, XP, and ME; Linux (Intel); Solaris (UltraSparc 32- and 64-bit); and Mac OS X 10.2, 10.3, and 10.4.
(ii)
Integrated with personal firewall.
(iii)
Can be preconfigured for mass deployment.
(iv)
VPN access policies can be downloaded from the central VPN appliance and pushed to the client
(v)
Support tunneling protocols, including ESP, PPTP, L2TP/IPSec, Network Address Translation (NAT), Transparent IPsec, Ratified IPsec/UDP, IPsec/TCP
(vi)
Support encryption/Authentication protocols, including IPsec (ESP) using Data Encryption Standard (DES)/Triple DES (3DES) (56/168-bit) or AES (128/256-bit) with MD5 or SHA
(vii)
Support key management protocols, including Internet Key Exchange (IKE)-Aggressive and Main Mode (Digital certificates) Diffie-Hellman (DH) Groups 1, 2, and 5 Perfect Forward Secrecy (PFS) Rekeying.
(viii)
Support Data compression
(ix)
Support digital certificates
Private & Confidential
Page 171 of 245
TA4451-TAJ
Final Release
Final Report
December 2006
(x)
Support authentication protocols, including RADIUS, Keberos, Active Directory, Microsoft NT domain.
(xi)
Provide support for Domain Name System (DNS) including DDNS/DHCP computer name population, Split DNS, Windows Internet Name Service (WINS), and IP address assignment
Private & Confidential
Page 172 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX G PROCESSES FOR SOFTWARE DEVELOPMENT & QUALITY ASSURANCE
Final Release
Private & Confidential
Page 173 of 245
TA4451-TAJ
APPENDIX G.
Final Report
December 2006
PROCESSES FOR SOFTWARE DEVELOPMENT AND QA
A.
Processes
1
The table shows the processes and its deliverables and the quality assurance (QA) records.
S/no 1
2
3
Process Products Requirements Development • Software and Management Requirement Specifications • Software Requirements Traceability Matrix Software Design Design Specifications • System Architecture Design • High level Design • Detailed Design Software Coding
•
Program Specifications
• •
4
Software Testing
Unit Test plan, Unit Test specifications • Unit test results Test plan, test specifications, test scripts, test results – • • • •
5
Software Release and System Commissioning
• • • •
6
Project Management
Final Release
Quality records Review records Requirement Specifications
of
Review records of Design specifications
Code review report
Review records of Unit Test plan and specifications Review records for test plan, specifications and scripts
Integration Testing System Testing Quality Assurance Testing User Acceptance Testing Implementation Plan User manual System Operations manual Post implementation review report
Project Management Plan
Private & Confidential
Review records of Implementation plan and manuals Customer acceptance of the product
Review project plan
records of management
Page 174 of 245
TA4451-TAJ
Final Report
December 2006
7
Software Configuration
Change Software Configuration Plan
Change Review records of Software Change Configuration Plan
8
Software Management
Change Change Requests
Change Requests are approved by CCB. Functional Configuration Audit report
9
B.
Software Quality Assurance
Quality Assurance Plan
Physical Configuration Audit report Software Quality Assurance audit report
Development Processes
1
Requirements Development and Management
2
The goal of Requirements Development is to aid human understanding of the systems and the problem domain. Requirements represent “what” the Customer needs in the end product. This process element focuses on discovering and understanding the requirements allocated to software, after which the Software Design process can start.
3
This process element does requirements analysis and reviews and a software requirements specifications (SRS) is produced. Besides the functional requirements, the SRS should also include interface, performance and security requirements.
4
The initial baseline for requirements is established after the sign-off of the SRS from the customer. When there are some new requirements or changes to the existing requirements, the process of Software Change Management is applied.
5
To manage requirements, it is essential to produce a software requirements traceability matrix that ensures that the all requirements are taken care of in the final design and the software product.
Final Release
Private & Confidential
Page 175 of 245
TA4451-TAJ
2 6
Final Report
December 2006
Software Design
The goal of Design is to generate a description of “how” to synthesize software that behaves in accordance with the requirements analysis models and meets all the system requirements. This process element helps create the program specification through a two or more step transformation of the requirements into a high level design, and subsequently into a detailed design.
System Design Application Design
Architectural High
Level
Describes the high level structure of the system that includes the external components to be used. • Also called as Application Architectural Design, Application High Level Design makes use of SRS to decompose the system into sub systems and subsystems for ease of development and to make the system easily maintainable. •
Application High Level Design Documents includes the following: o o
Detailed Design
Component Diagram Deployment Diagram
Refers to the following Detailed Design Documents: o o o o o o o
Sequence Diagrams Program Specification Class Diagrams Database Design Specifications Use Interface Design Message Specifications File Specifications
Table 1: Documents used in Design
3 7
Coding is the conversion of the detailed design specifications into testable code. It also involves verification and validation activities such as code reviews/inspection and unit testing.
4 8
Software Coding
Software Testing
Software Testing involves verifying and validating the code generated against the project requirements. Integration and System testing is performed according to Test Plans and Test Specifications, and any problems identified are fixed. During testing, defects found are logged and managed until is closed. Software Testing also includes Security Testing such as penetration test on network and application,
Final Release
Private & Confidential
Page 176 of 245
TA4451-TAJ
Final Report
vulnerability test on system and security mechanisms.
5
December 2006
port scans to determine the effectiveness of
Software Release and System Commissioning
9
The procedure is intended to identify important activities to be performed in order to for the System to go live in production. It also includes releasing the software and the associated documentation to the customer. An implementation plan is produced and includes pre-implementation activities such as user training, preparing release notice, data migration and ensuring the production environment is ready.
10
The process also includes post implementation review to include analysis of project success or failure and process effectiveness, and archiving such information for future use. The lessons learned from the project experience are also formally documented.
C.
Support Processes 1
Project Management
11
The Project Management element addresses the mechanism of executing the project within the constraints imposed by the Customer.
12
The process starts with planning where a workable scheme to accomplish the business need that the project was undertaken to address is devised and maintained. It involves core activities such as: (i) (ii) (iii) (iv) (v) (vi) (vii) (viii) (ix)
Scope planning and definition; Activity definition and sequencing; Estimation; Schedule development; Resource planning; Quality planning; Staff acquisition; Communications planning; Risk identification, assessment and management
13
The Project Plan provides the basis for performing and managing the project’s activities and addresses the commitment to the customer according to the resources, constraints, and capabilities of the project. The plan is then carried out by coordinating people and other resources to perform the activities included therein.
14
To ensure that project objectives are met, software activities and progress are monitored and measured and corrective actions are taken when necessary. These actions include revising the Project Plan to reflect the actual accomplishments and re-planning the remaining work or taking actions to improve the performance.
Final Release
Private & Confidential
Page 177 of 245
TA4451-TAJ
2
Final Report
December 2006
Software Configuration Management
15
The Configuration Management element provides a repository to effectively monitor the software work products and ensure that changes to these work products that occur during the project life cycle are systematically controlled.
16
This process element consists of a set of activities performed to identify and organize software items at given points in time, systematically controlling their modifications, and maintaining the integrity and traceability of the software items throughout the software life cycle. The software items that are placed under a formal configuration management include software products that are delivered to customer (e.g., Software Requirements Specification and the code) and the items that are identified with to create these software products (e.g., Compiler). There is proper versioning control for all artifacts of the application software.
3
Software Quality Assurance
17
The Software Quality Assurance element involves reviewing and auditing the software projects and its activities to verify that they comply with Software Development Processes, and providing the project teams and appropriate managers with the results of these reviews and audits. A Software Quality Assurance Representative (SQAR) shall be appointed at the beginning of the project to work with the project teams during its early stages to establish plans, standards and processes that will add value to the project and satisfy both the constraints of the project and policies.
18
The SQA Representative ensures that: (i)
Software development activities are carried out in accordance with the applicable procedures and standards;
(ii)
Software work products are implemented according to the designated procedures, standards and contractual agreements.
19
All SQA activities to be carried out in the project such as reviews, audits, or interim assessments are spelled out in the Quality Assurance Plan. Standards and other components to manage SQA activities are also addressed.
20
SQA Representative shall also carry out the following configuration audits to project: (i)
Functional Configuration Audit To check that the product conforms to its currently approved requirements
(ii)
Physical Configuration Audit To check that all the configuration items listed in the Software Configuration Management Plan are present. To check that the status accounting information is maintained.
Final Release
Private & Confidential
Page 178 of 245
TA4451-TAJ
Final Report
December 2006
To check that there is consistency with the status of the configuration items
4
Peer Review
21
The Peer Review element examines the software work products in order to detect error as close to the source of injection as possible, thereby helping prevent a fan-out effect in the entire software development project.
22
This process element involves a disciplined examination of software product by the author’s (or producer’s) peers known as peer review team to identify defects and areas where changes are needed. The specific software work products that will undergo a peer review are identified and scheduled as part of the project planning activities.
23
Peer review should look for security related problems like logic problems such as algorithms that perform unforeseen functions such as opening other means of communication and boundary errors that could result in buffer overflows.
5 24
Software Change Management
The Software Change Management Process is intended to manage and control changes on the software requirements so that the affected project plans, work items, and activities are adjusted to remain consistent with the updated requirements. Change Request is raised using a Change Request Form. A change request log is maintained to keep track of all the change requests. A Change Request is then analyzed by a board (Software Change Control Board – SCCB) that is comprised of users’ representative and Project Manager. The SCCB takes the decision to approve or reject the Change Request based on the impact analysis done. Change Control shall also ensure that any configuration changes taking place in software will not adversely affect the security of the system.
Final Release
Private & Confidential
Page 179 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX H TESTING PHASES
Final Release
Private & Confidential
Page 180 of 245
TA4451-TAJ
Final Report
APPENDIX H.
December 2006
TESTING PHASES
A.
Testing Phases
25
In order to ensure that the software product is relatively free of detects, it is necessary to adopt a phased approach to software testing.
Figure 1: Testing Phases
26
As shown in the figure 1, there are four testing phases in the development life cycle prior to User Acceptance Testing.
27
Software testing begins with unit testing of the smallest individual component - class or procedural functions. This is followed by integration testing of components and is done incrementally till all components are integrated. This is then followed by system testing of the entire suit of components that comprises the system.
Final Release
Private & Confidential
Page 181 of 245
TA4451-TAJ
1 28
Final Report
Unit Testing
Unit Testing is the testing of the smallest component software that can be compiled and executed which refers to the class or procedural function. The testing approach should comprise primarily of white-box testing and some black box testing. (i) (ii) (iii) (iv) (v) (vi) (vii) (viii)
2 29
Integration Testing
System Testing
System Testing involves testing of every function of a system or application to ensure it complies with the relevant functional requirements. It shall involve testing of software components that have been distributed across multiple platforms (e.g. client, web server, application server, database server) to produce failures caused by system integration defects.
4
Functional Testing (i) (ii) (iii)
5 31
All classes and procedural functions are to be tested. For white-box testing, the coverage should include: Statement coverage (for simple classes or functions) Branch coverage (for average classes or functions) Path coverage (for complex, error prone classes or functions) Loop testing (check for boundaries and infinite loops) Exception testing Boundary testing (for all inputs or derived values)
The integration testing is conducted after components have gone through successful unit testing. The purpose is to allow progressively larger group of tested software components of the architectural design to be integrated and tested until the software interfaces and interactions between groups of components work as a whole as subsystems and to check for consistency between subsystems before proceeding to System Testing phase. Test should include each interface between software components including in-house or third party components.
3 30
December 2006
All work flows and use case paths are to be tested. All input values are to be tested at boundaries. Perform negative test to ensure system can handle invalid data and the pre condition is not satisfied. Exception handling has to be tested.
Graphical User Interface Testing
The complete system is tested to ensure that it complies with the User Interface Guide for Windows and Web Applications and the requirement specifications.
Final Release
Private & Confidential
Page 182 of 245
TA4451-TAJ
6 32
Memory leak
Recovery Testing
Recovery Testing is used to ensure that operations can be continued after a disaster. The testing include whether adequate backup data is preserved and stored in a secure location and recovery procedures are documented. 10
36
Load and Performance Testing
Program bugs may cause memory leak. Running the application continuously and monitoring the memory usage using memory leak tool test the system.
9 35
Configuration Testing
The system is to be subjected to maximum work load as would be expected in the production environment or as defined in the contract, to test the response time is within acceptable level.
8 34
Security Testing
Penetration tests are used to uncover any vulnerability in the system. The tests include: (i) (ii) (iii) (iv) (v) (vi)
11 37
December 2006
The system is to be tested against the different configuration - such as operating systems, databases, and computer hardware to ensure that the system is producing the same behavior for all configurations. This will involve testing several combinations of variables.
7 33
Final Report
Buffer overflow SQL injection Cross-site scripting Brute force Session Hijacking Cookie manipulation
Regression Testing
Changes in component may induce a failure because of the incompatibility, side effect, or undesirable feature interaction. Revise the test cases and rerun the baseline test suite. A change impact analysis to assess the regression test suite e.g. given one or more classes of objects that have been changed, derived the set of components whose test cases need to be included in the regression test.
Final Release
Private & Confidential
Page 183 of 245
TA4451-TAJ
12
Final Report
December 2006
Quality Assurance Testing
38
Quality Assurance Testing shall be conducted by an independent group of testers who will verify that the software product is relatively free from bugs before it is released for User Acceptance Testing or production migration. The team shall verify that the main functions and use case scenarios of the application are working. Quality Assurance testing will be able to detect bugs not caught by the developers and hence provide more confidence to customers on the quality of the software.
B.
User Acceptance Testing
39
The diagrammatic approach on user acceptance testing is depicted below: -
Functional Test Integration Test Business Flow Test Performance & Load Test Security Test
1
40
Function testing refers to the testing of user functions defined in the design specifications. This would involve mapping the user functions from the design specifications into test scripts and stating the user actions and data input and the expected results. The focus should be on frequently used user functions and on functions that will have a direct operation impact.
2 41
System Functional Test
System Integration Test
Integration testing is simply relating a collection of user functions to test that the results provided at each function supports the next function to be executed. Again, the test script in executing a collection of functions will have to be defined together with the expected results. Integration test will include testing of interfaces between subsystems and subsystems within system interface with other external systems are also to be tested to ensure interoperability with these systems.
Final Release
Private & Confidential
Page 184 of 245
TA4451-TAJ
3 42
December 2006
Business Flow Test
The business flow test should be done when the system has passed all functional and integration tests. The purpose of business flow test is to subject the system to the sequence by which the respective user groups are expected to carry out their designated work functions in the daily operations of Customs and should encompass end-to-end testing.
4 43
Final Report
Performance and Load Test
When the system delivered has passed functional testing, integration testing and business flow testing, the next step is to test the systems on the performance requirements as defined in the requirements specification. The purpose is to ensure that the system can meet the response time and can manage the load defined in requirements specification.
5
Security Test
44
This involves penetration testing to uncover any vulnerability in the system and ascertain the compliance of the system to the system security requirements.
C.
Data Migration Testing
45
User acceptance testing shall also encompass the data migration.
46
Data migration involves the mapping and transformation of data from the existing system to the new system’s databases. It shall be treated as a separate project with its own requirements management, software design, software coding, software testing and implementation phases and runs parallel and preferably slightly later with the core development project. This is to minimize rework should there be changes to the development work at a later stage.
47
The testing shall cover the data migration scripts and programs, which are developed, based on the data mapping requirement specifications and transformation rules. It shall also include the reports, user interface screens and logs developed for verification of data.
Final Release
Private & Confidential
Page 185 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX I SECURITY SPECIFICATIONS
Final Release
Private & Confidential
Page 186 of 245
TA4451-TAJ
Final Report
APPENDIX I. A.
December 2006
SECURITY SPECIFICATIONS
Security Architecture (i)
There shall be three level security layers in the UAIS corresponding to the DMZ zone, application zone and database zone.
(ii)
In the security layer at the first level, there shall be firewall, network based IPS/IDP, antivirus, SSL accelerator and SSL terminator and VPN functions.
(iii)
In the security layer at the second level, there shall be firewall and network based IPS/IDP.
(iv)
In the security layer at the third level, there shall be firewall and network based IPS/IDP.
(v)
The traffic coming to web servers over Intranet and extranet at first level security layer shall first pass through firewall, if the SSL or VPN traffic is different, then it shall be concluded in DMZ zones and shall be routed to IPS/IDS by again passing through the firewall. The traffic passing through the IPS/IDS shall then pass through the firewall (it shall be blocked if there is a harmful traffic) and arrive to the web servers. The whole traffic of the internal users shall also be checked with antivirus scanning. In case that the external users to upload file to the system, these shall also be checked with antivirus scanning.
(vi)
The traffic coming to second and third level security layer shall first pass through the firewall and then the IPS/IDP.
(vii)
Filters according to RFC 1918 and RFC 2827 shall be written to reduce the effects of the DoS attacks on the routers.
(viii)
The unnecessary services such as finger, echo, discard etc. running on the router shall be closed to reduce the effects of DoS attacks.
(ix)
DNS servers, antivirus servers, SSL and VPN terminators shall take place in different DMZ zones of first level security layer.
(x)
Web servers, ntp servers etc. (such as mail) shall take place at the back of first level security layer. These servers shall be located at different DMZ zones.
(xi)
Application servers shall take place at the back of second level security layer.
(xii)
Database servers and identity verification servers shall take place at the back of the third level security layer.
(xiii)
In the general operation principle of the system, the end users shall not establish a connection directly to servers located in the second and third levels and responding the requests coming from the internet shall be provided if the servers in the second level communicates with the servers in the third level (web server- application server- database server).
Final Release
Private & Confidential
Page 187 of 245
TA4451-TAJ
Final Report
December 2006
(xiv)
At the bottom of each security layer there shall be backbone switches redundant and load sharing.
(xv)
All network segments serving for different purposes and related to each other functionally shall be made with Layer 3 switches according to the solution. If load balancing is required, this shall be performed with load balancing switches that will be placed to this level and then the LAN structures shall be connected to the backbone switch structures, which are one upper layer.
(xvi)
System management servers shall be designed as a separate physical LAN.
(xvii)
The infrastructure and software designs of the UAIS shall be protected against known attack methods. The supplier shall eliminate the security defects that occur during the project and guarantee periods and shall take necessary measures against new attack methods.
(xviii) The hardware and software to be used shall ensure a secure environment for the information exchange.
B.
C.
System Security (i)
UAIS shall be capable of determining and getting rid of harmful codes that may change and delete the data in the system without permission and be defined by antivirus products such as viruses.
(ii)
There shall be host-based-IDP software on all servers of UAIS.
(iii)
The desktop and servers are loaded with antivirus software with the latest pattern.
Network Security (i)
Firewalls working redundant shall be offered for UAIS.
(ii)
Firewalls shall be package or card based. The products of two different manufacturers shall be used in the 1st layer and the solutions of any of these two different manufacturers shall be used in the second and the third layer.
(iii)
A three layered structure has been projected and the firewalls shall be physically positioned in each layer.
(iv)
In case that it is package or server based, it shall have power source spare.
(v)
All the traffic received from the Internet shall be directed to IDS/IPS after passing through the firewalls. The traffic shall be disconnected or forwarded by operating security policies of the firewall.
(vi)
There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site to site VPN support on the firewall.
Final Release
Private & Confidential
Page 188 of 245
TA4451-TAJ
Final Report
December 2006
(vii)
Whether the firewall has static packet filtering, dynamic packet filtering and proxy firewall feature shall be specified.
(viii)
The firewall shall be with an active-active load sharing or active-passive structure. If it is positioned in active-passive structure, the other firewall shall continue to work without loading the configurations back from any backup in case that the active firewall has become disabled.
(ix)
The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)
(x)
Firewall shall support an unlimited number of users. No license shall be paid for the firewall on the basis of number of users.
(xi)
The firewall to be offered should have at least two of TSE ISO 15408, Common Criteria Evaluation Assurance Level 4 (EAL4), FIPS 140-1 Level 2, ICSA, ITSEC E3, VPNC certificates.
(xii)
The concurrent session amount on the firewall shall be minimum 250,000.
(xiii)
The throughput of the firewall must be minimum 4 Gbps. If this traffic value cannot be established with a single package, using more than one package shall provide it.
(xiv)
The firewall to be proposed shall have security support for applications in various categories (business applications, VoIP etc.).
(xv)
Access inspection shall be possible according to stateful inspection on the packets coming and going between the target and the source.
(xvi)
It shall be able to limit the number of premature connections in order to decrease the effects of DoS and DDoS attacks.
(xvii)
It shall have port hiding support without changing the activation characteristics of the open TCP/UDP ports belonging to systems protected by the firewall.
(xviii) It shall be capable of performing identity verification server over the external database, to the systems which if provide security to the one who require to access services such as Radius, TACACS, SecureID, LDAP etc. (xix)
It shall be capable of performing Network Address Translation (NAT). It shall be able to hide Internet addresses of internal machines and ensure access to external networks through a single IP address.
(xx)
It shall be capable of performing Port Address Transformation (PAT).
(xxi)
It shall have H323 NAT Traversal support.
(xxii)
Classification for Host, protocol and services shall be possible.
Final Release
Private & Confidential
Page 189 of 245
TA4451-TAJ
D.
E.
F.
Final Report
December 2006
Logging and Monitoring Features of the Firewall (i)
Real-time analysis shall be possible. Characteristics of analysis and logging shall be stated in detail. Detailed search and examination on log files that are kept shall be possible.
(ii)
It is required that the log files kept are understandable and software that will report these log files (on an hourly, daily, weekly, monthly basis) shall be given.
(iii)
There shall be the possibility of monitoring the connections that are established at any time as online. The log shall send the logs to central logging server.
(iv)
The operator should block any connection and this blockage information should be distributed to all the firewalls.
(v)
Reporting and analysis capabilities of the firewall shall be stated in detail.
(vi)
For the examination of the demands that come to the systems protected by the firewall, it shall keep a detailed log related with its connections such as HTTP, SMTP and FTP.
(vii)
It shall be capable of warning via e-mail or SMS when an attack is caught.
(viii)
It shall ensured that the logs generated by the firewalls are archived automatically to the log server by the firewall.
High Availability Feature on the Firewall (i)
Firewall system shall definitely not cause packet loss.
(ii)
It shall have Stateful failover feature.
(iii)
It shall be capable of determining hardware errors and sending alerts.
(iv)
It shall be capable of observing connection statuses. It shall be able to interfere when required and it shall allow manual interference.
(v)
Firewall machines shall be configured in such a way that they will work as synchronized with firewall machines of the same kind. When required, in the event that one of them collapses, the other shall automatically undertake all its connections (Automatic transfer of H323 and VPN sessions shall be a matter of preference). For this collaborative operation, a separate license or an additional device shall not be required.
System Management Features of the Firewall (i)
Final Release
Along with secure connection over GUI (HTTPS etc.), all kinds of operation and configuration support shall be found.
Private & Confidential
Page 190 of 245
TA4451-TAJ
G.
Final Report
December 2006
(ii)
Configuration support along with CLI shall be found.
(iii)
Support for manageability with SSH shall be found.
(iv)
All firewall machines to be used to form the solution shall be manageable from a single center. It shall be possible to load subsystems, patches and licenses to all firewall machines in a distributed structure from a single center when required.
(v)
Managers with different authorizations level shall be identified and the upper limit for this number shall be stated.
(vi)
Detailed monitoring on system status shall be possible; it shall be possible to monitor information such as firewall version, RAM, CPU use, number of sessions etc. Whether the capability of receiving alerts and alarms when the verge limits are exceeded.
Network Based Active Defense System
Final Release
(i)
IDS/IPS2s shall be package or card based. The products of two different manufacturers shall be used in the 1st layer and the solutions of any of these two different manufacturers shall be used in the second and the third layer.
(ii)
Signature updates shall be automatically performed from the Internet and the sensors shall be downloaded automatically.
(iii)
The IDS/IPS to be offered shall have minimum the following characteristics. The Tenderer shall offer products with higher characteristics.
(iv)
The Tenderer shall offer sufficient amount of device by considering that the firewall throughput has been requested as 330 Mbps and that the IDS/IPS’s will work as in-line.
(v)
In case that it is package or server based, it shall have power source spare.
(vi)
IDS/IPS shall work as in-line if requested.
(vii)
TCP reset or blocking should be applied for suspicious packages, whether Trojan or not, passing through any standard port such as HTTP port which has to be open.
(viii)
New policies should be defined in IDS/IPS and attack definition automatically and manually should be performed.
(ix)
It should send an alarm to the console in case of an attack (with SNMP or its own protocol), monitor the active session, perform reporting, log the packages coming from the attack points.
(x)
For the known attacks such as Syn attack, ICMP flood, port scan, tear_drop, it should be capable of disconnecting TCP connection by Private & Confidential
Page 191 of 245
TA4451-TAJ
Final Report
December 2006
reducing the package when the attack is received and should send an alarm to the system administrator with e-mail, SNMP or syslog. (xi)
It shall have fail-open (automatic by-pass) feature.
(xii)
It shall work according to the attack signature and protocol/application anomalies determination essential (Hybrid mode). While working according to the protocol/application anomalies determination essential; it should monitor the traffic as stateful and it should perform IP defragmentation, combining of TCP traffic (stream reassembly), protocol analysis and parsing, asymmetric traffic analysis and protocol normalization.
(xiii)
It should determine Unicode and Whisker attacks.
(xiv)
The following attacks should be determined and prevented: o o o o o o o o o o o o o o o
H.
Sweep and flood DoS Worm-virus CGI and WWW attacks Buffer floods RPC attacks ICMP attacks E-mail attacks such as SMTP, IMAP, POP3 FTP, SSH, Telnet, rlogin attacks DNS attacks TCP hijack attacks Back office and similar backdoor attacks Windows and NetBIOS attacks NTP attacks P2P file sharing applications
(xv)
There should be SSL, SSH support for secure communication with the management subsystem, the attack defining packages should be sent to the management center by being encrypted.
(xvi)
When an attack is performed, it shall have the “Forensic” data collection feature that ensures the collection of the proofs assisting in the commencement of a legal process by determining the source, type, size and the access area of the attack.
Host Based Active Defense System
Final Release
(i)
For all servers to take part in the system, server based IDS shall be taken.
(ii)
Server based IDS shall bring a maximum CPU load of 5% to the server on which it will be installed.
(iii)
When it is disconnected with the central management and log server, it shall be capable of keeping the logs related with the stream it has monitored until the connection is restored. Private & Confidential
Page 192 of 245
TA4451-TAJ
I.
Final Report
December 2006
(iv)
Its communication with the central management unit shall be realized in a secure environment (SSL, SSH, etc.). All the data flow between those two shall be ensured with encryption.
(v)
It shall monitor incidents related with the Operation System, and be capable of checking unauthorized access and activities to the system by examining the operation system logs.
(vi)
All host based agents shall be controllable and updateable from a single point.
(vii)
It shall be capable of forming rule based policies.
(viii)
It shall not cause interruption in the services running on the servers in any way.
(ix)
It shall be capable of stopping unknown attacks, worms and viruses with zero updating.
(x)
It shall identify and prevent TCP packets that are created for attack purposes and that do not comply with the standards.
(xi)
It shall inspect file, network and registry access.
(xii)
It shall ensure protection against e-mail worms.
(xiii)
It shall be capable preventing the buffer floods.
(xiv)
It shall be capable of preventing key-loggers.
Secure Socket Layers (SSL)
Final Release
(i)
SSL technology shall be used for secure and reliable performance of transactions over UAIS using browsers.
(ii)
It shall be server or package or card based and the devices shall be offered as they will work redundant.
(iii)
In case of the SSL device to be offered as package or server based; it shall have power source spare.
(iv)
Software and devices required for the existence of SSL certificates on the Custom Gateway servers shall be included in the proposal.
(v)
Asymmetric encryption technology (public and private key) shall be used and the minimum key size shall be 1024 bits.
(vi)
Encryption process shall be performed with hardware crypto cards.
(vii)
Symmetric encryption of minimum 128 bits shall be made.
Private & Confidential
Page 193 of 245
TA4451-TAJ
J.
K.
Final Report
(viii)
It shall have command line support (CLI).
(ix)
It shall have management through Web interface.
December 2006
Virtual Private Network (VPN) (i)
The VPN to be offered shall be separate package or server or card based and it shall be offered redundant.
(ii)
In case of the VPN to be offered as package or server based; it shall have power source spare.
(iii)
The specifications of the VPN package shall be specified in detail.
(iv)
That the encryption operations are performed with Hardware Crypto Accelerator cards shall be preferable.
(v)
The VPN solution to be proposed shall support at least 2000 site-to-site tunnels and the maximum client-to-site tunnel supported shall be stated.
(vi)
The throughput value for the packages that have been encrypted with 3DES in the VPN or with one or more package shall be minimum 145 Mbps.
(vii)
Packet encryption with standard algorithms such as 3DES, and AES shall be possible.
(viii)
It shall support IPSec standards. Supported IPSec identity verification methods shall be stated, such as SHA-1, MD5, PKI, SCEP (Automated certificate enrollment), OCSP (Online Certificate Status Protocol ).
(ix)
Software/hardware required for the management of VPN packages shall be included in the proposal and for this software/hardware, pricing per site/client shall not be made.
(x)
Remote connections and LAN-to–LAN connections shall be monitored on the monitoring screen.
(xi)
Even if there is a device performing NAT in between, in order for IPSec not to break, NAT transparency shall be ensured through TCP or UDP encapsulation.
(xii)
All tunneling operations to be made on VPN shall be made on network layer.
Antivirus
Final Release
(i)
Antivirus systems running in gateway structure for giving services to the internal users and antivirus running of servers to prevent attack.
(ii)
Anti-Virus solution shall have an appliance/server structure.
Private & Confidential
Page 194 of 245
TA4451-TAJ
Final Release
Final Report
December 2006
(iii)
The antivirus products to be offered shall be capable of scanning all the traffic of the internal users (HTTP, POP3, SMTP, etc.). It shall be scanned after the SSL traffic is terminated on the SSL terminators.
(iv)
Antivirus system shall scan the HTTP traffic of the internal users.
(v)
Anti virus system shall be designed in a way that it will work continuously (redundant)
(vi)
It shall have anti-relay, anti-spam, anti-spoof, anti-bombing and alarm mechanisms.
(vii)
Determination and blocking of file types shall be performed not only according to their extensions but also according to real file types.
(viii)
Anti-virus system shall be updated at the determined time intervals.
(ix)
It shall be able to determine worms, Trojans and hoaxes and to perform operations defined by the administrator.
(x)
It shall be capable of scanning and blocking HTML Script, VBScript based viruses and harmful Java Applets.
(xi)
It shall be easily manageable with Web interface (with https) and/or management console.
(xii)
When a virus is found, it shall be capable of sending a warning e-mail and/or SMS to the system administrator and a warning e-mail to the sender and receiver of the message.
(xiii)
It shall be capable of scanning archive files (zip, arj, rar, lha, lhz, ace, cab, tar, vb), exe files, embedded files and e-mail attachments by going down to the deepest archive level. What kind of a precaution is taken against files on which archiving has been made many times in order to perform attacks shall be stated.
Private & Confidential
Page 195 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX J COST ESTIMATES OF UAIS
Final Release
Private & Confidential
Page 196 of 245
TA4451-TAJ
Final Report
APPENDIX J. A.
December 2006
COST ESTIMATES OF UAIS
Data Centre Cost Estimate Location
Data Centre
Type Equipment
Telecommunication
Final Release
Items
Quantity
Unit Cost (USD)
Cost (USD)
Web Server and Java web server software
2
19,200
38,400
Application Server and Weblogic software
2
85,200
170,400
Database Server and Oracle software
2
145,000
290,000
Development server and software Storage Disks -
2 2
19,200 78,000
38,400 156,000
Backup server and software Mail server and Microsoft Exchange software PC UPS Anti-Virus Printer Web Portal Router - leased line Router - ADSL line DR-router Firewall 1st tier Firewall 2nd tier Firewall 3rd tier Firewall (Standalone) IPS Core Switches Edge Switches
1
16,625
16,625
2 6 6 6 2 1 1 1 1 6 2 6 2 5 2 6
24,000 800 100 45 350 50,000 25,500 14,000 1,800 20,000 35,000 20,000 10,000 20,000 92,000 1,000
48,000 4,800 600 270 700 50,000 25,500 14,000 1,800 120,000 70,000 120,000 20,000 100,000 184,000 6,000
Private & Confidential
Page 197 of 245
TA4451-TAJ
Final Report
Load Balancer Remote Access Server VPN Setup Data Centre
6 1 2
11,000 16,000 3,000
66,000 16,000 6,000
1 2 lot 200 m2 lot lot
21,000 17,500 18,000 24,000 36,000 6,000
21,000 35,000 18,000 24,000 36,000 6,000
Security Access System- CCTV, Intercom
lot
6,000
6,000
EMS System - autopaging and sensors
lot
6,000
6,000
Building works- partition, doors, false ceiling
lot
18,000
18,000 1,733,495
UPS 30 kva, 30 mins battery backup AirCon Electrical works Raised floor system FM 200 Gas suppression Water Detection System
Subtotal for Data Centre
Final Release
December 2006
Private & Confidential
Page 198 of 245
TA4451-TAJ
B.
Final Report
December 2006
Disaster Recovery Cost Estimate Location
DR site
Type Equipment
Communication
Setup DR site
Items
Quantity
Web Server and Software Application Server and Software Database Server and software Storage Disks Internet Router DR router Firewall VPN IPS Core Switches Edge Switches
Cost (USD)
1 1 1 2 1 1 3 1 4 1 3
19,200 85,000 145,000 78,000 26,000 1,800 9,000 3,000 12,000 57,000 1,000
19,200 85,000 145,000 156,000 26,000 1,800 27,000 3,000 48,000 57,000 3,000
1 2 lot 100 m2 lot lot lot
21,000 17,500 9,000 12,000 36,000 6,000 6,000
21,000 35,000 9,000 12,000 36,000 6,000 6,000
EMS System - autopaging and sensors
lot
6,000
6,000
Building works- partition, doors, false ceiling
lot
9,000
9,000
UPS 30 kva, 30 mins battery backup AirCon Electrical works Raised floor system FM 200 Gas suppression Water Detection System Security Access System- CCTV, Intercom
Subtotal for Disaster Recovery Centre
Final Release
Unit Cost (USD)
711,000
Private & Confidential
Page 199 of 245
TA4451-TAJ
C.
Final Report
December 2006
Customs HQ Cost Estimates HEADQUARTERS COSTS Systems
Division/InterDivision
Ref
Systems Totals (US$)
Comms Totals (US$)
Server #
Unit Costs→
UPS
Cost (US$)
#
5,000
Laptop
Cost (US$)
#
500
PCs
Cost (US$)
#
1,500
Comms
UPS
Cost (US$)
#
800
Anti-Virus
Cost (US$)
#
100
Printer
Cost (US$)
#
45
Cost (US$)
Photocopier Cost # (US$)
100
700
Scanner
Cost (US$)
#
350
Mobile #
Cost (US$) 365
Management
1
Chief of Customs Department
2
Deputy Chiefs Management Totals
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1,895
0
0
0
0
0
1
1,500
0
0
0
0
1
45
1
350
0
0
0
0
0
0
2,095
0
0
0
0
0
0
0
1
800
1
100
1
45
1
350
1
100
1
700
0
0
0
0
0
0
2
3,000
5
4,000
5
500
5
225
5
1,750
1
100
1
700
2
730
10,275
730 0
0
0
0
1
1,500
15
12,000
15
1,500
16
720
5
1,750
1
100
1
700
0
0
0
0
0
0
0
0
6
4,800
6
600
6
270
6
2,100
1
100
1
700
9
3,285
0
0
0
0
2
3,000
15
12,000
16
1,600
18
810
14
4,900
4
400
1
700
0
0
0
0
0
0
0
0
4
3,200
4
400
2
90
2
700
0
0
1
700
1
365
0
0
0
0
5
7,500
46
36,800
47
4,700
48
2,160
33
11,550
8
800
6
4,200
12
4,380
1,895
0
0
1,500
0
0
0
0
1
45
1
350
0
0
0
0
0
0
CSD Divisions Internal Division
Control
3
Customs Division
Control
4
5
Tariff Regulations & Revenue Division
18,270
0
6
Anti-Smuggling & Customs Rules Division
8,570
3285
7
Statistics & Analysis Division
23,410
0
8
Central Laboratory
5,090
365
67,710
4,380
Customs
CSD Division Totals
Final Release
Private & Confidential
Page 200 of 245
TA4451-TAJ
Final Report
December 2006
Systems
Ref
Systems Totals (US$)
Division/InterDivision
Comms Totals (US$)
Server #
Unit Costs→
UPS
Cost (US$)
#
5,000
Laptop
Cost (US$)
#
500
PCs
Cost (US$)
#
1,500
Comms
UPS
Cost (US$)
#
800
Anti-Virus
Cost (US$)
#
100
Printer
Cost (US$)
#
45
Cost (US$)
Photocopier Cost # (US$)
100
700
Scanner
Cost (US$)
#
350
Mobile #
Cost (US$) 365
Shared Responsibility Divisions
9
Information Analytical Division
&
10
Training Institute (Separate Costings)
11
16,850
0
0
0
0
2
3,000
10
8,000
10
1,000
10
450
10
3,500
2
200
1
700
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
9
7,200
9
900
9
405
8
2,800
2
200
1
700
0
0
0
0
0
0
1
1,500
9
7,200
9
900
9
405
2
700
2
200
1
700
0
0
0
0
0
0
0
0
5
4,000
5
500
5
225
3
1,050
1
100
1
700
0
0
0
0
0
0
1
1,500
5
4,000
5
500
5
225
3
1,050
1
100
1
700
0
0
0
0
0
0
0
0
4
3,200
4
400
4
180
2
700
1
100
1
700
0
0
0
0
0
0
0
0
7
5,600
7
700
7
315
7
2,450
3
300
1
700
0
0
0
0
0
0
1
1,500
10
8,000
10
1,000
10
450
5
1,750
2
200
1
700
0
0
0
0
0
Staff Policy Division
12,205
0
12
Modernization/Reform Bureau
11,605
0
13
Improvement of Tax & Customs Policy
6,575
0
14
Legislation Division
8,075
0
15
Mass Media Division
5,280
0
16
International Cooperation Division
10,065
0
17
Finance & Economic Division
13,600
0
Shared Division Totals
84,255
0
0
0
0
0
5
7,500
59
47,200
59
5,900
59
2,655
40
14,000
14
1,400
8
5,600
0
0
HQ DIVISIONAL TOTALS
151,965
4,380
0
0
0
0
11
16,500
105
84,000
106
10,600
108
4,860
74
25,900
22
2,200
14
9,800
12
4,380
Final Release
Private & Confidential
Page 201 of 245
TA4451-TAJ
D.
Final Report
December 2006
Regional Offices and Post Equipment Cost Estimates
REGIONS & POSTS (Dushanbe) - SYSTEMS COSTS
Ref
Post
Code
Type
For
Systems Totals (US$)
Server
UPS
Laptop
#
Cost (US$)
4,300
1
500
0
4,300
1
500
0
#
Cost (US$)
51,730
1
51,730
1
#
PCs
Cost (US$)
UPS
#
Cost (US$)
#
Cost (US$)
0
43
34,400
43
0
43
34,400
43
Anti-Virus #
Cost (US$)
4,300
44
4,300
44
Printer #
Cost (US$)
1,980
15
1,980
15
Photocopier
Scanner #
Cost (US$)
#
Cost (US$)
5,250
3
300
1
700
5,250
3
300
1
700
DUSHANBE REGION Unit Costs→
Regional Office 1
Dept of Customs Control
76200
Regional Office Regional Office Totals
4,300
Unit Costs→
Posts
500
4,300
1,500
500
800
1,500
100
800
45
100
350
45
100
350
700
100
700
2
Dept of Strategic Customs Control in Dushanbe Airport
76202
Clearance
Air
15,655
1
4,300
1
500
0
0
8
6,400
8
800
9
405
9
3,150
1
100
0
0
3
Dushanbe 1
76203
Clearance
Rl+Mail
10,720
1
4,300
1
500
0
0
5
4,000
5
500
6
270
3
1,050
1
100
0
0
4
Dushanbe 2
76205
Clearance
Rail
10,720
1
4,300
1
500
0
0
5
4,000
5
500
6
270
3
1,050
1
100
0
0
5
Terminal
76206
Clearance
Road
10,620
1
4,300
1
500
0
0
5
4,000
5
500
6
270
3
1,050
0
0
0
0
76207
Clearance
Rail
10,620
1
4,300
1
500
0
0
5
4,000
5
500
6
270
3
1,050
0
0
0
0
76260
Clearance
Rail
3,535
0
0
0
0
0
0
3
2,400
3
300
3
135
2
700
0
0
0
0
Post
Road
6
Ainy
7/1
Kofarnigan Dept
7/2
Karamik
Customs
Posts Totals DUSHANBE REGIONAL TOTALS
Final Release
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
63,165
5
21,500
5
2,500
0
0
32
25,600
32
3,200
37
1,665
24
8,400
3
300
0
0
114,895
6
25,800
6
3,000
0
0
75
60,000
75
7,500
81
3,645
39
13,650
6
600
1
700
Private & Confidential
Page 202 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Khudjant) - SYSTEMS COSTS
Ref
Post
Code
Type
For
Systems Totals (US$)
Server #
UPS
Cost (US$)
#
Laptop
Cost (US$)
#
PCs
Cost (US$)
#
UPS
Cost (US$)
#
Anti-Virus
Cost (US$)
#
Cost (US$)
Printer #
Photocopier
Scanner
Cost (US$)
#
Cost (US$)
#
Cost (US$)
KHUDJANT REGION Unit Costs→
Regional Office 8
Dept of Customs Control
76210
Regional Office Regional Office Totals
Dept of Strategic Customs Control in Airport Khudjant
76212
Clearance
10/1
G.Rosulov (Proletar)
76215
10/2
Madaniyat
11/1
Asht Customs Post
11/2
Navbunjod
Post
11/3
Uzbek-Okjar
Post
12/1
Nouv Customs Dept
Clearance
Road
76216
76217
500
1,500
800
100
45
350
100
700
41,830
1
4,300
1
500
0
0
33
26,400
33
3,300
34
1,530
12
4,200
2
200
2
1,400
41,830
1
4,300
1
500
0
0
33
26,400
33
3,300
34
1,530
12
4,200
2
200
2
1,400
Unit Costs→
Posts 9
4,300
Air
2,690
Clearance
Rail
Post
Road
Clearance
Road
4,300
500
1,500
800
100
45
350
100
700
0
0
0
0
0
0
2
1,600
2
200
2
90
2
700
1
100
0
0
10,125
1
4,300
1
500
0
0
4
3,200
4
400
5
225
4
1,400
1
100
0
0
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
100
0
0
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
100
0
0
1
1
12/2
Nouv
Post
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
12/3
Plotina
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
12/4
Hashtjak
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
12/5
Farmon Kurgan
13/1
Mastchoh Customs Dept
13/2
Kuruksai
13/3
Fatehabad
14/1
Zafarabad Customs Dept
14/2
DEU-58
14/3
Zomin
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
14/4
Comsomol
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
15/1
Istravshan Customs Post
100
0
0
15/2
Havotag
0
0
0
Final Release
76218
76219
76220
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
Clearance
Road
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
Clearance
Road
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
Clearance
Road
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
Private & Confidential
1
1
1
0
0
0
100
0
0
0
0
0
0
0
0
100
0
0
0
0
0
Page 203 of 245
TA4451-TAJ
Ref
Final Report
Post
Code
Type
For
Server
December 2006
UPS
Laptop
PCs
UPS
Anti-Virus
Printer
Photocopier
Scanner
Systems Totals (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
1
100
0
0
KHUDJANT REGION (2) 16/1
Kanibadam Dept
16/2
Customs
Clearance
Rd+Rl
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
Kanibadam
Post
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
16/3
Patar
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
16/4
Ravat
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
17/1
Isfara Customs Dept
Clearance
Rd+Rl
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
100
0
0
17/2
Isfara-3
Post
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
17/3
Dahana
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
17/4
Batkent
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
17/5
Jakka Uruk
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
18/1
Pendjakent Dept
Clearance
Road
3,985
0
0
0
0
0
0
3
2,400
3
1
100
0
0
18/2
Sarazm
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
19/1
Khudjant Customs Dept
Clearance
Rd+Rl
11,420
1
4,300
1
500
0
0
5
4,000
5
500
6
270
5
1,750
1
100
0
0
19/2
Customs Legal Group
Clearance
Rd+Rl
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
19/3
Auchi Kalacha
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
Clearance
Road
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
1
100
0
0
86,000
2
8,600
2
1,000
0
0
58
46,400
58
5,800
60
2,700
58
20,300
12
1,200
0
0
127,830
3
12,900
3
1,500
0
0
91
72,800
91
9,100
94
4,230
70
24,500
14
1,400
2
1,400
20
Terminal
Customs
76221
76222
76223
76225
76226
Posts Totals KHUDJANT REGIONAL TOTALS
Final Release
Private & Confidential
0
0
0 300
0 3
135
3
1,050
1
Page 204 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Khatlon) - SYSTEMS COSTS
Ref
Post
Code
Type
For
Systems Totals (US$)
Server #
UPS
Cost (US$)
#
Laptop
Cost (US$)
#
PCs
Cost (US$)
UPS
#
Cost (US$)
Anti-Virus
#
Cost (US$)
#
Cost (US$)
Printer
Photocopier
Scanner
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
KHATLON REGION Unit Costs→
Regional Office 21
Dept of Customs Control
76230
Regional Office Regional Office Totals
500
1,500
800
100
45
350
100
700
1
4,300
1
500
0
0
25
20,000
25
2,500
26
1,170
9
3,150
3
300
1
700
32,620
1
4,300
1
500
0
0
25
20,000
25
2,500
26
1,170
9
3,150
3
300
1
700
Unit Costs→
Posts 22
4,300
32,620
4,300
500
1,500
800
100
45
350
100
700
Kurgan Tube
76233
Clearance
Rd+Rl
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
1
100
0
0
23/1
Shartuze Customs Dept
76234
Clearance
Road
2,690
0
0
0
0
0
0
2
1,600
2
200
2
90
2
700
1
100
0
0
23/2
Ajvadj
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
23/3
Hoshadi
Post
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
23/4
Iskra
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
23/5
Strategic Group NajzaBulok
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
24/1
Kulab Customs Dept
24/2
Airport Kulab
24/3
Kokul
25/1
Nijni Dept
25/2 25/3
76235
Clearance
Rd/Rl/A
2,690
0
0
0
0
0
0
2
1,600
2
200
2
90
2
700
1
100
0
0
76282
Clearance
Air
2,690
0
0
0
0
0
0
2
1,600
2
200
2
90
2
700
1
100
0
0
Post
River
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
76270
Clearance
River
10,720
1
4,300
1
500
0
0
5
4,000
5
500
6
270
3
1,050
100
0
0
Kolhozobad
76237
Clearance
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
Javan
76238
Clearance
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
25/4
Vahsh
76239
Clearance
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
25/5
Sargazan
76271
Clearance
Rail
2,590
0
0
0
0
0
0
2
1,600
2
200
2
90
2
700
0
0
0
34,430
1
4,300
1
500
0
0
23
18,400
23
2,300
24
1,080
21
7,350
5
500
0
0
67,050
2
8,600
2
1,000
0
0
48
38,400
48
4,800
50
2,250
30
10,500
8
800
1
700
Customs
Piange
Post
Customs
Terminal
Clearance
Posts Totals KHATLON REGIONAL TOTALS
Final Release
Private & Confidential
1
Page 205 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Badakhshon) - SYSTEMS COSTS
Ref
Post
Code
Type
For
Systems Totals (US$)
Server #
UPS
Cost (US$)
#
Laptop
Cost (US$)
#
PCs
Cost (US$)
#
UPS
Cost (US$)
#
Cost (US$)
Anti-Virus #
Cost (US$)
Printer #
Cost (US$)
Photocopier
Scanner #
Cost (US$)
#
Cost (US$)
BADAKHSHON REGION Unit Costs→
Regional Office 26/1
Dept of Control
Customs
76240
Regional Office Regional Office Totals
Tem
500
1,500
800
100
45
350
100
700
12,365
1
4,300
1
500
0
0
6
4,800
6
600
7
315
3
1,050
1
100
1
700
12,365
1
4,300
1
500
0
0
6
4,800
6
600
7
315
3
1,050
1
100
1
700
Unit Costs→
Posts 26/2
4,300
4,300
500
1,500
800
100
45
350
100
700
Post
Road
1,395
0
0
0
0
0
0
1
800
1
100
1
45
1
350
1
100
0
27
Darvaz
76241
Clearance
Road
1,395
0
0
0
0
0
0
1
800
1
100
1
45
1
350
1
100
0
0
28
Ishkashim
76242
Clearance
Road
1,395
0
0
0
0
0
0
1
800
1
100
1
45
1
350
1
100
0
0
29/1
Murgab Customs Dept
76243
Clearance
Road
3,985
0
0
0
0
0
0
3
2,400
3
300
3
135
3
1,050
1
100
0
0
29/2
Dept of Customs Control Terminal
Clearance
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
29/3
Kizil-Art
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
29/4
Kulma
Post
Road Posts Totals
BADAKHSHON REGIONAL SYSTEMS TOTALS
Final Release
0
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
12,055
0
0
0
0
0
0
9
7,200
9
900
9
405
9
3,150
4
400
0
0
24,420
1
4,300
1
500
0
0
15
12,000
15
1,500
16
720
12
4,200
5
500
1
700
Private & Confidential
Page 206 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Tursunzade) - SYSTEMS COSTS
Ref
Post
Code
Type
For
Systems Totals (US$)
Server #
UPS
Cost (US$)
#
Laptop
Cost (US$)
#
PCs
Cost (US$)
UPS
Cost (US$)
#
Anti-Virus
Cost (US$)
#
Printer
Cost (US$)
#
Cost (US$)
#
Photocopier
Scanner #
Cost (US$)
#
Cost (US$)
TURSUNZADE REGION Unit Costs→
Regional Office 30
Dept of Control
Customs
76250
Regional Office Regional Office Totals
Tajik Factory
32/1
Regar
32/2
Pahtaobad
Aluminium
76252 76253
Clearance
Rail
500
1,500
800
100
45
350
100
700
32,520
1
4,300
1
500
0
0
25
20,000
25
2,500
26
1,170
9
3,150
2
200
1
700
32,520
1
4,300
1
500
0
0
25
20,000
25
2,500
26
1,170
9
3,150
2
200
1
700
Unit Costs→
Posts 31
4,300
1,395
4,300 0
0
500 0
0
1,500 0
0
800 1
800
100 1
100
45 1
45
350 1
350
100 1
100
700 0
0
Clearance
Rail
2,590
0
0
0
0
0
0
2
1,600
2
200
2
90
2
700
0
0
0
0
Post
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
33
Shahrinav (Cheptura Station)
76254
Clearance
Rail
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
34/1
Gizar Customs Dept
76255
Clearance
Rail
9,775
1
4,300
1
500
0
0
4
3,200
4
400
5
225
3
1,050
1
100
0
0
34/2
Customs Terminal
76256
Clearance
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
Post
Road
2,690
0
0
0
0
0
0
2
1,600
2
200
2
90
2
700
1
100
0
0
Post
Road
1,395
0
0
0
0
0
0
1
800
1
100
1
45
1
350
1
100
0
0
Post
Road
1,295
0
0
0
0
0
0
1
800
1
100
1
45
1
350
0
0
0
0
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
23,025
1
4,300
1
500
0
0
14
11,200
14
1,400
15
675
13
4,550
4
400
0
0
55,545
2
8,600
2
1,000
0
0
39
31,200
39
3,900
41
1,845
22
7,700
6
600
1
700
171,065
5
21,500
5
2,500
0
0
132
105,600
132
13,200
137
6,165
48
16,800
11
1,100
6
4,200
218,675
9
38,700
9
4,500
0
0
136
108,800
136
13,600
145
6,525
125
43,750
28
2,800
0
0
389,740
14
60,200
14
7,000
0
0
268
214,400
268
26,800
282
12,690
173
60,550
39
3,900
6
4,200
35/1 35/2 35/3 35/4
Customs Post # 1 Bratstvo Customs Post # 3 Pravda Customs Post # 4 Mikojan Customs Post # 6 Komsomol /Namuna (Seasonal)
Posts Totals TURSUNZADE REGIONAL SYSTEMS TOTALS REGIONAL OFFICE SYSTEMS TOTALS POSTS SYSTEMS TOTALS REGIONS & POSTS SYSTEMS TOTALS
Final Release
Private & Confidential
Page 207 of 245
TA4451-TAJ
E.
Final Report
December 2006
Regional Offices and Posts Telecommunications Cost
REGIONS & POSTS (Dushanbe)- TELECOMMUNICATIONS COSTS
Ref
Post
Code
Type
For
Comms Totals (US$)
LAN #
Router
Cost (US$)
#
Switch
Cost (US$)
#
Firewall
Cost (US$)
#
IPS
Cost (US$)
#
Comms Mobile
VPN
Cost (US$)
#
Cost (US$)
#
Comms/ Stationary
Cost (US$)
#
Cost (US$)
DUSHANBE REGION Unit Costs→
Regional Office 1
Dept of Control
Customs
76200
Regional Office Regional Office Comms Totals
4,000
3,500
11,000
12,000
3,000
365
9,000
72,650
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
10
3,650
2
18,000
72,650
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
10
3,650
2
18,000
Unit Costs→
Posts
14,000
400
500
1,000
0
12,000
3,000
365
9,000
2
Dept of Strategic Customs Control in Dushanbe Airport
76202
Clearance
Air
3
Dushanbe 1
76203
Clearance
Rl+Mail
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
4
Dushanbe 2
76205
Clearance
Rail
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
5
Terminal
76206
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
6
26,470
1
400
1
500
1
1,000
1
0
0
0
0
0
18
6,570
2
18,000
Aini
76207
Clearance
Rail
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
7/1
Kofarnigan Customs Dept
76260
Clearance
Rail
12,360
1
400
1
500
1
1,000
1
0
0
0
0
0
4
1,460
1
9,000
7/2
Karamik
Post
Road Posts Comms Totals
DUSHANBE REGIONAL COMMS TOTALS
Final Release
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
95,810
6
2,400
6
3,000
6
6,000
6
0
0
0
0
0
34
12,410
8
72,000
168,460
7
6,400
7
17,000
8
13,000
7
11,000
1
12,000
1
3,000
44
16,060
10
90,000
Private & Confidential
Page 208 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Khudjant) - TELECOMMUNICATIONS COSTS
Ref
Post
Code
Type
For
Comms Totals (US$)
LAN #
Router
Cost (US$)
#
Switch
Cost (US$)
#
Firewall
Cost (US$)
#
IPS
Cost (US$)
#
Comms Mobile
VPN
Cost (US$)
#
Cost (US$)
#
Comms/ Stationary
Cost (US$)
#
Cost (US$)
KHUDJANT REGION Unit Costs→
Regional Office 8
Dept of Control
Customs
76210
Regional Office Regional Office Comms Totals
4,000
3,500
11,000
12,000
3,000
365
9,000
76,300
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
20
7,300
2
18,000
76,300
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
20
7,300
2
18,000
Unit Costs→
Posts
14,000
400
500
1,000
0
12,000
3,000
365
9,000
9
Dept of Strategic Customs Control in Airport Khudjant
76212
Clearance
Air
12,360
1
400
1
500
1
1,000
1
0
0
0
0
0
4
1,460
1
9,000
10/1
G.Rosulov (Proletar)
76215
Clearance
Rail
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
76216
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
10/2
Madaniyat
11/1
Asht Customs Post
11/2
Navbunjod
11/3
Uzbek-Okjar
12/1
Nouv Customs Dept
12/2
Nouv
76217
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
Post
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
3
0
1
9,000
1,095
1
9,000
0
1
9,000
12/3
Plotina
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
12/4
Hashtjak
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
12/5
Farmon Kurgan
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
13/1
Mastchoh Customs Dept
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
1,095
1
9,000
13/2
Kuruksai
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
13/3
Fatehabad
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
14/1
Zafarabad Customs Dept
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
1,095
1
9,000
14/2
DEU-58
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
14/3
Zomin
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
14/4
Comsomol
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
15/1
Istravshan Customs Post
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
1,095
1
9,000
15/2
Havotag
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
Final Release
76218
76219
76220
Private & Confidential
3
3
3
Page 209 of 245
TA4451-TAJ
Ref
Post
Final Report
Code
Type
For
LAN
December 2006
Router
Switch
Firewall
IPS
Comms Mobile
VPN
Comms/ Stationary
Comms Totals (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
Cost (US$)
#
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
Cost (US$)
16/1
Kanibadam Customs Dept
16/2
Kanibadam
Post
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
16/3
Patar
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
16/4
Ravat
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
17/1
Isfara Customs Dept
Clearance
Rd+Rl
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
1,095
1
9,000
1
9,000
1
9,000
1,095
1
9,000
0
1
9,000
1,095
1
9,000
0
1
9,000
76221
76222
Clearance
Rd+Rl
3
9,000
17/2
Isfara-3
Post
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
17/3
Dahana
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
17/4
Batkent
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
17/5
Jakka Uruk
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
18/1
Pendjakent Customs Dept
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
18/2
Sarazm
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
Clearance
Rd+Rl
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
Clearance
Rd+Rl
9,000
0
0
0
0
0
0
0
0
0
0
0
0
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
324,305
12
4,800
12
6,000
12
12,000
12
0
0
0
0
0
37
13,505
32
288,000
400,605
13
8,800
13
20,000
14
19,000
13
11,000
1
12,000
1
3,000
57
20,805
34
306,000
19/1 19/2 19/3 20
Khudjant Customs Dept Customs Legal Group
76223
76225
Auchi Kalacha Terminal
76226
Posts Comms Totals KHUDJANT REGIONAL COMMS TOTALS
Final Release
Private & Confidential
0
0 3
3
0
Page 210 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Khatlon) - TELECOMMUNICATIONS COSTS
Ref
Post
Code
Type
For
Comms Totals (US$)
LAN #
Router
Cost (US$)
#
Switch
Cost (US$)
#
Firewall
Cost (US$)
#
IPS
Cost (US$)
#
Comms Mobile
VPN
Cost (US$)
#
Cost (US$)
#
Comms/ Stationary
Cost (US$)
#
Cost (US$)
KHATLON REGION Unit Costs→
Regional Office 21
Dept of Control
Customs
76230
Regional Office Regional Office Comms Totals
14,000
3,500
11,000
12,000
3,000
365
9,000
73,380
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
12
4,380
2
18,000
73,380
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
12
4,380
2
18,000
Unit Costs→
Posts 22
4,000
400
500
1,000
0
12,000
3,000
365
9,000
Kurgan Tube
76233
Clearance
Rd+Rl
12,725
1
400
1
500
1
1,000
1
0
0
0
0
0
5
1,825
1
9,000
23/1
Shartuze Customs Dept
76234
Clearance
Road
11,265
1
400
1
500
1
1,000
1
0
0
0
0
0
1
365
1
9,000
23/2
Ajvadj
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
23/3
Hoshadi
Post
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
23/4
Iskra
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
23/5
Strategic Group NajzaBulok
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
24/1
Kulab Customs Dept
76235
Rd/Rl/A
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
24/2
Airport Customs Post Kulab
76282
24/3
Kokul
25/1
Nijni Piange Customs Dept
25/2 25/3
Clearance
Air
11,630
1
400
1
500
1
1,000
1
0
0
0
0
0
2
730
1
9,000
Post
River
9,730
0
0
0
0
0
0
0
0
0
0
0
0
2
730
1
9,000
76270
Clearance
River
12,725
1
400
1
500
1
1,000
1
0
0
0
0
0
5
1,825
1
9,000
Kolhozobad
76237
Clearance
Rail
10,825
0
0
0
0
0
0
0
0
0
0
0
0
5
1,825
1
9,000
Javan
76238
Clearance
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
25/4
Vahsh
76239
Clearance
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
25/5
Sargazan
76271
Clearance
Rail
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
1
9,000
137,890
6
2,400
6
3,000
6
6,000
6
0
0
0
0
0
26
9,490
13
117,000
211,270
7
6,400
7
17,000
8
13,000
7
11,000
1
12,000
1
3,000
38
13,870
15
135,000
Terminal
Clearance
Clearance
Posts Comms Totals KHATLON REGIONAL COMMS TOTALS
Final Release
Private & Confidential
Page 211 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Badakhshon) - TELECOMMUNICATIONS COSTS
Ref
Post
Code
Type
For
Comms Totals (US$)
LAN #
Router
Cost (US$)
#
Switch
Cost (US$)
#
Firewall
Cost (US$)
#
IPS
Cost (US$)
#
Comms Mobile
VPN
Cost (US$)
#
Cost (US$)
#
Cost (US$)
Comms/ Stationary #
Cost (US$)
BADAKHSHON REGION Unit Costs→
Regional Office 26/1
Dept of Control
Customs
76240
Regional Office Regional Office Comms Totals
Tem
Post
Road
14,000
3,500
11,000
12,000
3,000
365
9,000
61,460
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
4
1,460
1
9,000
61,460
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
4
1,460
1
9,000
0
0
1
9,000
Unit Costs→
Posts 26/2
4,000
9,000
400 0
0
500 0
0
1,000 0
0
0
12,000 0
0
0
3,000
365
0
0
9,000
27
Darvaz
76241
Clearance
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
28
Ishkashim
76242
Clearance
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
29/1
Murgab Customs Dept
76243
Clearance
Road
11,995
1
400
1
500
1
1,000
1
0
0
0
0
0
1,095
1
9,000
29/2
Dept of Customs Control Terminal
Clearance
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
29/3
Kizil-Art
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
29/4
Kulma
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
65,995
1
400
1
500
1
1,000
1
0
0
0
0
0
3
1,095
7
63,000
127,455
2
4,400
2
14,500
3
8,000
2
11,000
1
12,000
1
3,000
7
2,555
8
72,000
Posts Comms Totals BADAKHSHON REGIONAL COMMS TOTALS
Final Release
Private & Confidential
3
Page 212 of 245
TA4451-TAJ
Final Report
December 2006
REGIONS & POSTS (Tursunzade) - TELECOMMUNICATIONS COSTS
Ref
Post
Code
Type
For
Comms Totals (US$)
LAN #
Router
Cost (US$)
#
Switch
Cost (US$)
#
Firewall
Cost (US$)
#
IPS
Cost (US$)
#
Comms Mobile
VPN
Cost (US$)
#
Cost (US$)
Comms/ Stationary
Cost (US$)
#
#
Cost (US$)
TURSUNZADE REGION Unit Costs→
Regional Office 30
Dept of Control
Customs
76250
Regional Office Regional Office Comms Totals
4,000
3,500
11,000
12,000
3,000
365
9,000
78,730
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
2
730
3
27,000
78,730
1
4,000
1
14,000
2
7,000
1
11,000
1
12,000
1
3,000
2
730
3
27,000
Unit Costs→
Posts
14,000
400
500
1,000
0
12,000
3,000
365
9,000
Tajik Aluminium Factory
76252
Clearance
Rail
9,365
0
0
0
0
0
0
0
0
0
0
0
0
1
365
1
9,000
32/1
Regar
76253
Clearance
Rail
10,900
1
400
1
500
1
1,000
1
0
0
0
0
0
0
0
1
9,000
32/2
Pahtaobad
Post
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
Clearance
Rail
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
31
33
Shahrinav (Cheptura Station)
34/1
Gizar Customs Dept
76255
Clearance
Rail
11,265
1
400
1
500
1
1,000
1
0
0
0
0
0
1
365
1
9,000
34/2
Customs Terminal
76256
Clearance
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
Post
Road
11,265
1
400
1
500
1
1,000
1
0
0
0
0
0
1
365
1
9,000
Post
Road
9,365
0
0
0
0
0
0
0
0
0
0
0
0
1
365
1
9,000
Post
Road
9,000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
9,000
Post
Road
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
88,160
3
1,200
3
1,500
3
3,000
3
0
0
0
0
0
4
1,460
9
81,000
166,890
4
5,200
4
15,500
5
10,000
4
11,000
1
12,000
1
3,000
6
2,190
12
108,000
362,520
5
20,000
5
70,000
10
35,000
5
55,000
5
60,000
5
15,000
48
17,520
10
90,000
712,160
28
11,200
28
14,000
28
28,000
28
0
0
0
0
0
104
37,960
69
621,000
1,074,680
33
31,200
33
84,000
38
63,000
33
55,000
5
60,000
5
15,000
152
55,480
79
711,000
35/1 35/2 35/3 35/4
Customs Post # 1 Bratstvo Customs Post # 3 Pravda Customs Post # 4 Mikojan Customs Post # 6 Komsomol /Namuna (Seasonal)
76254
Posts Comms Totals TURSUNZADE REGIONAL COMMS TOTALS REGIONAL OFFICE COMMS TOTALS POSTS COMMS TOTALS REGIONS & POSTS COMMS TOTALS
Final Release
Private & Confidential
Page 213 of 245
TA4451-TAJ
F.
Final Report
December 2006
Training Equipment Cost Estimates
Training Equipment Cost Estimates (US$) Place Dushanbe Training Institute
Type Equipment
Furniture
Training Material
Total Equipment Total Furniture Total Training Material Total
Final Release
Items Servers PCs Laptops Security (anti-virus) UPS Printers Scanners Various / Copiers LAN white-Board Bookcase Rostrum Desk Safe Projector/Screen Camera recorder TV Videotape
Unit Cost 15,000 800 1,800 70 100 350 100 700 350 100 250 60 135 230 2,000 800 300 300
Quantity 1 23 1 25 24 5 1 1 2 4 6 1 30 4 2 1 2 2
Overall Costs 15,000 18,400 1,800
Foreign Exchange 15,000 18,400 1,800 1,750
Local Currency 0 0 0 0
2,400 1,750 100 700 700 0 0 0 0 0 4,000 800 600 600 42,600 0
0 0 0 0 0 400 1,500 60 4,050 920 0 0 0 0 0 6,930
6,000
6,000
0
55,530
48,600
6,930
1,750 2,400 1,750 100 700 700 400 1,500 60 4,050 920 4,000 800 600 600 42,600 6,930
Private & Confidential
FC=1;LC=2 1 1 1 1 1 1 1 1 1 2 2 2 2 2 1 1 1 1
Page 214 of 245
TA4451-TAJ
G.
Final Report
December 2006
Summary of ICT Cost Estimate
Summary of ICT Costs Data Centre Disaster Recovery Centre Customs Div - System Customs Div - Telecommunications Regional Office and Border Posts - System Regional Office and Border PostsTelecommunications Training Eqpt Costs Total
Final Release
(US$) 1,733,495 711,000 151,965 4,380 389,740 1,074,680 55,530 4,120,790
Private & Confidential
Page 215 of 245
TA4451-TAJ
H.
Final Report
December 2006
Border Posts Civil Works Infrastructure Cost Estimate
Border Posts Civil Works Infrastructure Costs
№
Customs border posts and department Items
State of Customs Border Posts and Customs Offices and Necessary Arrangements
Reconstruction Priority
Start and Completion Date of Reconstruction
Reconstruc tion Cost in thousand Somoni
Reconstruc tion Cost in USD
The First
2006-2007
800,000
242,424
The First
III quarter of 20062007
500,000
151,515
The Second
2006
350,000
106,061
The Second
III quarter of 20062007
800,000
242,424
The Second
2006-2007
800,000
242,424
The Second
IY quarter of 20062007
150,000
45,455
The First and the Third
2006-2007
400,000
121,212
Sub-total
3,800,000
1,151,515
Sughd region 1
Customs Border Posts (CBP) “Sarazm” of Penjikent district
The Border Post was moved and Customs Border Post is inactive, so the reconstruction of new Customs Border post is needed
2
CBP “Patar ” of Konibodom district
The building is in normal condition, the construction of shelter, trench and scaffold bridge are needed
3
Office building of Customs Management (CM)
The Rehabilitation of building and extension have been implemented, the building extension is needed
4
CBP “Plotina” Spitamen district
In view of Border Post movement the reconstruction is needed
5
CBP “Batkent” Isfara district
The construction of new building for CBP is needed because Customs officers are working in a wagon
6
CBP in railway station “Nau” of Spitamen district
The construction of new building is needed
7
Final Release
CDs in Isfara, Mastchoh, Khujand, Penjikent, konibodom, Spitamen, Istaravshan, Zafarabad districts
Complete Office Renovation is needed
Private & Confidential
Page 216 of 245
TA4451-TAJ
Final Report
December 2006
Khatlon region 10 11
CBP “Nizhniy Pyandj” of Kumsangir district CBP “Kokul” of Farkhor district
The construction of new building is needed
12
Office building of MSRD RT Khatlon Customs Management
The building was rehabilitated, but dining and utility rooms need to be rehabilitated
13
Office building of Shaartuz Customs Departmnet
Rehabilitation and reconstruction are needed
The First
III quarter of 20072008
500,000
151,515
The First
IY quarter of 20072008
80,000
24,242
The Second
II quarter of 2006
160,000
48,485
The Second
IY quarter of 20062007
40,000
12,121
Sub-total
780,000
236,364
The First
2006
250,000
75,758
The First
2007
450,000
136,364
The First
2006
0
0
The Second
2006-2007
650,000
196,970
The Second
2006
250,000
75,758
Sub-total
1,600,000
484,848
Gorno-Badakhshan Autonomus region 15
Office building of Customs Management
In accordance with Government Regulation of RT it should be moved to new CM building “Badakhshonagroservice”
16
CBP “Kulma” of Murgab district
Should be constructed metallic structure for enlargement (4 items of gates and precast metallic structure were ordered
17
CBP “Kizil-Art” of Murgab district
The object was put into operation and should be constructed retaining walls
18
CBP “Langar” of Ishkashim district
In accordance with Government Regulation of RT the construction of new CBP is needed in border line between Tajikistan and Afghanistan structured a new CM building
19
Murgab Customs Border Post office
Rehabilitation and enlargement are needed
Dushanbe Customs Management
Final Release
Private & Confidential
Page 217 of 245
TA4451-TAJ
Final Report
20
CBP “Ainy”
In accordance with the letter of Customs Management the CBP should be moved to the building with the storage facilities near the railway station
21
CBP “Dushanbe-1”
The rehabilitation and enlargement were completed
22
CBP “Dushanbe-2”
The rehabilitation and enlargement were completed
December 2006
The First
2004
250,000
75,758
250,000
75,758
250,000
75,758
Sub-total
750,000
227,273
2006-2008
0
0
Sub-total
0
0
Tursunzade region 23
CBP of Pahtaabad railway station
There was chosen the new Site near the border for the construction. The new construction is needed.
The Second
Data Centre & Disaster Recovery Centre 24
Data Centre in Customs HQ
There was chosen the new Site near the border for the construction. The new construction is needed.
The Second
2006-2008
0
0
25
Disaster Recovery Centre in Dushanbe Regions
There was chosen the new Site near the border for the construction. The new construction is needed.
The Second
2006-2008
0
0
Sub-total TOTAL
Final Release
Private & Confidential
0 6,930,000
0 2,100,000
Page 218 of 245
TA4451-TAJ
I.
Final Report
December 2006
Border Post Customs Equipment Cost Estimate S/N
Customs Equipments
Unit Costs (US$)
Qty
Estimated Costs (US$)
7,500
4
30,000
REGION 1 : SUGHD
1
Generators
2
Control
120,000
1
120,000
3
Inspection
46,000
1
46,000
7,500
16
120,000
REGION 2 : KHATLON
1
Generators
2
Control
120,000
1
120,000
3
Inspection
46,000
1
46,000
7,500
7
52,500
REGION 3 : Gorno-Badakhshan
1
Generators
2
Control
120,000
1
120,000
3
Inspection
46,000
1
46,000
7,500
4
30,000
REGION 4 : Dushanbe
1
Generators
2
Control
120,000
1
120,000
3
Inspection
46,000
1
46,000
7,500
5
37,500
REGION 5 : Tursunzade
1
Generators
2
Control
120,000
1
120,000
3
Inspection
46,000
1
46,000
Total
Final Release
1,100,000
Private & Confidential
Page 219 of 245
TA4451-TAJ
J.
Final Report
December 2006
Total Border Post Rehabilitation and Civil Works Cost Estimate
Summary of Border Post Infrastructure Costs Category
Regions / Location
Border Post Physical Infrastructure Upgrading
Sughd Khatlon Gorno-Badakhshan Dushanbe Tursunzade
Site Preparation for Data Centre Site Preparation for Disaster Recovery Centre
Customs HQ
Customs Equipment
Sughd Khatlon Gorno-Badakhshan Dushanbe Tursunzade
1,151,515 236,364 484,848 227,273 0 0 0
Total Estimated Cost
Final Release
Estimated Costings (US$)
196,000 286,000 218,500 196,000 203,500 3,200,000
Private & Confidential
Page 220 of 245
TA4451-TAJ
K.
Final Report
December 2006
Change Management Cost Estimates
Provision of Change Management Costs
1
Change Readiness Survey
CDRT
1
-
No. of Participants per session 1000
2
Workshops and Seminars
CDRT / Ministries & Controlling Agencies / Trade & Logistics Community
10
2
50
50
25000
3
Observation and Study Tours Study Mission 1 (Singapore) Study Mission 2 (Philippines) Study Mission 3 (Thailand) Study Mission 3 (Korea) Study Mission 4 (Kazakhstan) Study Mission 5 (Kyrgyzstan) Study Mission 6 (Others)
1 1 1 1 1 1 1
5 5 5 5 5 5 5
5 5 5 5 5 5 5
4000 4000 4000 4000 2000 1500 1500
20000 20000 20000 20000 10000 7500 7500
Ad-hoc Ad-hoc
-
-
Lump-sum Lump-sum
0 10000
Ad-hoc Ad-hoc 5
-
-
5
-
Lump-sum Lump-sum 450
0 10000 11250
Total
171,250
S/N
4
Activity
Newsletters and Publications
Articles in Customs Newsletter CD RT Website Improvement & Updating Notices and Bulletins Brochures Exhibitions
Final Release
Participants
No. of Sessions
Duration (Days)
Unit Cost (US$)
Estimated Total Cost (US$)
10
10000
Selected CD Staff
CDRT / Ministries & Controlling Agencies / Trade & Logistics Community
Private & Confidential
Page 221 of 245
TA4451-TAJ
L.
Final Report
December 2006
Training Cost Estimate
S/N
1
2
Category
User Training
Technical Training
Activity
Types of Trainees
External Trainers
1.2 UAIS User Modules
Application Developers / Suppliers
2.1 System Administration
2.3 Database Management
2.4 Application Development
Trainee Size
Provision of ICT Training Costs All CD RT Staff 1000
1.1 Basic Computer Course
2.2 Network Management
Final Release
Provision by
Class Size
Number of Classes
Duration per Class (Days)
Cost per Student (US$)
Estimated Total Cost (US$)
20
50
5
50
50000
CD RT
500
20
25
5
200
100000
100
20
5
5
200
20000
300
20
15
3
200
60000
PMO
Ministries & Controlling Agencies Trade & Logistic Community CD RT
500
20
25
5
0
0
Suppliers
ICT Staff
12
6
2
10
500
6000
PMO
ICT Staff
12
6
2
5
0
0
External Trainers
ICT Staff
-
-
-
-
-
-
Vendor Attachment
ICT Staff
2
2
1
5
4000
8000
Suppliers
ICT Staff
12
6
2
10
500
6000
PMO
ICT Staff
12
6
2
5
0
0
External Trainers
ICT Staff
-
-
-
-
-
0
Suppliers
ICT Staff
5
5
1
5
500
2500
PMO
ICT Staff
-
-
-
-
-
-
External Trainers
ICT Staff
5
5
1
5
800
4000
Suppliers
ICT Development Staff
5
5
15
500
Private & Confidential
1
2500
Page 222 of 245
TA4451-TAJ
Final Report
PMO External Trainers
2.5 Quality Assurance & Security
External Trainers
ICT Development Staff ICT Development Staff ICT Quality Assurance Staff
December 2006
-
-
-
-
-
-
-
-
-
-
-
-
2
2
10
1000
1
2000
Provision of Customs Training Costs
3
Customs Management
Final Release
3.1 Risk Management Trainer Course
External Trainers (Train the Trainers Program)
CD RT
3.2 Risk Management Concept
Internal RM Trainers
CD RT
3.3 Post Clearance Audit Trainer Course
External Trainers (Train the Trainers Program)
CD RT
3.4 Post Clearance Audit
Internal PCA Trainers
CD RT
Private & Confidential
20
10
2
5
500
10000
1000
20
50
2
50
50000
20
10
2
5
500
10000
300
20
15
2
50
15000
Total
346,000
Page 223 of 245
TA4451-TAJ
M.
Final Report
December 2006
Summary of Cost for CM and Training
Summary of Change Management & Training Costs Category
Activities
Estimated Cost (US$)
Change Management
Change Readiness Survey Workshops and Seminars Observation and Study Tours Newsletters and Publications Sub-total
10000 25000 105000 31250 171250
Training Programs
User Training Technical Training Customs Management Training Sub-total
230000 31000 85000 346000
Total Estimated Cost
517,250
Final Release
Private & Confidential
Page 224 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX K IMPLEMENTATION PLAN OF UAIS
Final Release
Private & Confidential
Page 225 of 245
TA4451-TAJ
Final Report
APPENDIX K.
December 2006
IMPLEMENTATION PLAN OF UAIS
1
Year 1 (2007) 2 3
4
1
Year 2 (2008) 2 3
4
1
Year 3 (2009) 2 3
Component 1: Development of Information and Communication Technology (ICT) 1.1 Tender Process 1.1.1 Prepare Tender Specifications For Development of UAIS 1.1.2 Invite Tenders 1.1.3 Tender Evaluation and Award 1.2 Develop UAIS & Interface With Single Electronic Window (SEW) / Implementaion Plan/Hardware & Software Network Strategies 1.2.1 Finalize Systems Requirements With Selected Vendor 1.2.2 Prepare Preliminary Systems Design, Define Architecture 1.2.3 Produce Final Functional And Technical Specifications 1.2.4 Develop Core Components 1.2.5 Procure System Components And Hardware 1.2.6 User Acceptance Testing 1.2.7 Pilot Test 1.2.8 Systems Migration 1.2.9 Phase Implementation 1.2.10 Systems Warranty Period 1.2.11 Systems Maintenance 1.3 Development of Communication Infrastructure 1.3.1 Review Existing Communication Infrastructure/ Local Area Network (LAN) Wide Area Network (WAN) /Virtual Private Network (VPN) 1.3.2 Design Network 1.3.3 Implement Network and install Communication Hardware and Software for HQ, Regional Office and Priority Border Post 1.3.4 Implement Network and Install Communication Hardware & Software for non-Priority Border Post 1.3.5 Interface Inter-Agency and External Agency Network 1.3.6 Maintenance And Operations Of Communication Infrastructure Final Release
Private & Confidential
Page 226 of 245
TA4451-TAJ
Final Report
December 2006
Private & Confidential
Page 227 of 245
Component 2: Infrastructure Development 2.1 Site Preparation of Data Centre (DC) & Disaster Recover Centre (DRC) 2.1.1 Review Infrastructure Requirements for DC 2.1.2 Review Infrastructure Requirements for DRC 2.1.3 Prepare of Technical Specifications for Tender 2.1.4 Prepare Bidding Documents for Tender 2.1.5 Invite Tender 2.1.6 Tender Evaluation and Award 2.1.7 Finalize Infrastructure Requirements With Selected Vendor 2.1.8 Conduct Renovation and Construction of DC 2.1.9 Conduct Renovation and Construction of DRC 2.1.10 Equip DC and DRC with ICT Equipments 2.1.11 Acceptance and Sign-off 2.2 Improvement of Customs Border-Posts and Facilities 2.2.1 Review of Priority Border Posts 2.2.2 Review Infrastructure Needs and Requirements for Border Posts 2.2.3 Prepare Technical Specifications for Tender 2.2.4 Prepare Bidding Documents for Tender 2.2.5 Invite Tender 2.2.6 Tender Evaluation and Award 2.2.7 Finalize Infrastructure Requirements With Selected Vendor 2.2.8 Conduct Renovation and Construction of Priority Border Posts 2.2.9 Conduct Renovation and Construction of non-Priority Border Posts 2.2.10 Equip renovated border posts with ICT Equipments 2.2.11 Acceptance and Sign-off 2.3 Provisions of Customs Operations and Anti-smuggling Equipment 2.3.1 Review of Priority Border Posts 2.3.2 Prepare of Technical Specifications for Tender 2.3.3 Prepare Bidding Documents for Tender 2.3.4 Invite Tender Final Release
TA4451-TAJ
2.3.5 2.3.6 Vendor 2.3.7 2.3.8
Final Report
December 2006
Tender Evaluation and Award Finalize Customs Equipment Requirements With Selected Equip renovated border posts with Customs Equipments Acceptance and Sign-off
Component 3 : Change Mangement and Training 3.1 Prepare and finalize Change Management Plan 3.2 Implement Change Management Programs 3.2.1 Change Readiness Survey 3.2.2 Workshops and Seminars 3.2.3 Observation and Study Tours 3.2.4 Visitor Programs 3.2.5 Newletters and Publications 3.3 Implement User Training Programs 3.3.1 Basic Computer Course 3.3.2 UAIS User Modules Training 3.4 Implement Technical Training Programs 3.4.1 System Administration Training 3.4.2 Network Management Training 3.4.3 Database Management Training 3.4.4 Application Development Training 3.4.5 Quality Assurance & Security Training 3.5 Implement Customs Management Training Programs
1
Year 4 (2010) 2 3
Year 5 4
1
2
Component 1: Development of Information and Communication Technology (ICT) 1.1 Tender Process 1.1.1 Prepare Tender Specifications For Development of UAIS 1.1.2 Invite Tenders 1.1.3 Tender Evaluation and Award 1.2 Develop UAIS & Interface With Single Electronic Window (SEW) /
Final Release
Private & Confidential
Page 228 of 245
TA4451-TAJ
Final Report
December 2006
Implementaion Plan/Hardware & Software Network Strategies 1.2.1 Finalize Systems Requirements With Selected Vendor 1.2.2 Prepare Preliminary Systems Design, Define Architecture 1.2.3 Produce Final Functional And Technical Specifications 1.2.4 Develop Core Components 1.2.5 Procure System Components And Hardware 1.2.6 User Acceptance Testing 1.2.7 Pilot Test 1.2.8 Systems Migration 1.2.9 Phase Implementation 1.2.10 Systems Warranty Period 1.2.11 Systems Maintenance 1.3 Development of Communication Infrastructure 1.3.1 Review Existing Communication Infrastructure/ Local Area Network (LAN) Wide Area Network (WAN) /Virtual Private Network (VPN) 1.3.2 Design Network 1.3.3 Implement Network and install Communication Hardware and Software for HQ, Regional Office and Priority Border Post 1.3.4 Implement Network and Install Communication Hardware & Software for non-Priority Border Post 1.3.5 1.3.6
Interface Inter-Agency and External Agency Network Maintenance And Operations Of Communication Infrastructure
Component 2: Infrastructure Development 2.1 Site Preparation of Data Centre (DC) & Disaster Recover Centre (DRC) 2.1.1 Review Infrastructure Requirements for DC 2.1.2 Review Infrastructure Requirements for DRC 2.1.3 Prepare of Technical Specifications for Tender 2.1.4 Prepare Bidding Documents for Tender 2.1.5 Invite Tender 2.1.6 Tender Evaluation and Award 2.1.7 Finalize Infrastructure Requirements With Selected Vendor 2.1.8 Conduct Renovation and Construction of DC
Final Release
Private & Confidential
Page 229 of 245
TA4451-TAJ
Final Report
December 2006
Private & Confidential
Page 230 of 245
2.1.9 Conduct Renovation and Construction of DRC 2.1.10 Equip DC and DRC with ICT Equipments 2.1.11 Acceptance and Sign-off 2.2 Improvement of Customs Border-Posts and Facilities 2.2.1 Review of Priority Border Posts 2.2.2 Review Infrastructure Needs and Requirements for Border Posts 2.2.3 Prepare Technical Specifications for Tender 2.2.4 Prepare Bidding Documents for Tender 2.2.5 Invite Tender 2.2.6 Tender Evaluation and Award 2.2.7 Finalize Infrastructure Requirements With Selected Vendor 2.2.8 Conduct Renovation and Construction of Priority Border Posts 2.2.9 Conduct Renovation and Construction of non-Priority Border Posts 2.2.10 Equip renovated border posts with ICT Equipments 2.2.11 Acceptance and Sign-off 2.3 Provisions of Customs Operations and Anti-smuggling Equipment 2.3.1 Review of Priority Border Posts 2.3.2 Prepare of Technical Specifications for Tender 2.3.3 Prepare Bidding Documents for Tender 2.3.4 Invite Tender 2.3.5 Tender Evaluation and Award 2.3.6 Finalize Customs Equipment Requirements With Selected Vendor 2.3.7 Equip renovated border posts with Customs Equipments 2.3.8 Acceptance and Sign-off Component 3 : Change Mangement and Training 3.1 Prepare and finalize Change Management Plan 3.2 Implement Change Management Programs 3.2.1 Change Readiness Survey 3.2.2 Workshops and Seminars 3.2.3 Observation and Study Tours 3.2.4 Visitor Programs 3.2.5 Newletters and Publications 3.3 Implement User Training Programs Final Release
TA4451-TAJ
Final Report
December 2006
Private & Confidential
Page 231 of 245
3.3.1 Basic Computer Course 3.3.2 UAIS User Modules Training 3.4 Implement Technical Training Programs 3.4.1 System Administration Training 3.4.2 Network Management Training 3.4.3 Database Management Training 3.4.4 Application Development Training 3.4.5 Quality Assurance & Security Training 3.5 Implement Customs Management Training Programs
Final Release
TA4451-TAJ
Final Report
December 2006
APPENDIX L CUSTOMS TRADE STATISTICS (2005)
Final Release
Private & Confidential
Page 232 of 245
TA4451-TAJ
Final Report
APPENDIX L.
December 2006
CUSTOMS TRADE STATISTICS (2005)
TAJIKISTAN IMPORT AND EXPORT STATISTICS (2005)
EXPORT DECLARATIONS
LOCATION Customs
Name of Post
Code 200 201 202 203
206 207 260 280
No. of
% of Total
No. of
% of Total
Total No of
% of Total
Declarations
Declarations
Declarations
Declarations
Trade
Import/Export
At Post
Declarations
Declarations
Location
Dushanbe
Regional Office
425
14.44%
2,519
85.56%
2,944
5.53%
98.13
Dushanbe
Regional Office Airport
2
7.69%
24
92.31%
26
0.05%
0.87
114
7.00%
1,515
93.00%
1,629
3.06%
54.30
33
2.01%
1,609
97.99%
1,642
3.08%
54.73
Dushanbe Dushanbe
Dushanbe-1
Dushanbe Dushanbe
Dushanbe-2 Terminal
Dushanbe
Ainy
Dushanbe
Kafarnigan
Dushanbe
Jirgital SUB-TOTAL FOR DUSHANBE
Final Release
At Post
No of Declarations per day
Regional Office
204 205
IMPORT DECLARATIONS
36
7.53%
442
92.47%
478
0.90%
15.93
52
1.19%
4,313
98.81%
4,365
8.20%
145.50
75
4.21%
1,707
95.79%
1,782
3.35%
59.40
2
0.20%
984
99.80%
986
1.85%
32.87
21
3.87%
521
96.13%
542
1.02%
18.07
2
0.27%
728
99.73%
730
1.37%
24.33
15,124
28.39%
504.13
762
14,362
Private & Confidential
Page 233 of 245
TA4451-TAJ
Final Report
EXPORT DECLARATIONS
LOCATION Customs
Name of Post
Code 212 215 216
Regional Office Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd)
217
218 219 220 221 222 223 225 226
Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd)
IMPORT DECLARATIONS
No. of
% of Total
No. of
% of Total
Total No of
% of Total
Declarations
Declarations
Declarations
Declarations
Trade
Import/Export
At Post
Declarations
Declarations
Location
At Post
No of Declarations per day
55
20.52%
213
79.48%
268
0.50%
8.93
Jabor Rasulov / Madaniyat
807
59.38%
552
40.62%
1,359
2.55%
45.30
Asht District/Navbunyod/Uzbek-Okjar Nau district/«Platina/Hashtyak/FarmonKurgan Matcho district/Kuruksai» /Fatehabad» in Zafarabad /DEU – 58/Zoamin/Comsomol
166
43.92%
212
56.08%
378
0.71%
12.60
160
6.66%
2,243
93.34%
2,403
4.51%
80.10
12
0.33%
3,622
99.67%
3,634
6.82%
121.13
-
0.00%
18
100.00%
18
0.03%
0.60
2
0.87%
229
99.13%
231
0.43%
7.70
446
56.10%
349
43.90%
795
1.49%
26.50
613
33.37%
1,224
66.63%
1,837
3.45%
61.23
47
21.86%
168
78.14%
215
0.40%
7.17
1,250
30.03%
2,912
69.97%
4,162
7.81%
138.73
Khujand airport
in Istraushan district/«Havotag Kanibadam district/Kanibadam/«Patar/Ravat» Isfara district/«Isfara3/Dahana»/Batkent»/Yaka-Uruk Penjikent district/Yaka-Uruk Khojent district/Auchy- Kalacha Terminal
227 SUB-TOTAL FOR LENINABAD (SUGD)
Final Release
December 2006
7
0.86%
804
99.14%
811
1.52%
27.03
6
0.08%
7,955
99.92%
7,961
14.95%
265.37
24,072
45.19%
802.40
3,571
20,501
Private & Confidential
Page 234 of 245
TA4451-TAJ
Final Report
EXPORT DECLARATIONS
LOCATION Customs
Name of Post
Code Regional Office 230
Khatlon
Location Regional office
232 233
Khatlon Khatlon
in Kurgantube Shaartuz district /«Aivaj/«Hoshadi/Iskra» /Naiza-Bulok
Khatlon
in Kulyab/Kulyab airport
234 235 236 237 238 239 270 271 282
241 242 243
IMPORT DECLARATIONS
No. of
% of Total
No. of
% of Total
Total No of
% of Total
Declarations
Declarations
Declarations
Declarations
Trade
Import/Export
At Post
Declarations
Declarations
At Post
No of Declarations per day
71
31.56%
154
68.44%
225
0.42%
7.50
40
27.40%
106
72.60%
146
0.27%
4.87
484
44.32%
608
55.68%
1,092
2.05%
36.40
59
100.00%
-
0.00%
59
0.11%
1.97
31
52.54%
28
47.46%
59
0.11%
1.97
57
51.82%
53
48.18%
110
0.21%
3.67
Khatlon
Kolhozabad
83
31.56%
180
68.44%
263
0.49%
8.77
Khatlon
Yavan
72
38.50%
115
61.50%
187
0.35%
6.23
Khatlon
Vahsh
69
34.50%
131
65.50%
200
0.38%
6.67
Khatlon
Pyanj
367
45.48%
440
54.52%
807
1.52%
26.90
Khatlon
Sargazon
64
25.20%
190
74.80%
254
0.48%
8.47
Khatlon
Kokul
31
23.48%
101
76.52%
132
0.25%
4.40
3,534
6.63%
117.80
SUB-TOTAL FOR KHATLON 240
December 2006
GornoBadakshan GornoBadakshan Gorno Badakshan Gorno Badakshan
2,106
Tem 140
29.29%
338
70.71%
478
0.90%
15.93
Darvaz
20
100.00%
-
0.00%
20
0.04%
0.67
Ishkashim
-
0.00%
1
100.00%
1
0.00%
0.03
Murgab district/Kisil-Art/Kulma
17
14.41%
101
85.59%
118
0.22%
3.93
-
0.00%
90
100.00%
90
0.17%
3.00
707
1.33%
23.57
244 SUB-TOTAL FOR GORNOBADAKHSHAN
Final Release
1,428
177
530
Private & Confidential
Page 235 of 245
TA4451-TAJ
Final Report
EXPORT DECLARATIONS
LOCATION Customs
Name of Post
Code Regional Office 250
Tursunzade
Location Regional Office
251 252 253 254 255
IMPORT DECLARATIONS
No. of
% of Total
No. of
% of Total
Total No of
% of Total
Declarations
Declarations
Declarations
Declarations
Trade
Import/Export
At Post
Declarations
Declarations
At Post
No of Declarations per day
57
16.67%
285
83.33%
342
0.64%
11.40
-
0.00%
1,491
100.00%
1,491
2.80%
49.70
Tursunzade
TADAZ
843
37.19%
1,424
62.81%
2,267
4.26%
75.57
Tursunzade
Regar
39
5.03%
736
94.97%
775
1.46%
25.83
Tursunzade
Shahrinau
7
1.37%
505
98.63%
512
0.96%
17.07
Tursunzade
Gissar
111
3.97%
2,685
96.03%
2,796
5.25%
93.20
11
0.72%
1,519
99.28%
1,530
2.87%
51.00
9,713
18.24%
323.77
256 SUB-TOTAL FOR TURZUNZADE 283 290
December 2006
Independent
Total
Final Release
Energy Customs
1,068
8,645
6
10.00%
54
90.00%
60
0.11%
2.00
20
37.04%
34
62.96%
54
0.10%
1.80
7,032
46,232
Private & Confidential
53,264
Page 236 of 245
TA4451-TAJ
Final Report
December 2006
APPENDIX M PILOT TESTING
Final Release
Private & Confidential
Page 237 of 245
TA4451-TAJ
Final Report
APPENDIX M.
December 2006
PILOT TEST
A.
Introduction
1
Despite being called a “test”, a pilot is not a functionality test of the system, but it is a carefully planned small scale deployment and rollout of the UAIS.
2
The pilot test of the UAIS is a very important process that requires careful planning and good execution. The main purpose of a pilot is to demonstrate that the UAIS software, hardware, and the network infrastructure work as expected, and that they meet CD RT’s work requirements. A successful pilot reduces the risk during full-scale deployment.
3
The pilot test is also to make sure that the telecommunications and Border Post infrastructure of Tajikistan can support the UAIS operation between the Border Posts, Regional Offices, and the Customs HQ.
4
The pilot test is proposed to last at least 3 months, involving Dushanbe Region (10 border posts) and Sughd Region (15 border posts). According to latest Customs Statistics gathered for 2005 and 2006 (over 6 months), Dushanbe and Sughd regions account for around 70 percent of Customs declarations. During the test, live data will be used in the transactions and it is expected that only if the pilot testing is deemed successful, will the phased implementation to other regions be carried out. The system warranty period will only begin after the pilot testing is successful.
B.
Objectives
5
The main objectives of the pilot test is as follows: a. b. c. d. e. f. g.
Final Release
To minimize the risk of encountering problems in later full-scale deployment of UAIS. To rehearse and refine the UAIS roll-out and deployment process on a smaller scale. To ensure that the UAIS software is able to scale upwards. To ensure that the UAIS hardware and infrastructure can support CD RT under normal working condition. To determine whether there is a need to make last minute changes to the system. To determine the readiness of CD RT in UAIS implementation. To seek out any pit-falls or weakness in the System.
Private & Confidential
Page 238 of 245
TA4451-TAJ
Final Report
December 2006
C.
Pilot Testing Process
6
The diagram below shows the process that pilot testing will follow:
7
Three teams need to be formed for the pilot: the Pilot Design Team, the Pilot Deployment Team and the Pilot Users.
Final Release
Private & Confidential
Page 239 of 245
TA4451-TAJ
Final Report
December 2006
8
The Pilot Design Team is a working group formed by the UAIS vendor, CD RT, and perhaps includes a public sector organization like the Tajikistan Brokers Association. The team has to be formed at the start of the Customs Modernization exercise. The main task of the team is to define the pilot scope, test scenarios, and the detail pilot plan.
9
The Pilot Deployment Team consists of personnel from the UAIS vendor. The main task of the team is to setup and deploy the UAIS software and hardware according to the project scope and plan.
10
The Pilot Users are the CD RT officers across all the pilot test sites. The main task of these users is to use the UAIS in their daily work.
11
Pilot releases generally happen in succession. For example, the test UAIS deployment is limited to a few pilot test sites and users. Feedback from these users is then used to evaluate the results and resolve issues that arise. The vendor then deploy an updated release of the pilot, and repeat this process until the release team decides that CD RT is ready for a full deployment.
12
During the pilot testing period, the UAIS would be running in parallel with the CD RT existing system. The existing system is stopped only when the pilot is deemed successful.
13
The UAIS will eventually be deployed throughout the country. Because of the wide geographical distance between the Border Posts, Regional Offices, and Customs HQ, it is necessary that the pilot testing includes telecommunications equipment and network.
14
The pilot will be conducted after the User Acceptance Testing, using live data. There will be three months period of parallel run of new UAIS system and the current manual system before the cutover to the new system.
D.
Pre-requisite for Pilot
15
Prepare the pilot sites: The detail of all proposed pilot sites has to be identified and the pilot users trained.
16
Infrastructure setup: The infrastructure of border posts involved in the pilot testing (Dushanbe and Sughd) regions should be completed before pilot testing begins. All the necessary IT, telecommunication equipment and network are installed in the 2 regions and border posts before pilot testing can commence. The vendor shall prepare a rollout plan for deploying the servers and preparing systems for the pilot test.
17
UAIS setup: All components of the UAIS software will be delivered to Customs prior to the commencement of pilot testing. Subsequently, any changes to this delivered software will be subjected to the change control management as defined in the Quality Plan.
18
Bug defect tracking tool setup: The pilot testing involve users in HQ, regional offices and border posts, spread across wide geographical area. It is essential to provide a mechanism, for allowing users to provide a central repository for constant feedback on the defects encountered during testing to the pilot testing committee. The vendor shall provide a web-based bug defect tracking tool.
Final Release
Private & Confidential
Page 240 of 245
TA4451-TAJ
Final Report
December 2006
19
Data migration and setup of code tables: As the pilot testing involves live data, it is necessary to ensure all the necessary data such as code tables, for example the harmonized codes, are migrated or entered in the UAIS. The vendor shall prepare a data migration plan.
20
Installation test: The vendor will undertake to certify that the Installation Tests prior to pilot test commencement conforms to the manufacturer's specifications and the specifications stated in the contract.
21
Required documents: The following set of documents is recommended for a successful pilot -
22
•
A Training Plan that describes what the pilot users need to know before they begin the pilot. To include details on training for the support and operations teams in addition to the pilot participants.
•
A Support Plan that describes how problems that arise for users during the pilot will be resolved. The support plan identifies who will provide support for pilot participants and states the level of service that the support team needs to provide during the pilot. Finally, the support plan should describe how users can report problems to the team.
•
A Communication Plan that explains how pilot users will be informed about what is happening in the project.
•
An Evaluation Plan that describes how the Pilot Design Team will obtain feedback from the Pilot Deployment Team and the Pilot Users. The plan should define the process the Design Team plan to use to solicit feedback from participants and the team, the types of questions the evaluation will ask, and the review process. Finally, it has to state who is responsible for making the decision about whether to proceed with the pilot.
•
A Risk and Contingency Plan that describes potential risk factors and the plan to assess and diffuse them. These are risk factors that could prevent the pilot from being deployed successfully. For example, risks might include required hardware or software being unavailable or pilot users not being available, or needing additional training. By properly addressing risk factors, the likelihood of encountering those same problems when UAIS is deployed into production environment is reduced.
•
A Backup and Recovery Plan that establishes guidelines and procedures to prevent problems that might cause data loss or interruptions to CD RT’s operations, and to allow recovery as quickly as possible if such events do occur.
•
A Schedule that includes milestones at which the Pilot Design Team can evaluate and make necessary changes to the pilot. This is one of the earliest pilot planning activities, and it’s often included in the master project schedule. It includes schedules for planning the pilot, training, upgrading hardware, deploying the pilot, testing by pilot participants, and evaluating the pilot.
Prepare the Pilot Users: The following table shows the system and the corresponding people involve in the pilot test.
Final Release
Private & Confidential
Page 241 of 245
TA4451-TAJ
Final Report
Core Systems
December 2006
CD RT Division
Users
1
Manifest Control
•
Customs Declaration & Security Deposit Sub Division at HQ and Regional Offices
• • •
Terminal operators Freight forwarders Carriers
2
Declaration Control
• •
Border Post Officers Customs Declaration & Security Deposit Sub Division at HQ and Regional Offices
• • •
Customs brokers Specialists Banks
3
Warehouse Control
•
Customs Warehousing Sub Division at HQ and Regional Offices
•
Private warehouse operators
Subsystems
CD RT Division
Users
1
Registration
•
•
2
Administration
•
•
3
Tariff Nomenclature •
4
Valuation
•
Goods Classification and Non-tariff Regulation Sub Division Valuation Regulations Sub Division
•
•
Customs Conditions 6 Post-Clearance 7 Customs Offence 8 Duty Payment 9 Fees and Billing 10 Security Deposit 11 Currency Control
•
•
• • • • • •
• • • • • •
12 Excise Control 13 Risk Management And Intelligence 14 Customs Statistics
• •
5
Final Release
•
Goods Classification and Non-tariff Regulation Sub Division Anti-Smuggling Division Statistics Division at Customs HQ
Private & Confidential
External UAIS users Customs UAIS users
• • • •
CD RT Ministry of Finance Page 242 of 245
TA4451-TAJ
Final Report
December 2006
•
Other Ministries
E.
Recommended Pilot scenarios
23
Pilot rollout scenarios have to be part of the overall deployment plan to the pilot sites. The sequence of rollout is recommended as follows: h.
Customs HQ pilot deployment and rollout The UAIS will be released to the Customs HQ users. This means that the UAIS Subsystems will go “live”. All CD RT Divisions will begin to use all the Subsystems in their daily job.
i.
Regional Office pilot deployment and rollout The UAIS will be released to the Dushanbe and Sughd Regional Offices. The pilot users at Regional Offices will begin to use the Subsystems in their daily job.
j.
Border Post pilot deployment and rollout The UAIS will be released to the major border posts in the Dushanbe and Sughd region. The pilot users at these border posts will begin to use the Core Systems in their daily job.
k.
End-user pilot deployment and rollout The UAIS will be released to the participating Customs Brokers, Carriers, and Warehouse Operators in the Dushanbe and Sughd region. These pilot users will begin to use the Core Systems in their daily job.
24
Once the above rollout is achieved, major pilot scenarios can be conducted by the pilot users, and the result observed.
25
Two examples of a pilot scenarios are: l.
Import of cargo by air a) b) c) d) e) f) g) h) i) j) k) l)
m. Final Release
Airline operator submits manifest to UAIS using Manifest clientsoftware Manifest Control System receives the manifest at Customs HQ Manifest Control System validates and check for risk Manifest Control System clears the manifest Importer submits Customs declaration using Declaration Control client-software Declaration Control System receives declaration and performs validity checks Declaration Control System approves the declaration Importer prints hard-copy of Customs declaration with bar-code Importer presents Customs permit with supporting trade documents Border Post officer reads bar-code Border Post officer receives examination alert if needed Cargo released
Movement of cargo to a Warehouse Private & Confidential
Page 243 of 245
TA4451-TAJ
Final Report
a) b) c) d) e) f) g) h) i) j) k)
December 2006
Importer selects warehouse regime through Customs Control clientsoftware Importer presents Customs permit at point of release Customs seals consignment Consignment is moved to warehouse –point of receipt Warehouse Operator receives consignment Warehouse Operator enters details to Warehouse Control clientsoftware Warehouse Operator requests for Customs service Customs inspects consignment Consignment moved into allocated lot position Warehouse Operator enters details to Warehouse Control clientsoftware when goods are released Warehouse Operator submit monthly report on inventory kept at warehouse
F.
Deployment and Evaluating the Pilot
26
The deployment of the UAIS to the pilot sites has to be done by the Pilot Deployment Team.
27
The problems uncovered by Pilot Users and the Deployment Team are reviewed, prioritized, and fixed according to procedures outlined in the pilot plan. Problems can be resolved by further development, by documenting resolutions and workarounds for the installation teams and support staff, or by incorporating the resolution or workaround as supplemental material in training courses. As the Pilot Design Team receives feedback, they will need to assess problems that pose a risk to the overall project. Specifically, they should look for situations that might result in scope changes, cost increases, interoperability problems, and unanticipated downtime.
28
When the pilot is completed, data collected, and participant feedback evaluated, the Pilot Design Team must next decide how to proceed based on whether the pilot meets the success criteria previously defined. After evaluating the success of the pilot, one of the following options has to be chosen: •
Roll back the pilot. When the pilot is not completely successful, there might be a need to roll back the pilot to the configuration used before the pilot began, clean up the data, and redeploy the pilot so that the pilot users can continue with their work. A rollback might be required for a number of reasons, such as when the production environment contains invalid data or when production configurations and settings cause problems with the real deployment.
•
Suspend the pilot. If the pilot is not successful and issues cannot be resolved easily, suspend the entire pilot, halting all pilot testing until the issues have been resolved and the pilot can be redeployed. This requires rolling the pilot back to the configuration used before the pilot began.
•
Patch the pilot and continue. If the pilot is partially successful, with a few problem raised that are easily fixed, issue the same pilot user a "patch" to fix existing problem.
•
Proceed to the production deployment phase. If the pilot is deemed successful and ready for production, plans for full deployment should proceed.
Final Release
Private & Confidential
Page 244 of 245
TA4451-TAJ
Final Release
Final Report
Private & Confidential
December 2006
Page 245 of 245