Capacity Building and Institutional Strengthening for the Customs [PDF]

Information System (UAIS) will require CD RT to consider and employ the following recommendations ... The emphasis would

7 downloads 9 Views 2MB Size

Recommend Stories


Strengthening Institutional Capacity
Just as there is no loss of basic energy in the universe, so no thought or action is without its effects,

Capacity-building and Strengthening of Livestock Production
Never wish them pain. That's not who you are. If they caused you pain, they must have pain inside. Wish

Cost-benefit analysis for identifying institutional capacity building
How wonderful it is that nobody need wait a single moment before starting to improve the world. Anne

ICRA's Capacity Strengthening Programmes
Seek knowledge from cradle to the grave. Prophet Muhammad (Peace be upon him)

Political Motivation and institutional capacity
We can't help everyone, but everyone can help someone. Ronald Reagan

institutional capacity and climate actions
Raise your words, not voice. It is rain that grows flowers, not thunder. Rumi

Accounting Change and Institutional Capacity
Your big opportunity may be right where you are now. Napoleon Hill

Outreach and Capacity-Building
When you talk, you are only repeating what you already know. But if you listen, you may learn something

Idea Transcript


Technical Assistance Consultant’s Report

Technical Assistance Consultant’s Report Draft Final Report Project Number: TA4451-TAJ December 2006

TAJIKISTAN: CAPACITY BUILDING AND INSTITUTIONAL STRENGTHENING FOR THE CUSTOMS MODERNIZATION AND INFRASTRUCTURE DEVELOPMENT PROJECT

Prepared by

Crimsonlogic Pte Ltd; International Trade Institute of Singapore Pte Ltd; and Local Consultants

For

Customs Service Department, Republic of Tajikistan

This consultant’s report does not necessarily reflect the views of ADB or the Government concerned, and ADB and the Government cannot be held liable for its contents. (For project preparatory technical assistance: All the views expressed herein may not be incorporated into the proposed project’s design.)

TA4451-TAJ

Final Report

December 2006

TABLE OF CONTENTS I.

EXECUTIVE SUMMARY ............................................................................................................... 6

II.

INTRODUCTION...................................................................................................................... 10

H

H

H

H

III. ASSESSMENT AND REVIEW OF CUSTOMS & TRADE FACILITATION INFRASTRUCTURE ............................................................................................................................ 11 H

H

A. B. C. D. H

H

H

H

IV. H

A. B. C. D. E. F. G. H. I. J. K. L. M. N. O. P. Q. R. H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

V.

LIMITATIONS OF THE PRESENT SYSTEM ....................................................................................... INADEQUACY OF THE CUSTOMS STATIONS AND BORDER POSTS INFRASTRUCTURE ........................ ASSESSMENT OF THE LEGAL FRAMEWORK AND CUSTOMS PROCESSES AND PROCEDURES ............ EXPERIENCE OF OTHER COUNTRIES .............................................................................................

11 12 12 14 H

H

H

H

PROPOSED CUSTOM PROCEDURES AND WORKFLOW.................................................. 15 H

BUSINESS PROCESS REENGINEERING ......................................................................................... REGISTRATION FOR THE TRADE COMMUNITY UNDER A REGISTRATION SUBSYSTEM ..................... REGISTRATION FOR OTHER USERS UNDER AN ADMINISTRATION SUBSYSTEM ............................... MANIFEST CONTROL ................................................................................................................... DECLARATION CONTROL SUBSYSTEM .......................................................................................... THE WAREHOUSING CONTROL SUBSYSTEM (WCS) ..................................................................... THE EXCISE CONTROL SUBSYSTEM ............................................................................................. THE TARIFF NOMENCLATURE SUBSYSTEM ................................................................................... VALUATION SUBSYSTEM ............................................................................................................. CUSTOMS CONDITIONS SUBSYSTEM ............................................................................................ DUTY PAYMENT SUBSYSTEM....................................................................................................... FEES AND BILLING SYSTEM SUBSYSTEM ...................................................................................... CUSTOMS STATISTICS SUBSYSTEM ............................................................................................. SECURITY DEPOSIT SUBSYSTEM ................................................................................................. RISK MANAGEMENT SYSTEM ....................................................................................................... CUSTOMS OFFENCE SYSTEM ...................................................................................................... THE TRAVELERS MANAGEMENT SYSTEM ..................................................................................... CONCLUSION ..............................................................................................................................

15 15 17 17 19 22 22 23 23 23 23 24 24 24 25 25 25 26 H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

INTER-AGENCY COORDINATION ........................................................................................ 27

H

H

A. H

VI. H

A. B. C. D. E. H

H

H

H

H

VII. H

A. B. C. D. H

H

H

H

INTER-AGENCY COOPERATION AND COORDINATION...................................................................... 27 H

UNIFIED AUTOMATED INFORMATION SYSTEM (UAIS) .................................................... 28 H

OBJECTIVE OF UAIS................................................................................................................... DESIGN CONSIDERATION OF UAIS .............................................................................................. UAIS TECHNOLOGY ................................................................................................................... UAIS ARCHITECTURE ................................................................................................................. UAIS OVERVIEW ........................................................................................................................

28 28 30 31 34 H

H

H

H

H

IT INFRASTRUCTURE AND NETWORK FOR UAIS ............................................................. 41 H

INTRODUCTION ........................................................................................................................... ASSESSMENT OF CURRENT ICT INFRASTRUCTURE ....................................................................... STEPS FOR UAIS SETUP ............................................................................................................. GENERAL REQUIREMENTS ..........................................................................................................

41 41 41 51 H

H

H

H

VIII.

QUALITY ASSURANCE AND SECURITY REQUIREMENTS OF UAIS .......................... 52

A. B.

QUALITY ASSURANCE ................................................................................................................. 52 SECURITY REQUIREMENTS .......................................................................................................... 54

H

H

H

H

H

H

IX.

PROPOSAL FOR THE REORGANISATION OF THE CD RT................................................ 60

X.

PROPOSED INFRASTRUCTURE REHABILITATION ........................................................... 62

XI.

CHANGE MANAGEMENT & TRAINING ................................................................................ 64

H

H

H

H

H

A. B. C. H

H

H

H

OBJECTIVES ............................................................................................................................... 64 PROPOSED CHANGE MANAGEMENT PLAN .................................................................................... 64 DISSEMINATION OF INFORMATION ................................................................................................ 65

Final Release

H

H

H

Private & Confidential

Table of Content

TA4451-TAJ

D. E. F. H

H

H

XII. H

A. B. C. D. E. F. G. H. H

H

H

H

H

H

H

H

XIII. H

A. B. C. H

H

H

Final Report

December 2006

TRAINING PROGRAMMES ............................................................................................................. 66 USER TRAINING .......................................................................................................................... 66 TECHNICAL TRAINING.................................................................................................................. 66 H

H

H

COST ESTIMATES OF UAIS .................................................................................................. 67 H

INTRODUCTION ........................................................................................................................... UAIS SOFTWARE COSTS ............................................................................................................ MAIN EQUIPMENT AND COMMUNICATIONS TECHNOLOGY COSTS ................................................... CIVIL WORKS AND CUSTOMS EQUIPMENT COSTS ......................................................................... CHANGE MANAGEMENT AND TRAINING COSTS ............................................................................. CONSULTANCY SERVICES AND CONTINGENCY PLAN..................................................................... TOTAL COST .............................................................................................................................. PROCUREMENT OF THE UAIS......................................................................................................

67 67 67 68 68 68 69 70 H

H

H

H

H

H

H

H

IMPLEMENTATION PLAN OF UAIS................................................................................. 72 H

OVERVIEW ................................................................................................................................. 72 STRATEGY ................................................................................................................................. 72 IMPLEMENTATION PLAN ............................................................................................................... 73 H

H

H

APPENDIX A.

OVERVIEW OF THE CUSTOMS DEPARTMENT................................................ 76

APPENDIX B.

OVERVIEW OF STAKEHOLDERS ...................................................................... 84

APPENDIX C.

OVERVIEW OF CUSTOMS PROCEDURES AND PROCESSES ....................... 89

APPENDIX D.

FUNCTIONAL REQUIREMENTS OF UAIS.......................................................... 93

H

H

H

H

A. B. C. D. E. F. G. H. I. J. K. L. M. N. O. P. Q. R. S. T. U. H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

PROPOSED ORGANIZATION STRUCTURE .................................................... 139 H

ORGANIZATION CHART OF CD RT ............................................................................................. ORGANIZATION CHART OF COMPUTER INFORMATION SYSTEM DIVISION (CISD) .......................... ORGANIZATION CHART OF TRAINING DIVISION............................................................................ ORGANIZATION CHART OF CORPORATE AFFAIRS DIVISION ......................................................... ORGANIZATION CHART OF CUSTOMS DOCUMENTATION DIVISION ................................................ ORGANIZATION CHART OF ANTI-SMUGGLING DIVISION ............................................................... ORGANIZATION CHART OF POSTS CLEARANCE AUDIT DIVISION................................................... ORGANIZATION CHART OF CUSTOMS CONTROL DIVISION ...........................................................

APPENDIX F. A. B.

H

H

H

H

H

H

APPENDIX E. A. B. C. D. E. F. G. H.

H

MANIFESTS CONTROL SYSTEM.................................................................................................... 93 DECLARATION CONTROL SYSTEM ................................................................................................ 95 WAREHOUSE CONTROL SYSTEM ................................................................................................. 98 CERTIFICATE AND LICENSE CONTROL SYSTEM ........................................................................... 100 REGISTRATION SUBSYSTEM ...................................................................................................... 102 ADMINISTRATION SUBSYSTEM ................................................................................................... 104 TARIFF NOMENCLATURE SUBSYSTEM ........................................................................................ 105 VALUATION SUBSYSTEM ........................................................................................................... 106 CUSTOMS CONDITIONS SUBSYSTEM .......................................................................................... 106 POST-CLEARANCE SUBSYSTEM ................................................................................................ 107 CUSTOMS OFFENCE SUBSYSTEM .............................................................................................. 108 DUTY PAYMENT SUBSYSTEM..................................................................................................... 108 FEES AND BILLING SUBSYSTEM ................................................................................................. 109 SECURITY DEPOSIT SUBSYSTEM ............................................................................................... 110 RISK MANAGEMENT AND INTELLIGENCE SUBSYSTEM .................................................................. 111 CUSTOMS STATISTICS SUBSYSTEM ........................................................................................... 112 EXCISE CONTROL SUBSYSTEM .................................................................................................. 113 CURRENCY CONTROL SUBSYSTEM ............................................................................................ 113 COMMON SERVICES ................................................................................................................. 114 MESSAGING GATEWAY ............................................................................................................. 116 ILLUSTRATION OF THE FUNCTIONAL REQUIREMENTS (USE CASES).............................................. 118

H

H

H

139 140 141 142 142 143 144 145 H

H

H

H

H

H

H

H

HARDWARE SPECIFICATIONS ........................................................................ 147 H

CUSTOMS HQ DATA CENTRE .................................................................................................... 147 CUSTOMS HQ .......................................................................................................................... 153

Final Release

H

H

Private & Confidential

Table of Content

TA4451-TAJ

C. D. H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

H

SECURITY SPECIFICATIONS ........................................................................... 187 H

SECURITY ARCHITECTURE ........................................................................................................ SYSTEM SECURITY ................................................................................................................... NETWORK SECURITY ................................................................................................................ LOGGING AND MONITORING FEATURES OF THE FIREWALL .......................................................... HIGH AVAILABILITY FEATURE ON THE FIREWALL ......................................................................... SYSTEM MANAGEMENT FEATURES OF THE FIREWALL ................................................................. NETWORK BASED ACTIVE DEFENSE SYSTEM ............................................................................. HOST BASED ACTIVE DEFENSE SYSTEM .................................................................................... SECURE SOCKET LAYERS (SSL) ............................................................................................... VIRTUAL PRIVATE NETWORK (VPN) .......................................................................................... ANTIVIRUS................................................................................................................................

APPENDIX J. A. B. C. D. E. F. G. H. I. J. K. L. M.

H

H

H

H

TESTING PHASES ............................................................................................. 181

TESTING PHASES ..................................................................................................................... 181 USER ACCEPTANCE TESTING .................................................................................................... 184 DATA MIGRATION TESTING........................................................................................................ 185

APPENDIX I. A. B. C. D. E. F. G. H. I. J. K.

H

H

H

H

PROCESSES FOR SOFTWARE DEVELOPMENT AND QA ............................ 174

PROCESSES ............................................................................................................................. 174 DEVELOPMENT PROCESSES ...................................................................................................... 175 SUPPORT PROCESSES .............................................................................................................. 177

APPENDIX H. A. B. C.

December 2006

REGIONAL OFFICE .................................................................................................................... 167 BORDER POSTS ....................................................................................................................... 170

APPENDIX G. A. B. C.

Final Report

187 188 188 190 190 190 191 192 193 194 194 H

H

H

H

H

H

H

H

H

H

H

COST ESTIMATES OF UAIS ............................................................................. 197 H

DATA CENTRE COST ESTIMATE ................................................................................................. DISASTER RECOVERY COST ESTIMATE ...................................................................................... CUSTOMS HQ COST ESTIMATES ............................................................................................... REGIONAL OFFICES AND POST EQUIPMENT COST ESTIMATES .................................................... REGIONAL OFFICES AND POSTS TELECOMMUNICATIONS COST ................................................... TRAINING EQUIPMENT COST ESTIMATES.................................................................................... SUMMARY OF ICT COST ESTIMATE............................................................................................ BORDER POSTS CIVIL WORKS INFRASTRUCTURE COST ESTIMATE .............................................. BORDER POST CUSTOMS EQUIPMENT COST ESTIMATE .............................................................. TOTAL BORDER POST REHABILITATION AND CIVIL WORKS COST ESTIMATE................................. CHANGE MANAGEMENT COST ESTIMATES ................................................................................. TRAINING COST ESTIMATE ........................................................................................................ SUMMARY OF COST FOR CM AND TRAINING...............................................................................

197 199 200 202 208 214 215 216 219 220 221 222 224 H

H

H

H

H

H

H

H

H

H

H

H

H

APPENDIX K.

IMPLEMENTATION PLAN OF UAIS.................................................................. 226

APPENDIX L.

CUSTOMS TRADE STATISTICS (2005)............................................................ 233

H

H

Final Release

H

H

Private & Confidential

Table of Content

TA4451-TAJ

Final Report

December 2006

ABBREVIATIONS ADB ABBAT ASYCUDA CAREC CCC CCI CD RT CDM CMMI DRC EA EDI EurAsEC ICT IPS ISO J2EE LAN MSRD RT

– – – – – – – – – – – –

NTTFC PKI PSTN QA RAS RDBMS RETA RILO RKC RM RTFCCP



SAD SEW SFTP SKU TIN UAIS UAT UCR UNCTAD UN-EDIFACT

– – – – – – – – – –

UNLK



Asian Development Bank Association of International Automobile Carriers Automated System For Customs Data Central Asia Regional Economic Cooperation Customs Cooperation Committee Chambers of Commerce and Industry Customs Department, Republic of Tajikistan Customs Data Model Capability Maturity Model Disaster Recovery Centre Executive Agency Electronic Data Interchange Eurasian Economic Community Information Communications Technology Intruder Prevention System International Standards Organization Java 2 Enterprise edition Local Area Network Ministry of State Revenues and Duties, Republic of Tajikistan National Trade & Transport Facilitation Committee Public Key Infrastructure Public Switch Telephone Network Quality Assurance Remote Access Service Relational Database Management System Regional Technical Assistance Regional Intelligence Liaison Office Revised Kyoto Convention Risk Management Regional Trade Facilitation and Customs Cooperation Program Single Administrative Document Single Electronic Window Secure File Transfer Protocol Stock Keeping Unit Tax Identification Number Unified Automated Information System User Acceptance Test Unique Consignment Reference United nations Commission for Trade and Development United Nations Electronic Data Interchange For Administration Commerce & Trade United Nations Layout-Key

USAID VAT VPN VSAT WAN WCO WTO XML

– – – – – – – –

United States Agency For International Development Value Added Tax Virtual Private Network Very Small Aperture Terminal Wide Area Network World Customs Organization World Trade Organization Extensible Markup Language

Final Release

– – – – – –

– – – – – – – – –

Private & Confidential

Abbreviations

TA4451-TAJ

Final Report

I.

December 2006

EXECUTIVE SUMMARY

1

Customs Department of Tajikistan (CD RT) functions on a manual processing system and all transactions carried out in the trade arena were paper and document based. The use of manual processing and the requirement for an intrusive human interface creates delays and poses obstacles in the approval of Customs Declaration and the clearance of goods. An integrated Customs management and information systems is absent. This leads to difficulty in managing, analyzing and developing information to suit CD RT purposes.

2

To address the limitations of the systems, CD RT will be required to re-engineer its processes and procedures and to embark on an information communication technology (ICT) program despite the absence of a national ICT master plan.

3

Re-engineering CD RT processes and procedures to facilitate a Unified Automated Information System (UAIS) will require CD RT to consider and employ the following recommendations provided by the WCO and WTO: 1. WCO’s Customs Data Model; 2. WCO’s Framework of Standards to Secure and Facilitate Global Trade; 3. Revised Kyoto Convention (RKC) Guidelines on ICT

4

The emphasis would be maximum application of ICT and increase the use of modern clearance methods such as risk management techniques and post Customs Control audit. This helps in the development of selective criteria for the examination of goods, and thus expedites clearance of imports and exports. An electronic approval and clearance system would also eliminate or minimize human interfaces.

5

The development of the UAIS would provide the avenue for a single electronic window for the CD RT community, which includes the trading community and other government and non-government organizations and foreign administrations not directly involved in trade. The UAIS will support internet enabled communication with external parties and host-to-host linkages.

6

In order to propose and design the best UAIS solution for CD RT, system requirements have to be gathered, and users’ needs have to be considered.

7

These are four main groups that UAIS caters to: 1. 2. 3. 4.

Tajikistan trade and logistic community users; CD Officers and personnel; Other Ministries or Agencies staffs; and Other organizations and foreign governments

8

Each group of user requires different design consideration of the UAIS software.

9

A summary of the proposed technology for the UAIS is shown below: Component Software for the community Software for CD Officers Software for Ministries and Agencies

Final Release

Technology Microsoft Visual Basic and Access database Web-based from Customs HQ servers Web-based from Customs HQ servers, or could be file interface through a secured channel

Private & Confidential

Page 6 of 245

TA4451-TAJ

Final Report

Interact with external parties like foreign government and organizations UAIS software Database

December 2006

File interface through a secured channel

Java and J2EE Oracle RDBMS

10

Following the decision on technology, the system design of the UAIS software itself can be carried out.

11

The UAIS software can be logically divided into four main areas: • • • •

The UAIS Core Systems; The UAIS Subsystems; The UAIS Common Services; and The Messaging Gateway

12

The UAIS Core Systems allows the Trade and Logistic Community to use clientsoftware to send various electronic documents to CD RT. Examples of the documents are manifests and Customs declarations. The data will pass through the Messaging Gateway to the server-software for processing.

13

The UAIS Subsystems consists of applications that are used by CD RT personnel to support their daily work.

14

The table below lists the Core System and Subsystem of the UAIS: Core Systems • • • •

Subsystems

Manifest Control; Declaration Control; Warehouse Control; and Certificate and License Control

• • • • • • • • • • • • • •

15

Registration Subsystem; Administration Subsystem; Tariff Nomenclature Subsystem; Valuation Subsystem; Custom Condition Subsystem; Post-Clearance Subsystem; Customs Offence Subsystem; Duty Payment Subsystem; Fees and Billing Subsystem; Security Deposit Subsystem; Currency Control Subsystem; Excise Control Subsystem; Risk Management and Intelligence Subsystem; and Customs Statistics Subsystem;

The Messaging Gateway is an important component of the UAIS that allows communication between client-software and server-software. It also acts as the interface between external parties and the UAIS. For example other Ministries and Agencies, or even other governments. It supports all standard communication protocol and implements secure connection for message depository and retrieval. The Messaging Gateway has a built-in Conversion Engine to format messages if needed.

Final Release

Private & Confidential

Page 7 of 245

TA4451-TAJ

Final Report

December 2006

16

For the implementation of the UAIS, it is proposed that a centralized model should be adopted. This means all processing and data are hosted at Customs HQ. The users at Regional Offices, Border Posts and the Trade and Logistics Community will access the Custom HQ for all trade transactions. The IT infrastructure and network is designed based on this guiding principle.

17

Having a de-centralized model will not be cost-effective as it will mean duplicating the infrastructure at Customs HQ to the Regional Offices to a large extent. Having a decentralized model will also complicate the work flow such as having to synchronize the data and software between Customs HQ and Regional Offices.

18

The proposed steps for UAIS hardware setup is as follows: 1. Equip Customs HQ, Regional Offices, and priority Border Posts with the basic ICT equipment such as PCs, printers, scanners, UPS, etc. The complete list of sites and equipment have been identified and listed. 2. Determine the connectivity model that is suitable for each site. The decision should be based on the forecast transaction volume. For example, all Regional Offices and Border Posts with high transactions should subscribe to ADSL broadband connectivity, while sites with low volume should use dial-up modem. The choices are: i. ii. iii. iv. v.

Leased line; ADSL broadband; 56kbps dial-up; GPRS; and Codan modem.

3. Equip all Regional Offices with Local Area Network (LAN) and connectivity to the UAIS network. This means installing firewall, router, ADSL modems, and VPN concentrator etc. in the Regional Offices. 4. Equip the priority Border Posts with LAN and connectivity to UAIS network. This includes either ADSL, or dial-up modems for these sites. The complete list of sites and equipment have been identified and listed. 5. Setup Customs Intranet Zone using Virtual Private Network (VPN). Between the Regional Offices and HQ, hardware VPN concentrators are used to enable secure connection through the Internet. At the Border Posts, the software VPN clients on the PCs are used for secure access to the Customs HQ and Regional Offices. 6. Setup the Data Centre to host the servers at Customs HQ, and setup a Disaster Recovery (DR) site at least 5 km away from Data Centre. The specification of the equipment and infrastructure needed for these sites have been listed. 19

The UAIS software and hardware proposals are followed by recommendation on Quality Assurance (QA) and Security. Industry best practices and check lists on quality assurance and security are listed. If followed closely, the quality of UAIS is assured because the software development process will be following the standard Quality Process Models such as ISO9000:2000 or Capability Maturity Model Integration (CMMI). These models contain many best practices of software development that is recognized internationally. A security framework consists of

Final Release

Private & Confidential

Page 8 of 245

TA4451-TAJ

Final Report

December 2006

Prevention, Control and Monitoring activities is also described. CD RT should comply with this security model. 20

In order to ensure the success of UAIS, the condition of high priority Border Posts have been examined. The needs of the Border Posts are divided into 2 categories. One is the civil works need, which means improvement to the infrastructure itself. The other need is the Customs Equipment need, for example electricity generators, barriers, or inspection equipment etc. The cost of rehabilitation these Border Posts have been calculated and tallied. Without upgrading these Posts, it will be difficult, if not impossible, to implement UAIS there.

21

To ensure the smooth implementation of the UAIS and the reengineering of the business processes of CD RT, a change management program including provision of training is proposed. A vital program within the change management plans is the dissemination of information and creating awareness outreach among the CD RT officers and their clients in the private and public sectors. Training proposed will include providing basic computer skills to the CD RT personnel, carrying out missions and observation study tours and visits to countries applying ICT in Customs. Missions to study regional and international Customs Administration use of the UAIS should include the clients from the private and public sector. This could facilitate their support for the CD RT UAIS.

22

The total cost of implementing the UAIS is thus calculated. There are three main components to the UAIS cost: 1. The UAIS software and hardware cost. The hardware includes all ICT equipment and communications technology for Customs HQ, Regional Offices, Border Posts, Data Centre, and Disaster Recovery Centre. 2. The Border Posts civil works and Customs equipment cost. 3. The change management and training cost.

23

The cost of the above 3 components take up about 57%, 30% and 5% of the US$10.7 million loan amount respectively. The rest of the loan is set aside for the next Loan TA, Physical Contingency and Price Contingency.

24

Timeline and implementation strategy had been drawn up for the three components above initially targeted for completion within five years. This was revised in view of a proposal that the project completed by mid- to end of 2009. In view of this proposal the implementation schedule has been shortened, with concurrent work being carried out in several key areas at the same time throughout the three years time frame.

25

Implementing the single electronic window and the introduction of a centralized integrated management and information system requires strong commitment and leadership to succeed. The establishment of a Project Steering Committee (PSC) to oversee the progress and implementation of the UAIS should include the private and public sector members. The PSC should be headed by MSRD with secretarial support provided by the Project management Office. Another organization, which could be established, to further enhance trade facilitation and the promotion of ICT would be a national trade and transport facilitation committee (NTTFC). The NTTFC would include representatives from the trading community, logistics providers, banks, national trade, industry and transport bodies and government agencies. Under a lead agency the committee could steer the country to aspire towards a single window environment to meet the aspirations of facilitating trade.

Final Release

Private & Confidential

Page 9 of 245

TA4451-TAJ

Final Report

II.

December 2006

INTRODUCTION

26

This project is a continuation of Asian Development Bank (ADB) support for customs reform and modernization for the Republic of Tajikistan following the launch of the Regional Trade Facilitation and Customs Cooperation Program (RTFCCP) in December 2002.

27

The overall purpose of this program serves to achieve 2 key objectives as follows: 1. Customs modernization through automation and border-post infrastructure development supported by institutional structure and business processes of the Executive Agency (EA) of the Tajikistan Customs. 2. Development of a Conceptual Design of the Unified Automated Information System (UAIS) sufficient for preparation of bid documents for loan implementation, development of key performance indicators for the implementation of the UAIS, system compatibility among the Central Asia Regional Economic Cooperation (CAREC)’s member countries, preparation of terms of references for consulting services in support of implementation and supervision of the UAIS, and the development of the budget estimate for the entire UAIS and phased implementation.

28

The UAIS for custom services is also seen as a key objective to support the CAREC’s trade facilitation program, a major step towards achieving operational effectiveness and efficiency in customs-related practices in the Republic of Tajikistan.

29

This TA Project involves the study, assessment and development of the following major components: 1. Change management modernization

and

public-private

partnership

for

customs

2. Reengineering of customs business processes and Conceptual Design of the UAIS 3. Quality and security assurance of the UAIS and border-post infrastructure development. 30

This draft final report provides a detailed proposal of the modern re-engineered customs practices and workflow based on a comprehensive assessment of the present customs system. The modern customs procedures serve to provide the foundational inputs to the development of the design of the UAIS

31

This is followed by the proposed architectural analysis and conceptual design of the components of the UAIS sufficient for procurement purposes. The UAIS is supported by the quality and security assurance specifications of the ICT infrastructure plans.

Final Release

Private & Confidential

Page 10 of 245

TA4451-TAJ

Final Report

December 2006

III. ASSESSMENT AND REVIEW OF CUSTOMS & TRADE FACILITATION INFRASTRUCTURE A.

Limitations of the Present System

32

The examination of the CD RT documentation and clearance systems points to the high dependence of a manual system supported by the use of computers (most of which are considered obsolete), when they are available, for data entry. There is no integrated Customs management system to support information flow between the Central Office, the Regional Offices and Customs and border posts. A centralized database is maintained in the Statistics Division in the Central Office by means of FoxPro software. Data captured is also limited. Application systems maintained manually are also centralized within the Central Office Divisions. Data and information flow to the Statistics Division are provided through use of telephones, radio modems, in physical document form or use of diskettes. The preparation of trade statistics by the Statistics Division, for example, is possibly prone to inaccuracy as a result of human error in transcribing the data to paper or through voice messages. Regional Offices retain copies of the Customs declarations; the accuracy of data can only be verified upon sighting the physical documents by the Statistics Division should doubt arise. The timeliness of statistical data for formulation of national economic policies can also be affected.

33

Central Office Divisions responsible for maintaining, updating and monitoring manual application systems supporting their needs are highly dependent on the Statistics Division for data. For example, the officers collecting, analyzing and reporting on revenues collected must verify the data collected from the Regional Offices with statistical data retained at the Statistics Division. The requirement to manually seek the assistance of Statistics Division is the result of the absence of an integrated information system within the CD RT possibly supported by information communication technology (ICT).

34

The exploitation of information technology by the private sectors vis-à-vis the Customs Brokers displayed the gap between the private sector and the CD RT. Customs brokers, for example, have strived to minimize their workload through the purchase and use of software of Russian origin for the data entry process and the production of the Customs Declaration. However their systems are not compatible to data entry systems developed by the CD. This has resulted in a requirement for the production of a manual Customs declaration and repetitive data entry by CD RT. There is no data exchange between the CD RT and her clients.

35

The manual system data entry system is time-consuming and provides inadequate information to fully meet with Customs needs. CD captures 16 data field elements to satisfy the regional obligations with her neighbours. Validity checks of data elements are normally based on local expert knowledge of experienced officers. Rejections of values or goods classification codes etc are done at time of presentation of declarations aggravating waiting and clearance time and possible conflict with declarants over the accuracy of CD decisions.

36

A single administrative document (SAD) to meet the requirements of CD RT and those of competent authorities (government agencies), which provide approval, and licensing of controlled goods (for protection of public health, safety and community well-being) is not yet developed. Traders requiring approval for imports/exports of their products from the relevant competent agencies are required to proceed to these

Final Release

Private & Confidential

Page 11 of 245

TA4451-TAJ

Final Report

December 2006

agencies first. Certificates of conformity or licenses are issued and these physical documents must be produced to CD RT before the Customs Declaration can be approved. There is no single synchronous one-stop clearance and approval system since the electronic interfaces between CD RT and the other competent agencies are not present. B.

Inadequacy of the Customs Stations and Border Posts Infrastructure

37

The inadequacy of the Customs stations and border posts infrastructures has also been identified in the previous ADB studies. A visit to the Tursunzade Regional Office and Customs stations and border posts under the region showed inadequacies, which included lack of proper infrastructures and a shortage of utilities and electrical energy. At the Dusti border post close to the Uzbekistan border, an Xray machine was not in operation owing to the absence of the supply of electrical energy. Further studies of several border posts, listed as top priority by the CD RT, were undertaken with the assistance of a civil works engineer from the Project Management Office. New checkpoints are also being undertaken, for example, a new customs checkpoint of Fotehobod located between northern Tajikistan’s Mastchoh District and Uzbekistan’s Bekobod District. CD RT recognized the inadequacy of its border posts infrastructures and has been reviewing and rehabilitating the posts concerned. International organizations such as the USAID had also sponsored the construction of border posts.

C.

Assessment of the Legal Framework and Customs Processes and Procedures

38

In assessing the current CD RT legal framework, procedures and processes, reference was made to the General Annex of the Revised Kyoto Convention (RKC), in particular, Chapter 3 to Chapter 10 containing standards related to (a) “Clearance and Customs Formalities”; (b) “Duties and Taxes”; (c) “Security”; (d) “Customs Control”; (e) “ Application of Information Technology”; (f) “Relationship Between the Customs and Third Parties”; (g) “Information, Decisions and Rulings Supplied by the Customs”; and (h) “Appeals in Customs Matters”.

39

The current Customs Code of the Republic of Tajikistan, under which the CD RT derived its authority, was revised and kept to the spirit of the RKC. The key elements that prompted the amendment of the RKC, in particular, application of risk management techniques and application of information technology are provided for in the Customs Code. The CD RT Customs Code does conform to establishing international best practices drawn up in the RKC. However, in practical terms, the best practices such as maximum use of ICT has yet to be implemented. Several issues that will have an impact on the CD RT as a result of proposals to reengineer the business process for the introduction of a UAIS are appended below. 1. The Customs Declaration conforms to the United Nations Lay-Out Key (UNLK). Presently no application of ICT is available although the Customs Code does provide for submission of electronic documents. The future automation of the Customs Declaration should take into account conformity to international standards for data entry related to the Customs Declaration. These standards are provided in the World Customs Organization (WCO) Customs Data Model (CDM) and Framework of Standards to Secure and Facilitate Global Trade. The RKC Guidelines on ICT also outlines how Customs can use ICT to plan improvements in their services to clients and trading partners. The CDM, for example, provides for use of 264 data elements that are standardized to contain specific number of characters such as data entry of the name of company should have only 27 alphanumeric

Final Release

Private & Confidential

Page 12 of 245

TA4451-TAJ

Final Report

December 2006

characters. The CDM also provides for a Unique Consignment Reference (UCR) that will be used throughout all trade transactions. The UCR is subject to a maximum of 35 characters. The first digit represents the year; the next two digits will be the International Standards Organization (ISO) alphabetic country code; and the remaining is the officially recognized national company identifier and an internally applied company reference. This is to facilitate exchange of electronic documents (e-documents) with internal (within the country) and external bodies such as the other regional Customs administration. 2. Payment of duties and taxes to be paid after payment obligation is created. The Customs Code provides for a deferred payment period of 45 days. There is also no electronic fund transfers through the banks although advanced payments are provided for. The introduction of an electronic fund transfer (epayment) scheme would enhance and ensure proper and effective collection of revenues. 3. Risk management is clearly described in the Customs Code providing, for example, risk profiles to be developed and used. However, in practice, risk management is partially used whilst risk analysis is being developed. An obstacle faced in the present context is the absence of an integrated information system and manageable databases. There is much dependence on human expertise based on local knowledge and experience for selectivity of consignments to examine or not examine. 4. The absence of a national ICT master plan may impact on the progress of the unified automated information systems (UAIS), which are dependent on the establishment of telecommunications infrastructure and, not least of all, the promotion and education of the populace in ICT. The impact can also be felt in the interface of the CD RT systems with the other government agencies and Ministries that may not be as prepared as CD RT. The establishment of technical and security standards by a national body would facilitate interchange of data between the various Ministries and government agencies. Establishment of a national trade and transport facilitation committee (NTFFC) to champion the cause of the UAIS and the establishment of a single window concept to link not only the “Customs Community” (that is, the trading community, logistics and freight operators, banks, government agencies dealing with controlled goods and Ministries) would be a positive step. Towards this objective, the Project Steering Committee, possibly chaired by MSRD RT or CD RT, to be established under the loan should include representatives of the government ministries and agencies and the private sector’s national bodies such as the Tajikistan Chambers of Commerce & Industry (CCI), Customs Brokers’ Association and the road transport operators association, ABBAT. The inclusion of the public and private sector representatives serves to enhance Public Private Partnership (PPP) arrangement. 5. The Customs Code provides for submission of electronic documents but presently this is not practiced owing to the absence of an ICT system in place. The development and use of the UAIS would require CD RT to revise the Code to provide for verification and authentication of electronic or digital signatures. These normally consist of a user identification (user-id) and a password.

Final Release

Private & Confidential

Page 13 of 245

TA4451-TAJ

Final Report

December 2006

6. CD RT publishes notices and circulars providing information to the public normally posted at the Customs offices. An alternative source to disseminate information and promote transparency is the use of the CD RT web site. D.

Experience of other countries

40

Many countries have successfully implemented UAIS within the Customs administration to serve their clients and the trading community. The countries include the USA, UK, Canada, Australia, Korea, Japan, the Philippines, Singapore and Thailand. The key motivation for the countries concerned was systems integration and Customs modernization. The promotion of trade facilitation featured in all the systems and worked on a single window concept with synchronous onestop clearance. International standards were used in establishing the ICT programs in these countries with e-documents submitted based on XML, UN-EDIFACT (United Nations Electronic Data Interchange for Administration Commerce and Trade) and ANSI X-12 (American National Standards Institute) standards. The software developed were either home grown or provided by an international agency. For example, the Philippines uses ASYCUDA (Automated Systems For Customs Data) provided by UNCTAD (United Nations Commission for Trade and Development). However, the Philippines were also able to gain the support of the banks to provide e-payment schemes. The Philippines is planning to upgrade their system similar to those implemented in Korea and Singapore. Key factors of the success of these systems were the backing of the business community, strong support and commitment by the government and the Customs Administration and coordinated construction and expansion of telecommunication infrastructures.

41

Conclusion. To overcome the limitations of the CD RT systems, it is recommended that the UAIS be developed through the introduction of an Integrated Customs Management System (ICMS) that would allow the CD RT to electronically link up all its offices and to interface with other external bodies such as ministries, government agencies, the trading community and other foreign governments. The ICMS would include Applications Subsystems to process electronic submissions and documents and to create databases to support CD RT functions. A business process reengineering of its current procedures and processes will be required to move CD RT forward from a manual processing environment to maximum use of ICT.

Final Release

Private & Confidential

Page 14 of 245

TA4451-TAJ

Final Report

IV.

December 2006

PROPOSED CUSTOM PROCEDURES AND WORKFLOW

A.

Business Process Reengineering

42

Redesigning the various Customs procedures is needed to meet the requirements of a UAIS. The business process reengineering will include setting up core application subsystems and databases to support the ICMS. The various application subsystems and databases and their functionalities are discussed in the next section following and in Appendix D. Details of their requirements and the interface among the applications subsystems and databases are provided below to clarify the uses of the subsystem in the overall set-up of the CD RT UAIS.

B.

Registration For The Trade Community Under A Registration Subsystem

43

The present process requires the private sector clients of CD RT to be registered, licensed and issued with a registration or license number. The clients include the traders, Customs brokers and Customs Specialists. Customs Specialists are authorized persons designated Declaring Agents and are the authorized signatories of Customs Declarations. These clients are also required to undergo CD RT training courses and to successfully complete examinations set by CD RT before being issued their licenses. A manual record is kept of the registration and issue of licenses in the Central Office.

44

The proposed electronic registration process will be reengineered for the same purpose, that is, creation of a database of clients and their authorization to transact with CD RT. Any client who seeks to transact with Customs must be registered with CD RT. The introduction of the UAIS will require that the clients be registered anew. Registration of the clients is necessary as only authorized persons can access the CD RT UAIS. Warehouse operators and freight and logistics providers will also be required to be registered.

45

CD RT also interacts with other clients not involved directly as traders or direct participants in the foreign external trade. These include other government agencies (competent authorities), ministry representatives, banks, Chambers of Commerce and Industry, the Association of Automobile Carriers (ABBAT) and foreign government agencies. Registration of this group of clients is also required. CD RT officers who are required to access the UAIS will similarly be registered electronically.

46

The business process for the traders and the trading community on the one hand and the clients such as CD RT officers, government officials, etc will be different as described below.

47

The business process for the trading community under a Registration subsystem will be accomplished as follows: 1. Traders including Customs brokers and members of the trading community submit electronically an application to be registered. Details of their companies, business licenses issued by the government and tax identification numbers (TIN) will have to be provided. The companies will normally nominate their two or more officials to be their representatives responsible for their Customs Declaration transactions. Personal particulars of the nominees including names, addresses, designation, and the certificate of competency

Final Release

Private & Confidential

Page 15 of 245

TA4451-TAJ

Final Report

December 2006

(Customs examination) and TIN of the employees must be provided. The registration requirement in accordance to an electronic format will be provided by CD RT, normally in the department web site, and easily accessed by interested parties. 2. Upon receipt of an application, the Registration subsystem will verify the authenticity of the request by interfacing with the other government agencies to check on the details provided. For example, the system will check with the Tax Department to verify the correctness and existence of the TIN and Ministry of Justice to check the business registration. The system will also check with other application systems such as a Customs Offence database to verify the acceptability of the nominees and an Administration database to check on the Competency Certificate. 3. If all the details are verified to be correct, and there is no adverse record in CD RT databases to prevent the applicant from transacting with CD RT, the system notifies the applicant of his successful application and that a sealed letter will be dispatched to the applicant. The system will generate a Company Registration Number and will provided each client nominated to transact with CD RT a unique user-id (user-identification) and a password. The system is expected to generate and produce a sealed letter containing the user-id and password to be dispatched to the clients. 4. Upon receipt of the sealed envelopes containing the user-id and password, the first rule imposed by the system will be to require the client to change the password on first accessing the system. The client will use this new password and his user-id to access the CD RT UAIS. 5. The user-id and password will form the electronic signature of each user in the UAIS. It will be unique to each user and the security attached to their use must be documented. All users should be instructed to log off from their sessions when they have finished their transactions. Passwords will be required to be changed after a period of time. No password used previously will be accepted. The emphasis is that the users are responsible for any actions or abuse resulting from the misuse of their user-ids and passwords. Security concerns for the use of passwords will be addressed in the length of the password, the duration for which passwords must be changed and the number of times users fail to log in because of incorrect usage of password and which will result in their being deactivated from further participation of the CD RT UAIS. For the last mentioned, users will have to provide explanations on their failure to use the correct password before they are reactivated. 6. Two options for the format of the registration of the users were considered. The first option is to issue a Customs Registration Number to the juridical legal entity and the companies’ nominees being issued with the accompanying user-id and password (see paragraph 47.3). The second option is to maintain the use of the TIN accompanied with the issue of a unique password for each user. However use of the TIN would require the CD RT system to rely on a larger database than is necessary. The Tax Department creation of the TIN database would include all taxpayers, most of whom may not transact directly with CD RT. Creating a separate Company Registration Number unique for Customs purposes would mean a smaller database to maintain. It would also be useful for Customs analysis of the type of trade conducted by each user. The first option of creating a unique CD RT Company Registration Number is proposed. Every time a transaction Final Release

Private & Confidential

Page 16 of 245

TA4451-TAJ

Final Report

December 2006

is made with CD RT, the system will interface with the Registration system to verify the authenticity of the user. C.

Registration For Other Users Under An Administration Subsystem

48

Ministries, competent authorities (government agencies), the CCI, ABBAT, banks and aircraft and railway operators who are required to interact with CD RT should nominate their officers as authorized users. A letter (or e-mail) to this effect should then be sent to CD RT. CD RT through the office of a proposed ICT Division will register the nominees into the system using the Administration subsystem. The system will likewise generate a user-id and password and produce the sealed letter containing the same. Similarly the password issued must be changed when the authorized user signs on to the system for the first time.

49

CD RT management will also nominate the appropriate officers to be registered as authorized users of the UAIS. Again this will be done through the Administration subsystem. Steps for producing the user-id and password are similar as described above.

50

The Administration subsystem, which will come under the supervision of the ICT Division, will also be used for the dissemination of information to all the users of the CD RT UAIS. For example, the ICT Division will inform the users of the down-time (for maintenance of the system) to users.

D.

Manifest Control

51

The Customs Code provides for the submission of cargo and passenger manifests (rail, air and [sea – for river traffic]). The submission of manifests forms the stage of initial access to information of imports and exports before the production of a Customs declaration. Currently, submission of manifests applies to cargoes imported by air and rail. The process of requiring the submission of manifests ensures the following: 1. The completeness of cargo inventory entering and exiting the country. 2. Provide information on supporting trade documents such as bills of lading, marks and numbers, consignees, consignors etc. The information provided ensures completeness and validity of Customs declarations submitted. 3. Facilitate reconciliation of all imports and exports and ensures the completeness of imports and exports fully complying with CD RT legislative requirements.

52

The consideration for the prior submission of manifests before the arrival of the imports is necessary. This will provide CD RT prior access to cargo information to facilitate pre-clearance of cargo and determine specific cargo consignments to be selected for physical inspection/examination based on selectivity criteria of high risk consignments or persons. Manifests for imports should be provided within 24 hours of their arrival and within 48 hours of their departure. A grace period of one month could be allowed for amendments to provide for short-shipment and tracking of cargo short shipped. The submission of cargo (and passenger) manifests to be delivered electronically will reduce the need for manual matching of paper-based documents which can be prone to errors and is labour-intensive.

Final Release

Private & Confidential

Page 17 of 245

TA4451-TAJ

Final Report

December 2006

53

Cargo imported and exported by road through the frontier posts can be based on the actual submission of Customs Declaration and all supporting trade documents. Unlike air and rail goods ferried normally by a major carrier such as the National Railway Authority or the national airline, goods transported by road are normally based on individual consignments carried on board the vehicular transport. Road transported cargo are normally accompanied by supporting trade documents which otherwise will lead to their delay in Customs clearance.

54

Electronic submissions of manifests should also be made a mandatory requirement. Airlines have sufficient time to produce electronic manifests in view of the flight duration. This can also apply to the railway operators. Thus it should not be a major obstacle for the operators to provide electronic manifests for submission to CD RT prior to the arrival of the aircraft or train. Most if not all transport carriers have produced manifests from their computer systems.

55

The Manifest Subsystem will be reengineered to perform the following:

56

Stage 1 - Submission of Manifests 1. Prior to arrival, the carrier’s or his agent (the airline or railway representative submits an electronic manifests to the CD RT Manifests Control subsystem. 2. The Manifests Control subsystem will register and record the receipt of the manifests. A system response is generated acknowledging the receipt of the manifests to the submitter. 3. The terminal operator on receipt of the goods landed in the country will notify the owners of the goods. Clearance of goods will be subjected to presentation of the appropriate Customs Declaration

57

Stage 2 - Use of Manifest subsystem for clearance of Goods 1. The trader on receiving details of the arrival of his cargo will submit an electronic Customs Declaration that will be registered into the Declaration Control subsystem. The Declaration Control subsystem will interface with the Manifests Control subsystem to verify the authenticity of the Declaration using the bill of lading number and flight details as the key. This will activate a write-off of the item contained in the Manifests Control subsystem. It will also prevent the trader from making a duplicate Declaration. 2. Discrepancies of details such as shortfall of items will be flagged and Customs will be alerted. 3. The release of goods by the terminal operators to the trader will be based on the receipt of a copy of the Customs Declaration. The Customs Declaration will be retained upon exchange of the bill of lading. The operator will retain and match the manifests against all the Customs declarations received from the traders. A report will be sent to CD RT. 4. The Customs will verify that all consignments listed in the manifests have accomplished Customs formalities. For consignments, which have failed to comply with Customs legislations, the terminal operators and the owners of the goods will be required to furnish satisfactory explanations if they were released without undergoing Customs formalities.

Final Release

Private & Confidential

Page 18 of 245

TA4451-TAJ

Final Report

December 2006

5. Customs will perform similar checks on the export manifests to ensure that goods listed in the rail or air manifests have accomplished Customs formalities by way of the submission of Customs Declaration. Manifests that do not reflect the export of goods for which a Customs Declaration has been made will require an explanation from the terminal operators who receives and moves the cargo. 6. The Manifests Control subsystem will ensure that all cargo is accounted for. E.

Declaration Control Subsystem

58

The Declaration Control subsystem will be a significant part of the UAIS. The subsystem will create a database of all the different types of Customs Declarations made and maintain a historical record of all the transactions of the trading community. Manual submissions of Customs Declarations for checking, validation and approval will be eliminated. The Customs Declaration will be auto-processed by the system. Based on the selectively criteria established by other subsystems such as Risk Management & Intelligence or Valuation, the approval will indicate to Customs Clearance officers the degree of examination required.

59

The business process for Declaration Control subsystem is appended below. 1. The trader submits his Customs Declaration to the CD RT UAIS through electronic means. This can be done in two ways. One method is through software residing on the trader’s personal computer (PC), which will be developed by the trader (or a software developer) to permit the trader’s to communicate with the CD RT UAIS through a messaging gateway. The development of the software by local vendors is encouraged. The second method is using the Internet to submit the Customs Declaration. The CD RT will provide an internet-enabled system for the trader to enter the required data. 2. The advantage of a PC-based system is that CD RT will upload several UAIS system files to the trader’s PC. These files include, for example, the complete Tariff Nomenclature (the EurAsec Codification Book); the codes used for data elements such as port code, weight, location of entry/exit point and country code; and the exchange rate file. The Tariff Nomenclature will contain the complete tariff nomenclature of the country. The file will also contain the tariff rates (Most Favoured Nation (MFN) and Preferential Rates), excise rate and VAT. When the trader declares his import or export he can use the files housed in his system and select the appropriate item/code. For example, he will scroll through the Tariff Nomenclature file to select the appropriate Harmonized System (HS) Code for his product. On selection of the HS Code, this will appear on his PC screen. Selection of the appropriate exchange rate will then compute the Customs duty and other taxes. The provision of these files to the traders ensures that errors in entering the appropriate data element and coding type are eliminated. (The updating of the files will have to be done by the trader himself. For example, the exchange rate file will have to be updated daily to ensure that the correct exchange rate is used. The system will highlight to the trader if he uses a wrong exchange rate applicable to another day. He would be required to update the exchange rate file before proceeding). The trader can also review his entries made before transmitting his declaration to the CD RT Declaration Control subsystem. The cost to the trader is cheaper as he can use a lower bandwidth (for example, 64 kps) to transmit his data to CD RT. The trader also does not have to be

Final Release

Private & Confidential

Page 19 of 245

TA4451-TAJ

Final Report

December 2006

logged on-line all the time while preparing his submission. He can save a copy of the Declaration on his system. Subsequently if he wants to send the Declaration to the CD RT, he can dial in to the CD RT system and transmit his Declaration. The cost for use of the telecommunications facilities would thus be reduced. 3. If the trader chooses to use the internet-based system to transmit his Declaration, the CD RT databases provided to PC-based systems will not reside in his computer. The data required will have to be drawn from within CD RT server systems. The trader would also have to be on-line all the time while preparing the Declaration. The likelihood of using higher speed bandwidth would be more costly compared to a PC-based system. 4. After the trader has submitted his declaration, the Declaration Control subsystem will automatically check the value (price) against the Valuation subsystem to identify acceptable values for specific goods from particular countries. The database will flag and highlight valuations that fall outside acceptable ranges. 5. There are three options when the Valuation subsystem checks are carried out and values are highlighted as “unacceptable”. The first option is to route the Customs Declaration on-line to a valuation officer. The officer can then send a message to the trader to produce documents or other requirements. Routing discrepancies on-line for human action to be taken will mean that the Declaration cannot be approved. There will be a time delay for clearance and approval of the Declaration. Traders will not be assured of having his Declaration approved even if the CD RT system operates 24 hours daily, 7 days a week. Officers responsible for on-line processing, work a 5-day week routine; and they may also be busy with other transactions during the period when rejected Declarations are routed to them. The second option is to auto-approve the Declaration and highlight the discrepancy for action by the PCA officers. The audit and subsequent check on the company will be termed immediate audit. This is a better option as it serves to achieve a service standard of not delaying the public. The third option is to autoapprove the Declaration and highlight the discrepancy to the field officers performing Customs Control & Clearance for them to carry out documentary and other physical examination of the consignment. The consignment will be flagged under a “red” channel clearance requiring examination. The second and third options are proposed for adoption. The examining officers in the field will carry out the initial examination; PCA officers can take follow-up immediate audit later. (CD RT, however, will adopt Option 1. CD RT is concerned that auto-approval in Options 2 and 3 will result in complicating the procedures in recovery of customs duties and taxes with negative effects on checking of documents, establishing correct values etc. There is also an inherent fear that auto-approval and auto-clearance would result in fairly high instances of under-valuation. CD RT will, however, adopt a key performance indicator that on-line processing shall not exceed two(2) days in determining the acceptable transaction value for Customs purposes.) 6. Other checks that will be carried out by the Declaration Control subsystem will include verifying the goods subject to control by other competent authorities (government agencies). The trader is required to seek the approval of the competent authorities and obtained the approval and license number. This number will be entered into the Customs Declaration. The Declaration Control subsystem will trigger validation of the certification using the Final Release

Private & Confidential

Page 20 of 245

TA4451-TAJ

Final Report

December 2006

Harmonized System (HS) Code as the key. Competent authorities are required to coordinate with CD RT to provide the various items/products under control based on the HS Code. The competent authorities will also upload to CD RT the list of licenses and approval granted to individual consignments and company. This Listing will form the product of a Certification & Licensing subsystem. The competent authorities may instruct CD RT from time to time to hold the consignments for further action by the authorities. However, this should not be for all instances. A solution to attain a one-stop synchronous clearance requires the competent authorities to empower CD RT under their agency legislation to carry out checks for them, including extraction of samples for testing. The Certification & Licensing database will also contain the approval and certificate numbers of Certificate of Origins (CO) issued by the Chambers of Commerce and Industry (CCI). Similarly the CCI is expected to upload the lists of CO to the Certification & Licensing database. 7. The Declaration Control subsystem will route the Customs duties and taxes payable to the Duty Payment subsystem. The duties and taxes due will be routed to the banks to trigger the electronic payment to CD RT to facilitate a cashless system electronic fund transfer scheme (e-payment). The banks will deduct the amount due from the trader’s account and credit the sum to CD RT. The system will also highlight a message to the trader to ensure that there are sufficient funds available in his account. In an e-payment scheme, the trader would have signed a direct debit authorization to permit the banks to debit Customs duties and taxes and other Customs fees to CD RT’s state budget account (Ministry of Finance account). In the event that the accounts have insufficient funds, the banks will subsequently inform CD RT. Depending on the arrangement of the banking system, this can take place 2 days after the transaction is made. If the trader has not cleared his cargo from Customs control, he shall make cash payments to the banks for crediting to CD RT’s account. A bank pay-in slip will have to be produced to the Customs at the time of clearance of the consignment. If the consignment has been cleared and no debiting of monies has taken place, CD RT may want to consider this a Customs offence, which will be penalized by way of a composition fine. (Since the e-payment scheme may be established within the implementation period, the system will also cater for deductions from advance payments made and/or for third parties to pay the customs dues and taxes to be borned by the trader.) 8. Depending on each type of Customs regime applied for in the Customs Declaration, the information from the Declaration will be routed to the appropriate databases. For example, temporary imports for processing for home use will be sent to a Temporary Import – Processing for Home Use database. 9. On approval of the Customs Declaration, the system will allocate an approval number to the Declaration. The trader will be informed of the decision. He can then print out the approved Customs declaration, which will also carry a bar code. The hard copy of the Customs Declaration bearing the bar code will be used for clearance of cargo from Customs control. At the clearance point the traders will have to produce supporting trade documents (invoices, bills of lading, packing lists, etc) that may be examined and verified by the clearance officers. The bar code is provided for the clearance officer’s use. At the point of clearance the officers will scan the bar code and the information and details of the Customs Declaration will appear on the officer’s computer screen. Final Release

Private & Confidential

Page 21 of 245

TA4451-TAJ

Final Report

December 2006

Alerts and actions to be taken by the officer will be included in the clearance officer’s screen. (These alerts are not available to the trader and are generated in the system based on selectivity criteria decided by CD RT). 10. The Declaration Control subsystem will also reconcile the Customs Declaration with the Manifest Control subsystem. Upon accomplishment of all Customs formalities, the inventory in the Manifest Control subsystem will be written off. Automated data reconciliation or matching forms an important part of the system process. Discrepancies can be highlighted and reported as over- or under –declaration. CD RT can then take immediate action. This action also applies to the transit and transshipment movement. The Declaration Control subsystem will allow the data captured to be matched when the goods leave the country. The declaration information can be captured at entry and matched and written off when the goods are produced at the exit point. F.

The Warehousing Control Subsystem (WCS)

60

The WCS comes into play when the Declaration Control subsystem detects the Temporary Storage regime applied for. The Declaration Control subsystem will process the submission and transfer the data to the WCS. The WCS will create an inventory database for the purpose of control and monitoring of the storage of duty unpaid goods within the warehouse concerned. Subsequent withdrawal from the warehouse under another Customs regime will trigger the change in inventory of the warehouse.

61

The WCS database serves the needs of CD RT officers. Warehouse operators are expected to have their own independent inventory systems. The operators will produce monthly reports of the remaining inventory in their warehouse to CD RT. This report can be in electronic form in a manner to be set by CD RT. The submission of the report will be matched against WCS records. Discrepancies will be highlighted to the CD RT Warehousing officers. When CD RT Warehousing officers are assigned to carry out inventory checks, the WCS subsystem can generate a report of existing inventory. This will assist the officers in carrying out their tasks.

62

A Duty Free Shops Management subsystem could also be formed under the WCS. The function of this subsystem is similar to temporary storage under a warehousing system. The subsystem will monitor and track the movement of duty free goods from warehouses and taken into duty free shops and their disposal at the shops to eligible persons. Sales would be monitored through the passenger name, flight numbers and date of arrival/departure. The subsystem thus keeps an inventory of goods in each duty free shop with functionalities to register the receipt of goods into duty free shops and sales of such goods.

G.

The Excise Control Subsystem

63

Customs Declarations of products that are subject to excise duties will be catered for under the Excise Control subsystem. The subsystem is similar to WCS for monitoring the movement of the goods and the payment of excise duties by way of excise stamps. Excise stamps are required to be affixed on products and reported in the Customs Declaration. Each Declaration will contain the serial numbers of excise stamps used. The system will keep a record of the excise stamps in the custody of CD RT; those purchased from CD RT by the traders/companies and will write off the

Final Release

Private & Confidential

Page 22 of 245

TA4451-TAJ

Final Report

December 2006

records of stamps used. No excise stamp number can be repeated. Discrepancies will be highlighted to the Excise officers. H.

The Tariff Nomenclature Subsystem

64

The Tariff Nomenclature subsystem will comprised a table (module) of the complete common EurAsEC Tariff Codification Book used for the classification of goods. This module will contain all the tariff lines of Codification Book, the MFN and preferential tariff rates of import and export, excise rate and the VAT. The table will also be flexible to provide for countervailing or anti-dumping rates as and when they arise. The database will also contain separate tables providing for the internationally accepted codes used in the data elements such as port code, country code, product code and CD RT national codes such as location of entry/exit clearance office or border posts. Current clearance offices border posts are designated in a numerical format. For example, Dushanbe-2, a rail clearance point is listed numerically as “76104”. CD RT may wish to review this to provide for an alphanumeric format with 5 characters. Dushanbe-2 within the Dushanbe Regional Office could be listed as DDU02, the first character being the Regional Office and the rest of the characters being the actual location. A second rail clearance point Dushanbe-1 could be listed as DDU01. The Tariff Nomenclature subsystem will provide for authorized officers to update the tariff rates (import and export, excise and VAT) should any of the rates be changed. The system administration will provide access to only two high level management officers to perform this task. CD RT would have to designate the appropriate officers. The first officer could be the head of the Tariff Regulation subdivision. He enters the rate changes. The second officer could be the Divisional Head. His task is to confirm the changes.

I.

Valuation Subsystem

65

The Valuation subsystem contains the database of all values declared for imported and exported goods. The system will also program a range of acceptable values for products based on the input by CD RT. The acceptable values of each product should be based on country of origin, date of purchase or import/export. The database would capture product names, product codes (if any), country of origin, dates of purchase or date imported/exported, year of manufacture and the like. The data would be useful, as transaction values declared might be rejected and CD RT would have to follow the hierarchal order of deriving acceptable values under the other five methods of the Valuation Agreement Code.

J.

Customs Conditions Subsystem

66

The Customs Conditions subsystem will contain all the normative rules provided in the Customs Code and/or other conditions that CD RT may establish. This database is part of a Business Rule Engine. Conditions imposed could include the remainder of providing sufficient funds in bank account for deduction of customs duties and taxes.

K.

Duty Payment Subsystem

67

The Duty Payment Subsystem will handle the assessment, verification, monitoring and generation of revenue reports. This subsystem will also link up with banks to cater for e-payments. Interfaces with other subsystems such as Tariff Nomenclature will confirm the accuracy of the rates of duties and taxes declared. The subsystem automatically calculates duties and other taxes for each Customs declaration based on the customs value, classification of the goods, and rates of duties and taxes. A

Final Release

Private & Confidential

Page 23 of 245

TA4451-TAJ

Final Report

December 2006

linkage with the Ministry of Finance (MOF) will be necessary. MOF monitors and projects revenue collection from each regional office and border posts and provides performance targets for them to attain. Monitoring reports would have to be generated and positive or negative variance of the projected performance targets would be highlighted to MOF. L.

Fees and Billing System Subsystem

68

Traders will from time to time require Customs services or Customs services are provided for a fee. The Fees and Billing Subsystem will generate the invoices requesting the traders and other clients for the payment. The payment could also be deducted from the banks if authorized by the clients. Thus there will be an interface with banks for e-payment where appropriate.

M.

Customs Statistics Subsystem

69

The Customs Statistics subsystem will cater for the production of trade statistics derived from Declaration Control subsystem. Statistical reports will be generated and the subsystem will be able to produce soft-copy reports for submission to the government agencies involved and to foreign administrations when required.

N.

Security Deposit Subsystem

70

CD RT requires security deposits from traders to guarantee they fulfill their obligations. This is to safeguard the goods from entering illegally into free rotation without payment of customs dues and taxes.

71

A Security Deposit system administers the security deposits lodged by traders. A record of each deposit will be created upon presentation to CD RT. The system will track and monitor the status of the security deposits. Reports will be generated to inform CD RT on the requirement to return the security deposit or request for the renewal of the deposits or request for topping up insufficient security required.

72

It is proposed that security deposit be used as a means of monitoring, controlling and ensuring the accomplishment of Customs formalities for Customs Declarations For example, a trader can lodge a specified amount of security deposit in the form of a bank guarantee for temporary storage purposes. When he declares, for example, a Customs Declaration, the amount of duties and taxes is debited (subtracted) from his security deposit. There is no actual deduction, only a temporary suspension of the amount of duties and taxes he would have paid if he withdraws the goods into free rotation. This amount will be credited back to the security deposit when he accomplishes all Customs formalities for the specified consignment (exported or withdrawn for free rotation with duties and taxes being paid). The suspended amount cannot be greater than the security deposit lodged. When he declares another Customs Declaration, the amount of duties and taxes is debited again. If he does not accomplish all Customs formalities to close the Customs Declaration, the amount of suspended duties and taxes continues to be suspended. If he further declares another Declaration and the amount of duties and taxes suspended added to the previous suspended amount is greater than the security deposit, the system will alert CD RT. A request will be made for the trader to top up his security. This system of debiting and crediting security deposit for each Customs Declaration made will ensure that CD RT interests are not compromised. At all times, the security deposit secures the revenue, which would have been paid if the goods cannot be accounted for. Security deposits under this system would ensure that traders accomplish the

Final Release

Private & Confidential

Page 24 of 245

TA4451-TAJ

Final Report

December 2006

formalities in the shortest time possible; else they would be subject to further topping up of the security. O.

Risk Management System

73

The Risk Management System will be responsible for producing the Selectivity Criteria for examination. There is no single methodology to identify and assess risks. There are a number of developed processes for identifying, assessing and managing risks. The Australian and New Zealand Customs developed a systematic cycle of the examination of risks management. CD RT in identifying risks will have to include in their consideration the environment within which they operate, the clients and relationship to CD RT (this takes into account the compliance rate of clients which can be ascertained from the Customs Offence Records), the transactions carried out by clients (element of risks of imports from country of origin and level of risk, patterns of trade from different countries, value of transactions), and the consequences of each risk identified. In assessing the risks, CD RT would consider the effects of each risk and the level of it happening (the more serious the risk, the less acceptable the risk – thus consignments would be targeted for examination). In managing risks, the next step would be to prioritize the risk and measures to deal with these. In all likelihood, total elimination of risk is not possible; reduction to acceptable level is.

74

In developing risk management techniques, the DC RT should select their “Risk Indicators. These are specific items, for example, a particular product, a particular country of origin, which can be targeted for potential of Customs infringements. Risk Profiling would be a combination of the risk indicators, which have been studied and analyzed from information gathered from the Customs Declaration, Customs Offence System and other sources.

75

The Customs Declarations System will interface with the Risk Management System that will contain the selectivity criteria which determines the action by CD RT clearance officers and to alert Post Audit Clearance. The system will indicate the appropriate channel of clearance such as “Red” for thorough examination, “Yellow” for partial examination and “Green”, no examination required and consignment to be cleared. Examining officers will also have to produce a report of the results of their examination and post it back to the Risk Management System. Officers who override the systems decision, for example, examining “Green” channel consignments or releasing “Red” channel consignments will similarly have to produce a report to account for their actions.

P.

Customs Offence System

76

This system maintains records of Customs offences committed. The details that shall be contained include names of company, name of offender (declaring agent or other persons), Customs Declaration type and approval number, date of offence, place of offence, type of offence, type of goods involved, action taken (composition fine, court action and amount of fines imposed/paid), name of detecting officer, name of investigating officer, and investigation file reference.

Q.

The Travelers Management System

77

Residents and non-residents enter and leave the country through three means of transportation, by rail, air and road. The airline and railway operators can facilitate the management of travelers by air and rail with the presentation of passenger manifests. The passenger manifests are key sources of information for the Customs to decide on the thoroughness of examination of persons profiled as high-risk targets.

Final Release

Private & Confidential

Page 25 of 245

TA4451-TAJ

Final Report

December 2006

The extraction of information from the manifests will also provide profile of the selected persons’ movement, the frequency of such movements and the level of potential risk to Customs. Road travelers pose a larger threat to revenue loss. The lack of data on the travelers through the borders can and does result in travelers (living near the borders) moving across the borders many times in a day. This can lead to them carrying goods across the border in small quantities or in part shipment to avoid payment of Customs dues and taxes. 78

The Travelers Management System will comprise the establishment of a Black List of Suspected Offenders. This Black List will be build by CD RT based on a Risk Profile from information gathered or risk indicators selected. The Black List can be downloaded to a Border Control Department (BCD). BCD is the first point of contact. The BCD can alert CD RT when blacklisted travelers are detected at the border crossing. CD RT can then carry out their examination. Reports will be prepared and kept within the Travelers Management System.

R.

Conclusion

79

The current manual system is to be replaced under the framework of a single electronic window (SEW) serving the CD RT community. The SEW will be the electronic platform to bring together all stakeholders, from both the private and public sectors. The integrated information and management system providing both internetbased and host-to-host connection will facilitate the exchange of information, eliminate the manual submission of Customs Declaration, facilitate the legitimate trader through faster clearance and the minimization of human intervention and enable CD RT to move from a people-driven process to a system-driven workflow, with business rules and artificial intelligence built into the system. This will help to increase transparency and predictability of service. The UAIS should support all international standards of message format such as XML, UN/EDIFACT, RosettaNet, and ANSI X-12 support inter-agency exchange of data and with other foreign customs administrations.

Final Release

Private & Confidential

Page 26 of 245

TA4451-TAJ

Final Report

V.

December 2006

INTER-AGENCY COORDINATION

A.

Inter-agency Cooperation and Coordination

80

Gaining the support of the competent authorities, which are responsible for processing of controlled goods is vital to facilitate the one-stop approval clearance process in the CD RT UAIS. The active participation of competent authorities for a single administrative document is important for establishing a synchronous one-stop clearance and to avoid unnecessary delays in processing and clearance of the Customs Declaration. The strategies which CD RT should adopt are as follows: 1. Establish regular dialogues and consultation with the inter-agencies to gain support for the single window concept 2. Include all agencies related to trade facilitation including the Ministry of Trade and Economy, Ministry of Industry and Ministry of Transport. The Ministries play important roles in the promotion of trade. 3. Establish the preparation of a Product Listing of all the goods under control and the agency responsible. The products are to be listed by Harmonized System Code under the present Tariff Nomenclature of CD RT. This List is to be constantly updated and kept on the proposed UAIS Certification & Licensing subsystem. 4. Include several of the agencies for study visits and/or training sessions related to CD RT UAIS to enable the agencies to gain and understanding of the benefits of a single window one-stop system. 5. Invite from time to time agencies to lecture CD RT officers on the rationale for placing goods under control and techniques adopted by the agencies to approve the goods. 6. Request the agencies to empower CD RT the responsibility of performing their tasks for them such as the examination and/or extraction of sample for these agencies of products that require clearance; and 7. To include the agencies in the Project Steering Committee. In the event a National Trade and Transport Facilitation Committee (NTTFC) is establish to oversee trade facilitation strategies, the agencies should also be involved as active participants.

Final Release

Private & Confidential

Page 27 of 245

TA4451-TAJ

Final Report

VI.

December 2006

UNIFIED AUTOMATED INFORMATION SYSTEM (UAIS)

A.

Objective of UAIS

81

Tajikistan UAIS proposal aims to develop a full suite of integrated, robust and intuitive software systems that leverages on stage-of-the-art technology to support the streamlined CD RT key processes.

82

The UAIS will modernize CD RT workflow and help it achieve the following main objectives: i.

Provide a more effective customs control through risk assessment, profiling, and data mining.

ii.

Provide a more efficient Customs clearance through the use of electronic forms and auto-processing rules, including general automation of Customs procedures and electronic exchange of information.

iii.

Provide a more uniform application of Customs law by programming them into the system and subject all stakeholders to the same rules.

iv.

Provide a more efficient revenue collection method through direct interface with banks and real-time debit from accounts.

v.

Provide a more effective data analysis through pre-defined reporting rules and generating reports from error-free and timely data.

vi.

Provide a more efficient production of trade statistics, where trade statistics can be generated from data with up-to-the-minute accuracy.

vii.

Provide quality of data by enforcing validation rules and checks uniformly throughout the system.

83

The proposed UAIS solution shall be cost-effective and have the ability to best meet the requirements of the CD RT. At the same time it will contain features that are found in modern Customs systems.

B.

Design Consideration of UAIS

84

The design of the UAIS software has to take into account the local conditions of RT, as well as the likely usage pattern. The two main groups of users of the UAIS are the trade and logistic community, and the CD RT.

85

The trade and logistic community consist of the following groups of users: • • • •

86

Rail and air terminal operators, freight forwarders, and carriers; Customs brokers and Customs specialists; Licensed warehouses; Traders, importers, and exporters.

Design considerations for the above users are: •

Final Release

Able to make users more productive without increasing their cost. The cost of using UAIS should be the same or less than the current cost without UAIS.

Private & Confidential

Page 28 of 245

TA4451-TAJ

Final Report

December 2006



Able to be a one-stop application for users. For example, users should be able to make document submission, payment of charges, and receiving back Customs approval, all within the UAIS.



Able to cater to declarants and end-users from all over the country. This means that the UAIS software has to be easily installed and supported at different geographical regions and locations.



Able to increase user’s productivity. For example, by using the UAIS, users should be able to do much more declarations per day than previously.



Able to support multiple users at a single location. This is because there may be more than one Customs Specialists in a company, and they have to be distinguished.



Able to work well in low bandwidth situation. This is because in many places of RT, the telecommunication infrastructure is still not mature yet.

87

The second group of users is the CD Officers. They consist of the personnel at Customs HQ, including the existing six divisions, Regional Office personnel, and the Border Post Officers.

88

Design considerations for CD RT users are as follows:

89



Able to handle large volume of data submitted by users of the system. This is because users from all over the country will be submitting electronic documents to CD RT.



Able to do data-mining, data-warehousing, and flexible reporting due to the number of reports and statistics that CD RT needs throughout the year.



Able to have access to UAIS data in real-time. This is important because CD Officers need up-to-date data for risk management, processing, and reporting.



Able to access the UAIS from any location at anytime. The UAIS has to be designed such that the Regional Offices and Border Posts are able to have access to it easily.



Able to provide CD Officers everywhere with the same visibility of data. For example, CD Officers from different Regional Officers should be able to have access to the same data from the database.

Keeping in mind the above, the UAIS also has the following additional requirements: •

It has to provide connectivity to other Agencies and Ministries. For example Ministry of Finance of RT, Ministry of Health of RT, Ministry of Agriculture of RT, Tajikstandard, and Tajikistan Chamber of Commerce and Industry, etc. The connectivity can be in the form of a file interface, or a user interface for users from these organizations to use.



It also has to provide connectivity to financial institutions (banks). For example National Bank of RT. This is to facilitate auto-debit of funds from traders and declarants.

Final Release

Private & Confidential

Page 29 of 245

TA4451-TAJ

Final Report

December 2006



It has to be a secure system, from data transmission to data storage.



It has to be expandable, and easily adapt to increase in trade volume or the addition of more functionality.



It has to be compatible, in terms of features and technology, with other modern Customs system.

C.

UAIS Technology

90

The UAIS will be large-scale software that is installed at Customs HQ. It will operate out of the HQ. The reason is that it is cheaper to build one major infrastructure to support the UAIS hardware. If the UAIS were to be a distributed system, with hardware and software installation in many locations, then the maintenance and support cost will be much higher. With only one location, the cost of hiring and training support personnel for the UAIS will also be lower as well.

91

The UAIS will have a central database, such as the Oracle Relational Database Management System (RDBMS). The central database will facilitate data mining and data-warehousing. With one database, it will ensure data integrity, and it is also easier to archive data and generate Customs report from.

92

The technology used for the UAIS software is recommended to be Java 2 Enterprise Edition (J2EE). J2EE standards allow portability to multiple platforms such as UNIX, AIX and Windows. This means that there can be more choice in the hardware.

93

J2EE is also multi-tiered, which means the user interface layer can be customized without affecting the domain layer that holds the essential business processing logic of the UAIS. J2EE also has the advantage of being the technology of the Internet and is highly scalable to cater for higher volume in the future.

94

Since Java is a popular programming language, the cost to CD RT will be lower if it were to maintain an in-house team of programmers to develop additional functions to the UAIS.

95

Even though J2EE and Java will be used, in some cases an alternative technology has to be considered too.

96

For the trade and logistic community, since they require lots of data entry, without the need of real-time connection, it is suggested that Visual Basic program can be used. Data can be stored locally in a Microsoft Access database. Only when there is a need to communicate with the UAIS, then data will be transmitted to Customs HQ.

97

A summary table of the technology proposed for the UAIS software is shown below: Component

Technology

Software for the community Software for CD Officers Software for Ministries and Agencies or to link with them

Microsoft Visual Basic and Access database Web-based from Customs HQ servers Web-based from Customs HQ servers, or could be file interface through a secured channel

Final Release

Private & Confidential

Page 30 of 245

TA4451-TAJ

Final Report

Software for linking with external parties like foreign governments and organizations UAIS software Database

December 2006

File interface through a secured channel

Java and J2EE Oracle RDBMS

D.

UAIS Architecture

98

The UAIS software should be made up of 3 logical layers, they are listed as follows, from the bottom layer to the top: • • •

The Service Layer The Domain Layer The Interface Layer

99

The Service Layer consists of the basic applications and systems that will be used by all the subsystems in the upper layers. This also includes interaction with the database.

100

The Domain Layer consists of applications that hold the business logic processing and other types of processing. It is the link between the interface layer and the service layer.

101

The Interface Layer consists of either user interfaces that allows user to interact with the system directly, or an application that allows other systems to interact with the UAIS.

102

A diagram of the software architecture and an example is shown below:

Final Release

Private & Confidential

Page 31 of 245

TA4451-TAJ

Final Report

December 2006

103

The UAIS server-software explanation:

104

Basically, UAIS software that needs the Web Browser to connect to Customs HQ’s URL is called the sever-software. It requires either an Internet or Intranet connection to work.

105

Users will have to use Web Browsers like the Internet Explorer, FireFox, Safari, or Netscape on their PC to connect directly to the URL of CD RT. This is so that users can use the software that is installed at the Customs HQ servers, and have access to the central database there.

106

A diagram showing the use of server-software is shown below:

Final Release

Private & Confidential

Page 32 of 245

TA4451-TAJ

Final Report

December 2006

107

The UAIS client-software explanation:

108

The UAIS software that does not need the Web Browser to function, and can store data locally on the PC, is called the client-software. It does not need an Internet connection to work.

109

Users will have to launch the application on the PC. All data will be stored locally and there is no need to connect to Customs HQ till needed.

110

A diagram showing the use of server-software is shown below:

Final Release

Private & Confidential

Page 33 of 245

TA4451-TAJ

Final Report

December 2006

E.

UAIS Overview

111

The UAIS software can be logically divided into four main areas: • • • •

The UAIS Core Systems; The UAIS Subsystems; The UAIS Common Services; and The Messaging Gateway

112

The Core Systems will exist as client-software as well as server-software. The clientsoftware allows the Trade and Logistic Community to send various electronic documents to CD RT. The data will pass through the Messaging Gateway to the server-software for processing. The server-software will provide functionality for CD RT to process the data submitted by the users.

113

The proposed Core Systems include the following:

Core Systems 1

2

Final Release

Manifest Control

Declaration Control

Main Functionalities •

For submission of electronic manifest pre-arrival or upon actual arrival of vessel at the border posts or terminals of Tajikistan.



Enable CD RT to auto-process the submitted manifest documents according to the rules set into the System.



Enable CD RT to do risk assessment on the shipment. It also allows Customs to reconcile the manifest information with the goods declaration information that is submitted later.



For submission of electronic import, export, transshipment, or Customs declaration of any Customs Regime. Approved declarations will be returned with a permit number by the System.



Enable CD RT to auto-process or manual-process submitted Customs declarations. The System will reconcile the declarations with the shipping manifests received.



Will auto-calculated duties and taxes payable by declarants, and auto-deduct the appropriate amount from their bank account.



It is linked with several other Subsystems of the UAIS.

Private & Confidential

Page 34 of 245

TA4451-TAJ

3

4

Final Report

Warehouse Control

December 2006



Enable Warehouse Operators to store and submit inventory data and cargo valuation data to CD RT. It can handle goods for duty free shops, as well as general goods movement or transfers.



Allow tracking of all licensed warehouses’ inventory based on approved Customs declarations. All movement of cargo to and from the warehouses is tracked. It can also generate comprehensive reports for CD Officers to do post Customs Control audit and inspection.

Certificate and • License Control

Allow submission of electronic Certificates or Licenses.

application

for



Allow Officers of the Agencies and Ministries to login to receive and process application for certificate or licenses.



Auto-calculates fees payable by applicants, and deduct the appropriate amount from the designated financial institution.

114

The Subsystems consists of applications that are used by CD RT personnel to support their daily work. The Subsystems will exist as server-software, with no clientsoftware, because only Customs personnel will have access to them.

115

The proposed Subsystems include the following: Subsystems 1

2

Final Release

Registration

Administration

Main Functionalities •

Provide a centralized application where the trade and logistic community can be registered with the UAIS as users. They will receive user ID and password to the system.



Keep the bank account information of users as well, to be used for billing and duty deduction.



Allow CD Administrators to assign user roles and rights to Customs officers. It is similar in concept to the Registration Subsystem, but for CD RT and related personnel only.



Serve as the communication center for CD RT to send information to stakeholders of the UAIS. It can store and send notices and circulars, as well as make announcements to external parties.

Private & Confidential

Page 35 of 245

TA4451-TAJ

3

4

Final Report

December 2006

Tariff Nomenclature •

Enable CD Officers to manage and control the codes that are used throughout the UAIS. For example HS Code, country code, port codes, and product codes etc. CD Officers can also use the Subsystem to set the tariff rates to the goods. The codes managed by the Subsystem can be international standard codes, or RT standard codes.



Allow new or updated codes to be sent to the Core Systems’ client-software.



Enable CD Officers to track the standard value of goods. CD Officers can use it to create and maintain the goods valuation database.



Handle the validation of cargo value that is declared in declarations. It will analyze the declared value and flag any non-conformance. It automatically adjusts its database of values as it collects more data.

Valuation

5

Customs Conditions



Enables CD Officers to “program” RT Customs Code into the UAIS. This can be done using the Rule Editor of the Rule Engine.

6

Post-Clearance



Perform two main functions. One is the inspection scheduling and tracking. The other is post audit team (CD Inspectors) management.



Handle inspection requests that are triggered by the Manifest Control, Declaration Control, or the Warehouse Control System. CD Officer will use it to schedule inspections, as well as view detail of cargo that requires inspection. CD Officer can also deploy Inspectors with the Subsystem.



Enable Customs Inspectors to enter inspection result and offence data. The Customs offences will be tracked in the UAIS database.



Enable CD Inspectors in the recording and categorizing of offence data, as well as interface with Risk Management and Intelligence Subsystem. Inspection results are feedback into the Risk Management Subsystem in order to improve its effectiveness.

7

Final Release

Customs Offence

Private & Confidential

Page 36 of 245

TA4451-TAJ

8

9

Final Report

Duty Payment

Fees and Billing

10 Security Deposit

11 Currency Control

12 Excise Control

Final Release

December 2006



Perform two main functions. One is to handle duty and charges calculation and collection. The other function is to link up with financial institutions, for example banks, to deduct the funds from declarants’ accounts.



Able to automatically calculate duties and other taxes for each Customs declaration based on the customs value, classification of the goods, and various duties, taxes and fee rates applicable.



Perform the function of billing and collecting money. It will generate monthly bills to users of the UAIS, and also helps CD RT to collect fines from declarants who had committed Customs offences.



Allow CD Officers to manage the billing cycle and charge codes of the UAIS, among other things.



Provide facilities for managing securities lodged by traders, importers, or exporters. This is to cover both goods moving in and out of Customs territories. Information such as security applicants, providers, as well as forms and types of security are captured and stored online. CD RT will maintain such information.



Functions such as review request, discharge request, liquidation request, and exemption request are also provided in this Subsystem.



Allow CD Officers to track the export revenue of companies and the validity of payments for imported goods in a foreign currency.



It will store and manage the transaction certificates of traders, as well as securing control on the amount that exceeds the contract.



Automates the excise stamps department activities. For example, registration of applications for purchase of excise stamps, payment made for excise stamps and issue of stamps on the receipts to the control of stamps utilization and application closure.

Private & Confidential

Page 37 of 245

TA4451-TAJ

Final Report

13 Risk Management And Intelligence

14 Customs Statistics

December 2006



Perform two main functions. First is that it helps to identify and flag any potential threats or nonconformance, and alerts the CD Officer. Second is that CD Officers can specify and set the risk criteria for each of the Core Systems.



It can be used to build risk profile for companies as well as individual; this can be referred to as the Blacklists.



It can also take in risk data from external systems and incorporate this data into its criteria for consideration. However, this data has to be of predefined file format, or it has to be converted through the Conversion Engine.



Has the ability to analyze trends and projections. The overall goal is to provide Customs with an intelligent system that allows it to direct its limited resources to potentially high-risk consignments.



Allow CD Officers to generate customs and trade statistics for the CD RT or the Ministry.



It can be scheduled to generate routine reports, or be operated to generate reports on-demand. Data will be drawn from the UAIS central database.

116

The Common Services consist of software components that are used by the Core Systems and Subsystems. These components are the underlying building blocks, and they provide essential functionality to UAIS.

117

The Common Services include the following components: 1. 2. 3. 4. 5. 6.

118

Access and Password Services; Notification and Alert Services; Audit Services; Report Engine; Rule Engine; and Reconciliation Engine;

The Messaging Gateway is an important part of the UAIS that allows communication between client-software and server-software. It also acts as the interface between external parties and the UAIS. It supports all standard communication protocol and implements secure connection for message depository and retrieval. The Messaging Gateway has a built-in Conversion Engine to format messages if needed.

Final Release

Private & Confidential

Page 38 of 245

TA4451-TAJ

119

Final Report

December 2006

A diagram of the overview of the UAIS is shown below:

Final Release

Private & Confidential

Page 39 of 245

TA4451-TAJ

Final Report

December 2006

120

The different applications of UAIS will interact with each other through programming interfaces. An interaction grid between the applications of UAIS is shown below. The grid is based on the functional requirement that had been drafted.

121

The functional requirements for the UAIS software are detailed in Appendix D. They contain description of all the functionality needed in each UAIS component and System.

Final Release

Private & Confidential

Page 40 of 245

TA4451-TAJ

Final Report

VII.

December 2006

IT INFRASTRUCTURE AND NETWORK FOR UAIS

A.

Introduction

122

The current infrastructure of Customs Department Headquarter (Customs HQ) and Regional Offices (RO) is inadequate to support the full implementation of the UAIS.

123

It is proposed to adopt a centralized model for the UAIS whereby all trade related processing and data are hosted at Customs HQ. The users at regional offices, border posts, terminals and the Trade and Logistics community at large will access the Custom HQ for all trade transactions. The IT infrastructure and network is designed based on this guiding principle.

124

Having a de-centralized model will not be cost-effective, as it will mean duplicating the infrastructure at Customs HQ to the Regional Offices to a large extent. Having a de-centralized model will also complicate the workflow such as having to synchronize the data and software between Customs HQ and Regional Offices.

B.

Assessment of current ICT Infrastructure

125

The current ICT Infrastructure is not adequate for Customs Modernization. summarized assessment is shown in the table below: -

Current ICT Infrastructure • • • • • •

C.

Assessment • •

Hardware is inadequate Most hardware is obsolete



No overall IT network for connection Customs HQ, Regional Offices, and Border Posts No Data Center (DC) to host the servers



Steps for UAIS setup 1.

126

Most PCs are Pentium II and III running Windows 98, ME No servers for hosting web-bases Customs transaction applications Limited Internet connection Regional Offices have no LAN Data transmission via diskettes and Codan radio modem Customs HQ has LAN but no Data Center

A

Equip CD RT with ICT equipment such as PCs, printers and scanners and UPS.

The UAIS needs to be supported by all these peripheral equipment so that users can interact with the system electronically and in an effective manner. Appendix F shows the type of equipment, quantity and estimated cost that is needed to equip the whole of CD RT.

Final Release

Private & Confidential

Page 41 of 245

TA4451-TAJ

2. 127

Final Report

December 2006

Setup a UAIS network based on the framework as shown below:

The diagram below shows the overall high-level view of the proposed network infrastructure that will be needed for the implementation of UAIS:

Figure 1: Diagram showing the connectivity scenarios for the UAIS

Final Release

Private & Confidential

Page 42 of 245

TA4451-TAJ

128

Final Report

December 2006

The network connectivity alternatives for UAIS is also shown in the table below: -

Leased line

Telephone Telephone Radio Radio waves - Wi-Max line – ADSL line – dial- waves – Codan modem modem up modem GPRS (Internet) (PSTN) (Internet)

Satellite

Customs HQ to DR Customs HQ and Regional Office Regional Office and Border Post Customs HQ and Border Post

129

There is a need for on-line synchronization of data between Custom HQ and Disaster Recovery centre and for security and performance reasons, a leased line is preferable for linking the 2 sites.

130

Telecommunications is available at Customs HQ and Regional Offices and hence it is possible for these sites to link to internet via ADSL modem, GPRS or do a modem dial-up using the Public Switched Telephone Network (PSTN)

131

At the border posts, especially those in remote areas such as KHATLON and GORNO-BADAKSHAN, telecommunications infrastructure may not be available and hence it is necessary to transmit the Customs declaration via Codan radio modem to the regional offices where the information will then be entered into the UAIS. This is a temporary solution until the telecommunications infrastructure is available to such areas.

132

We have proposed VSAT (Satellite) and WiMax for network alternatives, but these were considered not viable taking into account the specific conditions in Tajikistan.

Network Alternatives (not viable) VSAT (Satellite)

WiMax

Reasons High Cost - estimated costs $50,000 per installation $3,000 to $5,000 monthly charges Wave frequency is not allowed

Table showing reasons for the not viable alternatives

Final Release

Private & Confidential

Page 43 of 245

TA4451-TAJ

133

Final Report

December 2006

The monthly telecommunications charges (based on Babilon) of using the network alternatives is shown below:

64 kbps 128 kbps 256 kbps 512 kbps 1024 kpbs

ADSL

Dial-up modem

GPRS

$192 $384 $768 $1536 $3000

$30 -

$30 -

Table showing the monthly telecommunication charges 134

The current average file size (based on 34 data items) of Customs declarations is around 1 kilobyte per declaration. Appendix L shows the Customs declaration volume for the year of 2005. The data show that around half of the border posts have less than 10 transactions per day. Assuming a file size of around 5 kilobyte per transaction for the UAIS (all the 54 data items are captured), most border posts can use the bandwidth of 64 kbps via dial-modem (or GPRS) to submit the transactions to Customs HQ.

135

The Traders can make use dial up modem to access the Customs HQ. This is shown in the diagram below. The traders will use the UAIS front-end applications on their PC, and after which they can connect using modem to dial up and submit or retrieve messages from the UAIS Messaging Gateway.

Diagram of the network connectivity through dial-up modem 136

The remote access server (RAS) will receive the call and authenticate the call through radius server. Upon successful authentication, the server will connect to the modem and allow data to pass. The firewall will intercept the data allowing only certain protocol to pass through the Messaging Gateway.

Final Release

Private & Confidential

Page 44 of 245

TA4451-TAJ

137

December 2006

Regional offices and border posts with higher transactions such as Dushanbe-2 that process up to a maximum of around 150 declaration transactions per day can use the ADSL modem of 128 kilobytes per second (kbps), which should be of sufficient bandwidth. 3.

138

Final Report

Equip each Regional Office with LAN and connectivity to UAIS network.

A typical LAN setup using ADSL to connect to ISP/Internet is shown below:

Diagram: Regional Office with ADSL connection 139

A LAN network that is protected via firewall and Intrusion Prevention System will connect each regional office. A VPN concentrator enables the regional offices to have a secure and private connection to the Customs HQ through the Internet. The specifications for the regional office hardware are shown in Appendix F.

Final Release

Private & Confidential

Page 45 of 245

TA4451-TAJ

4. 140

Final Report

December 2006

Equip the priority Border Post with LAN and connectivity to UAIS network

A typical LAN setup using ADSL to connect to ISP/Internet is shown below:

Diagram: Border Post with ADSL connection 141

In the high priority border posts where there are more than 4 PCs, a LAN and a server will be installed to connect and administer the PCs and printers. The LAN is protected by firewall, which is built-in on the router. The specifications for the border post hardware are shown in Appendix F.

Final Release

Private & Confidential

Page 46 of 245

TA4451-TAJ

Final Report

December 2006

Diagram: Border Post with GPRS connection 142

In places where no PSTN is available, the cellular phone GPRS network can be used to connect to the Internet and to Customs HQ. The workstation is connected to the cellular phone via cable or Bluetooth, which will in turn use GPRS to access the Internet.

Final Release

Private & Confidential

Page 47 of 245

TA4451-TAJ

5. 143

Final Report

December 2006

Setup Customs Intranet Zone using Virtual Private Network

The network for the UAIS is divided into 2 main parts: Local Area Networks (LAN) and Wide Area Network (WAN) component interconnecting these LAN’s. LAN component shall consist of functional local area networks: (i) (ii) (iii) (iv)

Central office Six functional divisions Dushanbe, Tursunzade, Sughd, Khatlon and Gorno-Badakhshon regional offices All customs internal/border posts

Diagram showing VPN connection between Customs HQ, Regional Offices and border posts 144

Between the regional offices and HQ, hardware VPN concentrators are used to enable secure connection through the Internet. At the border posts, the software VPN clients on the PCs are used for secure access to the Customs HQ and Regional Offices.

Final Release

Private & Confidential

Page 48 of 245

TA4451-TAJ

6.

Final Report

December 2006

Setup a Data Centre to host the servers at Customs HQ and setup a Disaster Recovery (DR) site at least 5 km away from Data Centre

145

HQ will have a Data Center that will host the UAIS back-end. In addition, it will have an infrastructure that will support the following:

146

The UAIS Production Environment. This consists of three layers, the Demilitarized Zone, Application layer and the Database layer.

147

The UAIS Development Environment, which is a scaled-down version of the Production Environment. Developers to deploy and test the UAIS software before moving it to Production Environment use this segment.

148

The Management Segment Zone is where network and system administrators will work. The zone shall manage the firewalls, routers, servers, security devices and other network infrastructure.

149

The Core Network Zone, which is where the workstations of the Customs are connected by switches.

150

The Disaster Recovery Centre is a scale-down size of the Data Center and will be connected to the Data Centre via a leased line.

Final Release

Private & Confidential

Page 49 of 245

TA4451-TAJ

151

Final Report

December 2006

The hardware specifications for Data Centre and Disaster Recovery Centre are shown in Appendix F.

7.

Setup a centralized database at Customs HQ using Oracle as RDBMS

152

Data is an asset that should be protected to safeguard its integrity, confidentiality and availability. Hence t is important for Customs to have a centralized database to store and manage the data using a RDMS database such as Oracle.

153

Some of the most important data to keep in the Customs’ database are shown in the diagram below.

Application Layer

Customs Declaration Warehousing

Database Layer

Manifest

Black List

Manifest

Risk Management

Code Management

Customs Declaration

Valuation

HS code

Travelers Data

Valuation

Exchange Rate

License

Post Audit Custom Clearance

Risk Managemen

Goods Inventory

154

The most important data in the database is the Customs declarations data that provides source information such as the declarant’s particulars, HS-code, country of origin and value of goods. The information is used in other subsystems such as the risk management whereby based on certain rules, the Clearance officer decide on the need for goods inspection. Any deviation in the goods valuation from the normal range may trigger an alert to the Post Clearance Audit officer who may then conduct a post audit of the company.

155

The centralized database will enable the UAIS to manipulate and compare data. For example, the manifest data can be compared against the Customs declaration data to check that the items and quantity are correct and the UAIS will flag an alert if there are any discrepancies. A centralized database will enables UAIS to generate statistics for tracking key information such as Performance Indicators.

156

The centralized database will also keep the reference data such as HS code, Exchange Rate and Tariff nomenclature. These information needs to be published to Declarants as they will need to reference these information when doing Customs declarations.

Final Release

Private & Confidential

Page 50 of 245

TA4451-TAJ

Final Report

December 2006

157

Proper design of database using relational database technology is needed to ensure data integrity, data is secured against unauthorized access and database performance is optimized.

D.

General Requirements 1.

158

The network between the Regional offices and Headquarter shall have high availability of 99.95%. This is done by operating system clustering or load balancing of the servers. Application that cannot be cluster will be using load balancer to direct traffics to multiple servers. The bandwidth supporting the regional offices to Headquarter shall be sufficient to support various applications without degrading the performance of the application.

2. 159

Availability

Performance

Online response time for a transaction is the elapsed time starting from an event such as a click of a button using a mouse (to activate a transaction) to the time where the computer generated output is seen on the screen of a PC. The network infrastructure should be designed such that such that the online response time for the system in the intranet shall meet the specified performance standards for at least 80 percent of the transactions. Transaction Type Submit transactions Search transactions Reports

160

The network infrastructure should be designed such the online response time for the system in the extranet shall meet the specified performance standards for at least 80 percent of the transactions. Transaction Type Submit transactions Search transactions Reports

3. 161

Response time (seconds) 5 seconds 8 seconds 12 seconds

Response time (seconds) 12 seconds 15 seconds 20 seconds

Security

The network infrastructure shall be designed such that the intranet zone is secured against unauthorized access and is not accessible to non-Customs users in the extranet zone.

Final Release

Private & Confidential

Page 51 of 245

TA4451-TAJ

VIII. A.

Final Report

December 2006

QUALITY ASSURANCE AND SECURITY REQUIREMENTS OF UAIS

Quality Assurance 1.

Processes for software development and quality assurance

162

The supplier shall be preferably be ISO 9001:2000 certified and have been appraised at CMMI level 5

163

If the supplier does not meet the requirements of ISO 9001:2000 and CMMI level 5 as specified in the above clause, the supplier shall substantiate that they have equivalent processes in place for the development and maintenance of the system.

164

The supplier shall propose the software development methodology for the project. As part of the software development, the supplier shall put in place processes to ensure that the system delivered is of high quality standard and free of defects.

165

Appendix G shows the framework of processes required for software development and quality assurance. The development methodology shall support the list of processes.

166

The supplier shall propose additional processes that are needed for producing good quality products and for successful completion of the project.

167

The supplier shall propose the relevant software development standards and guidelines for the processes. Examples of standards and guidelines are design and programming standards, versioning control standards and user interface guideline.

168

The supplier shall prepare a Quality Assurance (QA) plan for the project and submit for approval.

169

The QA plan shall outline how quality is built into the software and documentation. The QA plan shall contain the following items, but not limited: i. List of processes and products to be evaluated. ii. Checklists to be used for conducting evaluations and generating QA evaluation reports iii. Standards for the processes and products. iv. Quality metrics for measuring process performance and product quality v. Processes for tracking non-compliances and corrective action processes to be used vi. Project schedule for QA activities.

170

Some of the more important quality metrics for monitoring are: i. Project schedule (deviation from planned schedule) ii. Manpower effort (deviation from planned effort) iii. Testing coverage (requirement specifications covered by test scripts) iv. Number of test scripts not executed after completion of testing v. No of bugs not resolved after completion of testing vi. Number of non compliances to processes (audit findings) vii. Number of peer review bugs not resolved

Final Release

Private & Confidential

Page 52 of 245

TA4451-TAJ

171

Final Report

December 2006

The supplier shall ensure that the standards stated in QA plan are met and the products and quality records as specified in Appendix G are available for inspection when required. 2.

Testing Requirements

172

The supplier shall propose the testing methodology to be used for the project.

173

Appendix H describes the testing phases that should be used in the project. The testing methodologies shall support the stated testing phases. These tests are to be conducted by the supplier before User Acceptance Testing. i. ii. iii. iv.

Unit Testing Integration Testing System Testing QA Testing

174

The supplier shall state what the testing tools are used to facilitate the testing and debugging process and detection and recording of bugs.

175

The supplier shall keep and maintain all testing records such as test plans, test specifications and test results for each of the testing phases and make it available for inspection when required.

176

The supplier shall conduct user acceptance tests comprising of i. ii. iii. iv. v.

System Functional Tests System Integration Tests Business Flow Tests Performance and Load Tests Security Tests

177

The details of the user acceptance tests are described in Appendix H.

178

The supplier shall ensure that realistic databases and the number of transactions based on production workload are used for performance and load tests.

179

The response time for passing Performance and Load Tests for the intranet and extranet zone are as specified in paragraph B of the IT Infrastructure and network of the UAIS section

180

In addition all data migration from existing system to new system shall be subjected to user acceptance tests. The supplier shall ensure that all data are converted and migrated successfully.

181

The supplier shall develop an acceptance test plan and procedures and submit for approval.

182

All user acceptance test specification and scripts shall be developed by supplier and submit for approval.

Final Release

Private & Confidential

Page 53 of 245

TA4451-TAJ

B.

December 2006

Security Requirements 1.

183

Final Report

General assessment infrastructure

of

security

controls

of

the

current

ICT

The current ICT infrastructure consists of PCs and servers connected by LAN at the Customs Department at Dushanbe. At the regional offices, the infrastructure consists of mostly standalone PCs. The main software used are Microsoft Operating System such as Windows 2000 and Windows XP, Novell network software and Microsoft Visual FoxPro for processing trade declaration data. Risk in Confidentiality of Data

184

At the frontier posts and terminals, trade declaration data is entered using Microsoft Visual FoxPro database system running on PCs. There appear to be no access control such as by user identification and password on accessing the FoxPro system on the PCs. This will pose some security risk, as anyone who can access the PCs will be able to access the data for viewing or manipulation. Data must be protected by access control that will involve some form of identification, authentication and authorization.

185

Trade data is sent to the regional office via dial-up radio modem on a daily basis. Diskettes are also used as the medium to transmit the data to regional office. The diskettes are dispatched manually. It is established that the data stored on the diskette are not encrypted during the transmission. Without encryption, the security risk is that unauthorized persons can intercept data during the transmission and as information is in the clear the confidentiality of data is jeopardized. Data transmitted by radio waves can also be intercepted and they must be encrypted at all times. The violation of data integrity can be either intentional or accidental. Intentional violation includes alteration of data by unauthorized persons and this is a possibility here, as the system does not have proper access control and encryption. Risk in violation of Data Integrity

186

Currently Custom Brokers submit the declaration manually using Customs trade declaration forms. The declaration is then entered by Customs into the FoxPro database system. Some front-end software is used for entering trade declarations such as such as “ALTA GTD”. But it is not compatible with the FoxPro system used by Customs and hence the information has to be re-entered by Customs. This reentering of data is prone to human mistakes and it might affect the accuracy of data. The integrity of the data could be better protected if the system allows the traders to enter the data electronically that are then routed to Customs for approval, so that data is entered only once.

187

It is established that the FoxPro database system only validates the date field. To improve the accuracy of the data, the system should have proper input validation controls. This could include validating the fields such as Country of Origin, Place of Loading and Modes of Transport. Other relevant business rules should be incorporated into the system to catch any errors before the data gets updated into the system.

188

The FoxPro database system does not maintain audit trails of transactions. This makes it difficult to have accountability in the system whereby users know they are accountable for their actions on the system and also avoid activities could damage the system. For every action taken on the system, there should be a relevant log

Final Release

Private & Confidential

Page 54 of 245

TA4451-TAJ

Final Report

December 2006

entry containing the information of the name of user (or user ID), date and time of the activity, action taken and the result of that action. Having audit trails will provide a method of tracking and logging that allow for tracing security-related activity such as unauthorized modification of trade data. Risk in Availability of data 189

From security point of view, the availability of the data right when it is needed is crucial for the operations of the Customs. There are UPS to protect the PCs and servers from power surges and outages. There are backup procedures in place. Data at frontier posts and terminals is duplicated at regional office. There is a backup server at Customs Statistics division. Since all the processing of trade data is done at Central Office, it is important to have an off-site recovery centre in case there is disaster at the Central Office so that data is still available and the disruption to trade data processing is minimized. Network Security

190

Having firewalls in place to protect the LAN at Customs Department protects network security and there are also anti-virus software installed on PCs. Having Intrusion Detection Systems to report and alert any violations of security could better protect the critical network points and servers.

191

PCs are installed with virus scanning software. The risk of PCs infected with malicious software such as virus, Trojan horse and worms is low if the PCs are scanned regularly and the software is updated with the latest patch. 2.

Security Framework

192

A comprehensive security framework should be implemented to protect the UAIS from unauthorized access and hacking. The framework consists of 3 layers comprising of Prevention, Control and Monitoring.

193

The foundation of any security framework consists of the following activities: i. A comprehensive Security Policy needs to be established for Customs. It should encompass network administration, system access, server administration, change control policy, personal computer usage, data centre, and incident investigation and response policy. There should be security guideline for various IT devices. ii. To effectively pinpoint the risk and select the control to reduce the risk, a risk assessment needs to be carried out on the ICT infrastructure. iii. Provide security training for the staff. This includes awareness training for all staff and security testing techniques for IT staff. iv. Security Audit needs to be carried out to detect any lapses in security policy Prevention

194

Prevention activities consists of: i. Network security review of the network structure and configuration

Final Release

Private & Confidential

Page 55 of 245

TA4451-TAJ

Final Report

December 2006

ii. System security review includes looking at servers’ access controls and security software patches updates. iii. Vulnerability testing is scanning the network for any vulnerability. iv. Penetration testing on the system and application based on the latest vulnerabilities, hacking technique and hacking tools.

Control 195

Based on the results of vulnerability and penetration testing, it may be necessary to put in place access controls so as to allow only authorized person to access the appropriate resource.

196

Different levels of access control are implemented in most of the cases. i. Network Access Control: Production network is separated from internal network to prevent internal malicious activities. Three layers of firewall are designed to protect different security levels of network. ii. Remote Access Control: Remote access to network is through VPN; appropriate access control is implemented to provide security to remote network access. iii. System Access Control: Every operating system has access control sub-system to manage the user access. This is done through user account management and user

197

Monitoring i. System activity is monitored to detect malicious activity against system. There is a need to centrally monitored the availability and performance of all systems including servers, database, routers, switches, firewalls, IDSs, etc. Activities and security information is collected centrally, and analyzed to detect suspected activities.

ii. Network monitoring monitor the network performance, utilization, security, and Internet usage. Network performance is monitored to pinpoint the bottleneck, network utilization is reported periodically to high-light the problem protocols, security is monitored to detect any denial of service attack or sabotage against network devices, Internet usage are monitored to ensure the compliance with government regulations.

iii. Different types of Intrusion Prevention Systems (IPSs) are deployed to protect network. Host-based IPS protects critical servers in UAIS iv. Multi-layers firewall should segregate the critical systems into separate subnet and provide strict controls to the connections between subnets and systems.

Final Release

Private & Confidential

Page 56 of 245

TA4451-TAJ

3.

Final Report

December 2006

General

198

The supplier should preferably be ISO/IEC 27001/ BS7799 certified.

199

If the supplier does not meet the requirements of BS7799 as specified in the above clause, the supplier shall show that they have equivalent processes in place for the development and maintenance of the system.

200

The supplier shall explain in detail the security and control features of the system to prevent unauthorized access and intrusion to system and vulnerability to virus attack.

201

All system software including antivirus scanning software shall be updated with the latest security patches to prevent any security breaches from occurring.

202

The supplier shall develop a risk management plan to identify, analyse, prioritize and respond to security risks and include procedures to monitor and control the risks.

203

In the intranet zone, the system shall support Virtual Private Network (VPN) for secure connection between regional office and HQ and Secure Shell (SSH) shall be used for system administration support. The system shall support Secure Socket Layer (SSL) for Custom users accessing Custom applications through web browsers.

204

In the extranet zone the system shall support SSL for secure connection through Internet using web browsers. Secure File Transfer Protocol (SFTP) shall be used for connection using dial-up modem via telephone lines.

205

The details specifications for security are as shown in Appendix I. The system shall conform to the specifications.

4. 206

System Access

Access control system shall be able to implement the following password policies which shall be configurable: i. Minimum password length of not less than 8 characters ii. Required character usage of both alpha and numeric iii. Disallowed usage of previously used passwords

207

The system shall store passwords in encrypted format.

208

The access control system shall enforce the use of automatic password expiration after a configurable specific timeframe on PCs and require user to choose a new one.

209

The access control system shall allow the System Administrator to reset the password for user and the system shall force the user to change the password to a new password upon successful log-on to the system.

210

The system shall suppressed display of passwords when it is entered.

211

The access control system shall track the number of unsuccessful logins and if the number of unsuccessful logins is more than three, the access control system shall disable the account.

Final Release

Private & Confidential

Page 57 of 245

TA4451-TAJ

Final Report

December 2006

212

The access control system shall implement auditing of passwords. This includes any changes to the password, resets to the password and changes to account status.

213

The access control system shall allow on-line addition, updates or deletion of accounts without affecting the operations of the system.

214

The access control system shall allow the implementation of the principle of least privilege where all rights and permissions necessary for an account can be given, but no more than what is needed.

215

The access control system shall allow the implementation of role-based model where different access rights and constraints can be associated with the role.

216

The system shall allow the System Administrator to temporarily disable an account if required.

5.

Network and System Security

217

All transmissions between the servers and the clients shall be encrypted with minimum key size of 128 bits for symmetric algorithms and using standards such as Triple DES (3DES) and Advanced Encryption Standard (AES). SSH shall be used for login to network equipment. For asymmetric algorithms, the key size shall be at least 1024 bits.

218

Intrusion Prevent System/Detection System (IPS/IDS) shall monitor the critical servers for hostile activities. Network IPS/IDS. Shall be used to monitor the entire network.

219

In case of problems such as intrusion, alarms shall be installed to alert administrators. These notifications can include paging, calling a telephone number and email to deliver a message.

220

Firewalls shall be installed to separate the all servers in external world and Internet from the servers in the internal networks.

221

All servers in internal network should use private IP address.

222

Firewalls shall also be installed to separate the production environment from development environment.

223

The production environment shall be separated in three zones – Demilitarized Zone (DMZ) containing web servers, application zone containing application servers and database zone containing the database servers. The three zones shall be separated by firewalls.

224

Standard protocols (such as http and https) and ports (80, 443) shall be allowed for connection from external network to internal network.

225

All unused ports and protocol shall be blocked by firewalls.

226

There shall be antivirus software to scan all incoming traffic such as e-mails, documents and images. All workstations should also be scanned and monitored daily for virus using antivirus software.

Final Release

Private & Confidential

Page 58 of 245

TA4451-TAJ

Final Report

December 2006

227

There should be Change Control process in place to ensure that any configuration changes taking place in software or hardware will not adversely affect the security of the operational systems. Examples include changes or upgrades to hardware; service packs or hot fixes on operating system software and changes to firewall rule.

228

Configuration of the system shall be documented and maintained up-to-date.

6.

Application Security

229

Application should not contain malicious code such as Trojan Horse, Viruses, Worms and Logic Bombs. It should not contain unwanted functionality and back doors to the system.

230

Application should have robust input data validation so that it is not attacked by exploits such parameter tampering, buffer overflow, cross-site scripting and session hijacking,

231

Application shall maintain audit trails to capture users’ actions. The audit trails should be accessible only by the system administrator and should be protected against tampering.

232

The error message displayed should be user-friendly and should not contain any system error code and messages

233

If an error is encountered, the application should handle the error gracefully without abrupt exit of the process to the operating system level and instruct the uses how to overcome the error.

234

Where cookies are needed for web application, session cookies shall be used and the cookies shall not contain sensitive data. If the cookies contain sensitive data, the data in the cookies must be encrypted.

7.

Physical Access to System

235

The system’s servers and equipment should be housed in a secure location where the entrance is restricted to only authorize personnel.

236

An audit trail shall be maintained for personnel entering and leaving the secure location.

Final Release

Private & Confidential

Page 59 of 245

TA4451-TAJ

Final Report

IX.

December 2006

PROPOSAL FOR THE REORGANISATION OF THE CD RT

237

The CD RT present organization structure is contained at Appendix E. With the establishment of a UAIS, a reorganization of the CD RT is proposed and depicted at Appendices D1 to D8.

238

One of the major proposals is to establish a Computer Information System Division (CISD), within the CD RT rather than as a separate entity like in the MSRD, to take charge of all ICT matters. The centralization of CD RT UAIS under the CISD will ensure that the ICT personnel are well tuned to the needs of the CD RT. They would have been trained on CD RT business process and thus will be able to attend to CD RT special needs. Their hands-on experience of CD RT business process will also facilitate their commitment to the department. The presence of CISD officers will also facilitate immediate response to systems failure. There will be two major components in the Division. One sub division, the Systems Development subdivision with systems analysts and programmers will take charge of the Applications Systems. Programmers under this sub division will also be attached at the five Regional Offices to ensure the smooth running of the UAIS. Other functions may include producing ad hoc programmes on request by Regional Office’s Director, for example, statistical tables not already provided for and which are to be used. The other section will be Systems Maintenance sub division responsible for maintenance of the systems. The Data Centre (DC) which houses the CD RT systems will be manned by operators from the Systems Maintenance sub division. The DC is expected to run twenty-four hours with systems downtime necessary for maintenance work. Operators will man the DC in three shifts. Each shift is proposed to have 3 operators.

239

Another sub division will also provide administrative Support. This unit will also supervise the Customs Administration System that is tasked with allocating and generating user-ids and passwords to internal users (CD RT staff, government agencies, Ministries’ representatives, banks, CCI personnel and representative of foreign administrations) and the dispatch of the user-ids and passwords to the appropriate persons.

240

A Training Division is proposed. The Division will undertake the organization, preparation and conduct of Customs skills courses such as Valuation, Risk Management and Classification of Commodities. The basic training course for new recruits would also form part of the training tasks. The training organized could also include invitation of external trainers from the public and private sectors on subjects of interest to Customs. For example, the Division could organize courses by competent authorities on their functions and methodologies. The responsibilities of the Training Division would thus include the following: 1. 2. 3. 4. 5.

241

To conduct studies on CD RT training needs assessment To provide regular training on Customs skills To provide and coordinate inter-agency training To conduct training for the private sector To coordinate and conduct professional, management and other midmanagement training courses for CD RT

A Corporate Affairs Division will deal with public relations matters of the CD RT including the promotion of the organization’s public image, production of information materials, answering to queries raised by the private and public sectors and organization of official meetings with national and international guests visiting the

Final Release

Private & Confidential

Page 60 of 245

TA4451-TAJ

Final Report

December 2006

department. Promoting the image of the CD RT is important. For example, the Philippines Bureau of Customs establish a mission “to be held in high esteem in the public view, its role for national development and international trade facilitation shall be imbued in the hearts and minds of every Customs official and staff as the Bureau moves forward in its other roles of promoting National Security, Justice, Health and other objectives”. 242

Minor changes to the present organization of the enforcement divisions are also proposed. An Intelligence sub division is proposed with the main responsibility for collection, collating and analyzing information and intelligence received from overseas and locally and from Customs Offences committed. The Intelligence sub division will carry out field surveillance; provide support to Investigations sub division and the Post Clearance Audit and the Regional Offices as well. As part of its function Intelligence sub division will also be the contact point for RILO CIS receiving, analyzing and providing the necessary statistics to RILO CIS. The sub division will provide reports of RILO CIS information to the field offices. It is also tasked with the maintenance of the Customs Offence Records. After investigations of offences have been completed, the files will be sent to the sub division for it to enter data into the Customs Offence Record.

243

The proposal for the reorganization of the CD RT is to rationalize and support the establishment of the UAIS. The Regional Offices and their staff will undertake the tasks related to Customs control and clearance. Similar units of the Central Office such as CISD (mentioned above) and post clearance audit units can be formed within the Regional Offices. However, for these officers their main line of reporting will be to the Central Office Divisions.

Final Release

Private & Confidential

Page 61 of 245

TA4451-TAJ

Final Report

X.

December 2006

PROPOSED INFRASTRUCTURE REHABILITATION

244

CD RT infrastructures at regional offices and border posts vary accordingly. Some small posts that had little traffic have been closed whilst others have been constructed. In recognition of the inadequacy of the infrastructures, MSRD drew up a master plan to rehabilitate and reconstruct the offices and border posts. Several have been completed whilst some are on going. Although the master plan had been drawn up, budget for the rehabilitation had not been approved.

245

The civil works manager of the MSRD had, however, carried out preliminary studies and estimated the costs at the selected sites. 47 sites were identified within the five Regions. Several posts had also been left out of the program as these were being built under sponsorship of international agencies such as USAID. However, we were told that sponsored posts would also require minor construction works. We were provided an example of a sponsored post not being adequately finished. The international agency was said to have built the post together with a bridge into a neighbouring country. It was said that the building had toilet facilities constructed within the premises of the post; but there were no piping providing for the facility. CD RT would have to construct toilet facilities outside the premises. Other posts such as Ainy (a rail clearance point) in the Dushanbe region was completed although yet to be occupied. CD RT would have to consider the rehabilitation of 3 warehouses that had been taken over by the government. These would serve as temporary storage premises for the movement of the rail cargo.

246

Several posts were provided with technical aids and equipment. Their usage or in most cases non-usage was dictated by the availability of electrical energy and utilities. For example, the border post at Dusti in the Tursunzade region neighbouring Uzbekistan had an X-Ray machine. However, the machine was not used much owing to the lack of electricity. Most of the regional border posts faced the same problem. In addition to the rehabilitation and reconstruction, generators are proposed for these posts.

247

Based on the master plan drawn up by the MSRD, we have targeted 25 posts and offices to be rehabilitated on an urgent basis. The proposal also includes the Data Center, housing the CD RT UAIS, and the Disaster Recovery Center (DRC), which houses the back-up systems of the CD RT UAIS. The DRC takes over when the main systems at the Data Center fail. Preferences are also given to the Sughd and Dushanbe Regions. The offices and border posts of the two regions have been selected as the pilot test sites for the UAIS.

248

The review and upgrade of border posts is not dependent entirely on the high volume of traffic of trade. Several have low volume but are significant as they border the neighbouring country’s crossing and are possible sites for smuggling of drugs. A new border post, Langar, located in the Gorno-Badakhshan Region is well laid out with separate clearance points for cargo traffic and passenger clearance. Although there were drawings made for the construction of a container/truck clearance system using full capabilities of a full scale X-ray equipment, the costs for such a structure can be prohibitive (in the region of at least US$1 to US$3 million). A portable or XRay machine with conveyor belt system would be more appropriate. The cargo volume was also not high. Inspection equipment such as drugs detector kits or portable spectrometer equipment to test for drugs is more appropriate.

249

Provision has been made for the supply of X-ray machines at major points of clearance such as the Customs Terminal where goods are examined. Inspection equipment such as

Final Release

Private & Confidential

Page 62 of 245

TA4451-TAJ

250

Final Report

December 2006

The upgrading of the border posts must ensure that the technical aids and equipment are properly housed and located where they can be effectively used. As mentioned earlier the major constraint of lack of electrical energy supply can be met with provision of generators. Inoperative systems owing to lack of energy would cause delay in clearance and longer waiting time for the traders and the hauliers.

Final Release

Private & Confidential

Page 63 of 245

TA4451-TAJ

Final Report

XI.

December 2006

CHANGE MANAGEMENT & TRAINING

A.

Objectives

251

The success of the UAIS implementation will largely be dependent on how the CD RT manages the impending organizational change brought about by the modernization and automation of the customs work processes. One of the perceived fears of computerization, by individuals of the new work requirements that automation will place upon them, is that they will not be able to cope. This could be particularly true of an environment in CD RT where computers have not been any part of the working experience for officers manning the border posts. Providing them training could allay this fear. Another concern is redundancy. Redundancy, if any, can be met by natural attrition of staff vacancies. However, it is more effectively contained by redeployment as new business process are re-engineered. Several other concerns should be borne in mind when implementing change. Officers are supportive of change if they understand the necessity for change supported by information provided to them. Sharing and exchanging information increases understanding. Lack of information creates rumours and is highly disruptive. A method of spreading information is to require officers returning from overseas training and/or observation visits of other Customs Administration to present their findings. During the development of the systems, regular contact should be made to secure the officers’ confidence. The officers’ should be represented on project teams thus encouraging their participation. This places officers in a position of active participants, not merely observers. Their in-depth knowledge and experience of the manual system can facilitate contributions to form design, screen layout and report layout. Active participation could lead to total commitment. The staff must also be convinced emotionally that change will bring about improvements. Sometimes this may have to take the form of monetary rewards.

252

CD RT must also focus on the clients in the private and public sectors. The private sector such as traders and brokers will also be anxious to understand the impact of UAIS on their businesses and what they need to do to ensure compliance and take advantage of the prospective benefits. Clients must see the value accrued as a result of change. The active participation of clients in the development of changes will be a positive factor.

253

It is thus important for the CD to introduce a well-developed change management program implemented as a continuous process targeted at both internal (i.e customs management and staff) and external (i.e private traders and brokers) stakeholders.

254

The proposed change management program serve to achieve the following objectives: 1. To develop positive attitudes and mindset among CD officers and staff towards the modernization and reform program 2. To create awareness and prepare all relevant public and private stakeholders to ensure broad-based support for the customs modernization process. 3. To provide relevant training to equip the CD officers with the necessary skills and technical knowledge to harness the benefits of the UAIS

B.

Proposed Change Management Plan

Final Release

Private & Confidential

Page 64 of 245

TA4451-TAJ

Final Report

December 2006

255

The proposed change management plan will be focus on (a) providing, gathering and analyzing information on the organization, organizational culture and attitudinal change to the personnel of CD RT and the clients; and (b) providing training directly related to the introduction of the UAIS.

C.

Dissemination of Information

256

An attitudinal survey should first be carried out among Customs personnel to gauge amongst other requirements their willingness to change, the way they perceived Customs business process should be conducted and their position of importers and exporters including competent authorities as clients and partners rather than as adversaries, suggestions for improvement of Customs services, ability to adapt to changes and the proficiency in the use of ICT. The purpose of the survey would be to identify difficulties in developing positive attitudes towards change favourable to Customs modernization programs. Identification of potential areas of capacity building requiring more training resources could also be derived.

257

CD RT could also implement the selection of change agents. Change agents can champion the cause of change. They can be trained to communicate the purposes and objectives of change. The emphasis is on the positive effects of modernization. They remove the rumours and guesswork from the change process. Changes agents can thus be used as a resource to disseminate information of modernization and training activities to be developed. The emphasis, however, must be on teamwork rather than on the individual.

258

Workshops and seminars form another avenue to disseminate information to CD RT personnel and the clients they serve. The first subject should be the introduction of the UAIS. Speakers at workshops and seminars should include representatives of foreign administrations to discuss their experience with the UAIS in their country. The representatives could be from within the region or from countries with more matured systems. Workshops and seminars should include the participants from CD RT clients. Clients should also be invited to present papers that could touch on the impact of the UAIS on their business and what they can do to support CD RT programs of risk management and ensuring compliance with CD RT legislations. Workshops and seminars could be conducted half yearly during the implementation phase. Workshops conducted within CD RT and for CD RT staff could be ad hoc.

259

Prior to and during the development phase of the UAIS, CD RT could conduct study missions to countries operating UAIS. This is to gain first hand knowledge of the UAIS operating in other countries, problems faced during each country’s embarking on UAIS and the solutions adopted. Best practices employed by countries could also be gained during the visits. The representatives that are selected for such missions should be directly involved in their implementation of the program. CD RT may consider the inclusion of participants from the private sector and the competent authorities. This is to ensure that the participants can appreciate the role their counterparts play in other countries to ensure the successful implementation of the UAIS. On their return the participants should share their knowledge gained through talks and lectures to the officers and CD RT clients.

260

From time to time during the development and implementation phase, information of the UAIS should be disseminated to the staff and the general public. This could be in the form of notices and circulars, publication of brochures, publication within CD RT Newsletters and the CD RT web site. The publications could also highlight the potential benefits of forthcoming changes in the business process and issues that may arise during each stage. For a wider spread of information (and to project the

Final Release

Private & Confidential

Page 65 of 245

TA4451-TAJ

Final Report

December 2006

image of CD RT) around the country, CD RT should conduct exhibitions within each Region to inform the public of CD RT’s adoption of the UAIS and the benefits which can be reaped. D.

Training Programmes

261

The key to the successful development and implementation of CD RT UAIS is to upgrade the professionalism and skills of the staff. Training can also be divided into two parts, user training (to include all CD RT staff) on broad-based skills to enable officers to function in the new Customs environment; and secondly technical training to provide CD RT staff knowledge on use of the new systems in an ICT environment.

E.

User Training

262

User training programmes include the provision of courses on basic computer skills. This has the objective of equipping CD RT staff the basic skills of operating computers and the uses of the peripherals. It is proposed that external trainers such as the polytechnics or computer training institutions within the country carry out this skills training. The CD RT staff should also be provided other Customs skills training on Customs subject matters such as Risk Management, Valuation and Classification of Goods since these have an impact in the UAIS system. Customs skills training could in time include distance learning. The WCO has developed several e-learning programmes related to Valuation and Classification of Goods that CD RT may consider.

263

In addition the user training will also focus on the UAIS User Subsystems. Inadequate or lack of training in the use of the system could lead to delays and disruption of the system. The perception that computers can solve all problems at the touch of a button is a myth. Different screen formats appear on computer screens of officers performing clearance or processing tasks. They must be able to understand the requirements or actions that they must perform. The systems developers and the PMO and ICT Division officers will conduct the user training. Detailed training on each system is normally part of the contractual obligations of the systems developer. The PMO and ICT staff will also be trained by the systems developer to undertake training of the CD RT officers.

264

The user training of application subsystems would also be extended to CD RT clients in the trading community and the Ministries or competent authorities. Each application system and the operating of each screen format will have to be documented as an Operating Manual to be referenced by CD RT staff or the clients when the need arises.

F.

Technical Training

265

Technical training is direct to specialized training in maintenance of the UAIS systems to be provided officers of the ICT Division. The subjects include training in Systems Administration, Network Administration, Database Administration, Application Development and Quality Assurance and Security. Systems Administration equips ICT Division staff with skills in maintaining systems operations and the proper operations of servers’ functions, capacity and resource planning. Network and Database Administration concerns the daily maintenance of the network and the database respectively. Application Development provides skills in designing and coding of the UAIS. Quality Assurance and Security Testing provide ICT staff with knowledge to perform quality assurance and security testing. The training also provides concepts and methodologies used.

Final Release

Private & Confidential

Page 66 of 245

TA4451-TAJ

Final Report

XII.

December 2006

COST ESTIMATES OF UAIS

A.

Introduction

266

These are cost estimates that are prepared for budgetary purpose. The actual cost of UAIS will depend on the solution proposed by the suppliers implementing the UAIS. The monetary figures presented in this chapter are the summarized figures. The details of the costs are as shown in Appendix J.

B.

UAIS Software Costs

267

For CD RT to implement the UAIS, it has to first obtain the necessary software. There are several options in which CD RT can do that. The options are described below, but all of them require that CD RT calls for a tender with the Functional Requirement Specification given in Appendix D. Successful bidders have to deliver the UAIS software according to the functions detailed in Appendix D.

268

From experience with previous tenders, usually e-Customs software with the features stated in Appendix D has a price range from US$1.5 million to US$2.5 million. The variation depends on several factors such as features requested, complexity, customization options, length of contract, etc.

269

Thus we will budget the UAIS software at US$2.0 million. The software costs include the cost for conducting pilot testing for the 2 regions which is estimated to be US$210,000. The hardware to be used for pilot testing is assumed to be the same hardware used for production implementation. As such the main cost of pilot testing is the manpower cost of employing international and local staff to assist the Custom users during the duration of 3 months of pilot testing. Location International staff Local staff Total

Number 10 25

Estimated Cost per month(USD) 6000 400

Total Cost (3 months) $180,000 $30,000 $210,000

270

The budget include the UAIS software, as well as licenses for its supporting software, such as Oracle RDBMS, Weblogic, JReport, Microsoft Visual Studio, etc.

C.

Main Equipment and Communications Technology Costs

271

The cost figures given in this section is based upon Tajikistan list prices in US dollars. However, if the local price is not available, international list prices are used. For example the Data Center equipment cost is based on international list prices.

272

Prices of equipment may fluctuate under different market condition. We recommend that the prices be re-evaluated again just before the procurement.

273

The Data Centre is the heart of the Customs modernization. The Data Centre hosts the UAIS production and development servers and the centralized databases. The Data Centre is a 3-tier architecture providing better security and scalability and equipped with security devices such as firewalls, intrusion prevention system and VPN. The total cost of the Data Centre is around US$1.7 million. The other main ICT cost component is the Disaster Recovery Centre that is a smaller version of the Data Centre and this amount to around US$0.7 million.

Final Release

Private & Confidential

Page 67 of 245

TA4451-TAJ

Final Report

December 2006

274

At the 5 regional offices, cost centered on providing basic IT equipment such as computers, printers and scanners and providing the telecommunication equipments. All regional offices have to be wired up with LAN and connected to the Internet. There is no need to provide for DBMS licenses for regional offices and border posts as the UAIS is based on the centralized database hosted at Customs HQ. The total cost for ICT equipment in regional offices and border posts is around US$1.4 million.

275

The table below shows a summary of the estimated cost for the UAIS hardware equipment and communication equipment: Location

Estimated Cost (USD)

Data Center Disaster Recovery Centre Customs HQ Regional Offices and Border Posts Training Total

$1,733,495 $711,000 $156,345 $1,464,420 $55,530 $4,120,790

D.

Civil Works and Customs Equipment Costs

276

The estimated cost of upgrading the border posts civil works is around US$2.1 millions and the cost of providing the border posts with Customs equipments is around US$1.1 millions. There is a need to visit these border posts to obtain a more detailed and accurate upgrading costs. The border posts are prioritized in terms of reconstruction upgrading. The plan is to upgrade the border posts with highest priority and those in the pilot testing regions (Dushanbe and Sughd) so that the UAIS schedule roll-out is not affected. A more detailed roll-out plan for each border posts will be worked out to ensure that the infrastructure upgrading is in synchronization with the ICT equipment purchase and installation in these border posts.

E.

Change Management and Training Costs

277

The estimated cost for change management and training is around US$517,000. The bulk of the cost (around US$346,000) will be spent on training users how to use the computer and UAIS application components.

F.

Consultancy Services and Contingency Plan

278

Provision has also been made for the Consultancy Services (Loan TA) with an allocated sum of $550,000.

279

Physical consultancy has also been taken into account for infrastructures and equipment including ICT equipment. This is worked on the basis of 5% increase. Price contingency applies to the purchase of ICT software on the basis of 1.5%.

Final Release

Private & Confidential

Page 68 of 245

TA4451-TAJ

Final Report

December 2006

G.

Total Cost

280

The total cost and breakdown of the above 4 components is shown below. The Percentage of Budget column is the percentage of spending against the US$10.7 million budget that ADB has provided. Estimated (USD)

Cost Component 1 2 3 4 5 6 7

UAIS Software (inclusive of pilot testing) Customs IT and Communication Equipment Border Posts Upgrading and Customs Equipment Change Management and Training Consultancy Services (Loan TA) Physical Contingency Price Contingency Total

% of loan

$2,000,000 $4,120,790

19% 38%

$3,200,000 $517,250 $550,000 $230,000 $80,000

30% 5% 5% 2% 1%

$10,698,040

100%

(The total costing provided above does not take into account the taxes payable for ICT equipment and/or civil works infrastructure. The computation of funds to be allocated is based on ADB’s contribution and has not taken into account Government financing). 281

Pie chart of the proposed cost:

4 5%

5 5%

6 7 2%1%

1 19%

3 30%

2 38%

Final Release

Private & Confidential

Page 69 of 245

TA4451-TAJ

Final Report

December 2006

H.

Procurement of the UAIS

282

The cost of the UAIS hardware and software takes up about 60% of the loan structure. But we would like to point out that they are based on our proposed UAIS functionality, design and implementation.

283

We acknowledge that vendors who bid for the tender may propose different UAIS concepts to the one we recommend. For example, their UAIS software may have different functionality than the ones in Appendix D. Or their hardware and Data Centre may have different equipment. We will have to adjust the budget and cost accordingly if that is the case.

284

There are several options that the CD RT can obtain the UAIS software. The following lists the options, as well as their advantage and disadvantage. CD RT has to consider each option carefully before proceeding. 1. CD RT engages a vendor to build from scratch (meaning vendor with no Customs software experience): Advantage •



Disadvantage

Full control over the functionalities and features of the software. Software will be developed with CD RT needs in mind.

• • •

• •

CD RT may not have the expertise to supervise the software vendor. Usually a costly option because software is developed from scratch. It is risky because vendor may not be able to deliver the software within the timeframe specified due to the inexperience. Risky because vendor has no track record. Maintenance and support will be an issue in the future.

2. CD RT buys the software, without modification, from vendors who already have Customs software deployed in other countries. Advantage •

• •

Disadvantage

Could be a cost effective option, since the vendor can implement the same software in Tajikistan immediately. Timeline to implement UAIS will be much shorter. No maintenance issue, since the vendor can do this.







Final Release

Private & Confidential

CD RT may have to adapt its processes and workflow to the software, which is usually very undesirable. Usually Customs software for one country cannot cater for another country’s Customs entirely, thus there will be resistance to the adoption of the software. Any change to the software could be costly. Page 70 of 245

TA4451-TAJ

Final Report

December 2006

3. CD RT engages vendors of existing Customs software to customize their software to the functional requirements of CD RT. Advantage • •

Disadvantage

Good tradeoff between cost and features. Software will be developed according to CD RT requirements and processes.

• •

Vendor will need time to customize the software. Customization cost may be high.

4. The forth option is CD RT obtain the Customs software for free. Advantage • •

Disadvantage

No start-up cost for CD RT. Timeline to implement the UAIS will be much shorter.







Final Release

Private & Confidential

Depending on the contract, the maintenance or running cost may be very high. Usually such software needs to be customized, and customization fees may be very high. CD RT may have to adapt its processes and workflow to the software, which is usually very undesirable.

Page 71 of 245

TA4451-TAJ

Final Report

XIII.

December 2006

IMPLEMENTATION PLAN OF UAIS

A.

Overview

285

Implementation covers from the start of the tender process to the full implementation of the UAIS for the whole country and as specified in the ADB Project Preparatory Technical Assistance report dated May 2004, the estimated project completion date is 31 December 2009. With this end date in mind, the goal is to ensure that implementation is carried out smoothly with the UAIS system fully functioning within a three year timeline. Besides the application systems development of the UAIS, the implementation will concurrently include the development of communications infrastructure, capacity building at the border posts and the change management process so that the users and stakeholders of the UAIS are committed and trained to use the System.

B.

Strategy

286

In view of the complexity of the project that involves different components, it is important to strategize the implementation process to achieve the desired goal. These are as follows: 1.

287

The implementation will target the 5 regional offices and its border posts. Of the total of 87 border posts, there are 47 border posts that are have Customs declarations and will be covered by the implementation. The phased implementation will be carried out in the following order - Dushanbe and Sughd regions, followed by Tursunzade, Khatlon and Gorno-Badakhshon regional offices. 2.

288

Phased implementation by regions

Pilot testing of 2 regions which have significant Customs transactions

The implementation plan will include pilot testing lasting 3 months, involving Dushanbe Region (10 border posts) and Sughd Region (15 border posts). According to latest Customs Statistics gathered for 2005 and 2006 (over 6 months), Dushanbe and Sughd regions account for around 70 percent of Customs declarations. During pilot testing, live data will be used in the transactions and it is expected that only if the pilot testing is deemed successful, will the phased implementation to other regions be carried out. The system warranty period will only begin after the pilot testing is successful.

Region Dushanbe

Final Release

Border Posts Petroleum/Energy Regional Office Terminal Airport Dushanbe-1 Dushanbe-2 Ainy Rokhati Kafarnigan Jirgital Postal baggage Private & Confidential

Code 762001 762100 762101 762102 762103 762104 762105 762106 762107 762108 762109 Page 72 of 245

TA4451-TAJ

Final Report

Sughd

3. 289

Sughd Regional Terminal Excise Customs Khujand airport Railway transport Khojent district/Auchy- Kalacha Matcho district/Kuruksai /Fatehabad Nau district/Platina/Hashtyak/ Farmon Kurgan Kanibadam district/Kanibadam/Patar/Ravat Isfara district/Isfara3/Dahana/Batkent/Yaka-Uruk Penjikent district/Yaka-Uruk In Zafarabad /DEU – 58/Zoamin/Comsomol Asht District/Navbunyod/Uzbek-Okjar In Istraushan district/«Havotag Jabor Rasulov / Madaniyat

December 2006

762200 762201 762202 762203 762204 762205 762206 762207 762208 762209 762210 762211 762212 762213 762214

Synchronize the implementation of the infrastructure upgrading and the ICT equipment installation at the border posts

For those border posts that require infrastructure upgrading, the implementation plan has to synchronize the activities such that infrastructure upgrade is completed before installation of ICT equipment. 4.

Start change management activities and training early and continuously held throughout the 3 years implementation plan

290

There are around 700 Customs users of the UAIS system and the UAIS will also be used by external agencies such as banks, competent agencies and Ministries Activities such as seminars, workshops and trainings have to be scheduled in the implementation plan for these groups of users to increase awareness and equipped them with the knowledge of revised Customs procedures and the technical skill-sets for using the UAIS system.

C.

Implementation Plan

291

The implementation plan is shown in Appendix K and divided into 3 components. 1.

292

Component 1 – Development of ICT

This involves the development of UAIS system and communications infrastructure. As shown in the implementation plan, the UAIS system is expected to be developed over a period of 1 years and 6 months after the award of the tender. This is followed by the pilot testing for 3 months and then phased implementation by regions. The Pilot Testing is a parallel run of UAIS system and manual system. There will be a system warranty period of 1 year after the successful completion of pilot testing. To reduce project risks, it is recommended that the development strategy be based on iterative prototyping approach with intermediate users’ feedback on the prototype so that misinterpretation of users’ requirements can be minimized. Development of

Final Release

Private & Confidential

Page 73 of 245

TA4451-TAJ

Final Report

December 2006

telecommunications infrastructure for Customs has to go hand-in-hand so that telecommunications infrastructure is ready for User Acceptance Testing and Pilot Testing. 2. 293

One critical milestone for development of Infrastructure is the User Acceptance Testing phase. The Infrastructure of Data Centre, Disaster Recovery Centre and border posts should be ready and installed with ICT equipment before User Acceptance Testing. The other milestone is that the infrastructure of border posts involved in the pilot testing (Dushanbe and Sughd) regions should be completed before pilot testing begins. 3.

294

Component 2 – Development of Infrastructure

Component 3 – Change Management and Training

The change management activities will be held continuously over the 5-year implementation plan. In particular to improve the computer literacy, the implementation plan includes basic computer training for all Customs’ staff who will need to interact with UAIS system and regular classes will be conducted. Priority should be given to tanning those users who are involved in User Acceptance Testing and Pilot Testing. To improve the knowledge and skill-sets of Customs management, the implementation plan includes risk management and post clearance audit courses by external trainers. Training for IT staff on operation and maintenance of systems and network, application development, quality assurance and security testing are also included so that there is a pool of trained personnel to maintain the UAIS and ensure that the system is running smoothly with high availability and performance.

Final Release

Private & Confidential

Page 74 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX A OVERVIEW OF THE CUSTOMS DEPARTMENT, REPUBLIC OF TAJIKISTAN

Final Release

Private & Confidential

Page 75 of 245

TA4451-TAJ

Final Report

APPENDIX A.

December 2006

OVERVIEW OF THE CUSTOMS DEPARTMENT

1

The Customs Department of the MSRD RT is entrusted to develop and implement customs policy directed on immunity protection and economic security of the Republic of Tajikistan, promotion of economic relation of Tajikistan in a system of world economic relations, assurance of protection of civil rights, market participants and state bodies as well as compliance with commitments on customs affairs.

2

Customs Legislations. The CD of the MSRD RT is governed by Customs Code and other Legislations of the Republic of Tajikistan. The Customs Code governs the actions required to accomplish the customs clearance process. The Customs Code contains, 7 Sections, 62 clauses comprising 508 articles. The present code determining legal economic and organizational bases of customs affairs, is directed on protection of sovereignty and economic safety of the Republic Of Tajikistan, promotion of economic relation of the Republic in system of world economic relations, assurance of civil rights protection, market participants and state bodies as well as compliance with commitments on customs affairs.

3

The Government Regulations sets rates on Customs Tariff. The Tax Code of Tajikistan is also applicable to CD in respect of definitions contained therein and such actions as are required for excisable goods.

4

Customs & Excise Duties and VAT. Tajikistan has a liberalized trade regime with a majority of goods already enjoying relatively low tariffs. The import tariffs range from 0%, 5%, 10%, and 15%. Tajikistan is a member of the Eurasia Economic Community (EurAsEC) comprising the Russian Federation, Belarus, Kazakhstan, Uzbekistan (a member from 25th January 2006), Kyrgyzstan and Tajikistan. The EurAsEC member states are also part of the Shanghai Forum, except Belarus, which includes China and Uzbekistan.

5

The tariff classification process is based on the World Customs Organization (WCO) Harmonized Systems (HS) developed under the Convention on the Harmonized Commodity Description and Coding System.

6

Excise tax is levied on goods manufactured locally and is applied to imports as well. Tajikistan imposes a value added tax of 20% on all goods and services. There is however no export taxes. Quotas and import licenses are placed on imported goods, that is tobacco, intoxicating liquors and fuel.

7

The Customs Department. CD is managed by a Head of Customs (the Deputy Ministers of MSRD). He is assisted by 2 Deputy Heads who are entrusted with the monitoring over the execution of orders/instructions. CD is organized with a Central Office structure located within the headquarters of the Department. The supervision, management and operation of Customs clearance within the country is administered by 5 Regional Offices, located in the regions of Dushanbe, Khujand, Khatlon, GornoBadakhshan and Tursunzade.

8

The Central Office. The Central Office comprises 6 functional Divisions namely (a) Division of Audit and Post Customs Control; (b) Division of Tariff Regulations and Customs Revenue; (c) Division of Customs Statistics; (d) Division on Anti-Smuggling and Customs Offences; (e) Division of the Organization of Customs Control; and (f) the Customs Laboratory. By and large the Divisions of the Central Office take on supervisory and monitoring roles rather than operational field duties.

Final Release

Private & Confidential

Page 76 of 245

TA4451-TAJ

Final Report

December 2006

9

The Division of Audit and Post Customs Control comprises 4 sub-Divisions of (a) Explanation and Control of Execution of Customs Control; (b) Methodology, Analysis and Control; (c) Post Customs Control; and (d) Analysis and Management of Risks.

10

A vital function within the sub-Division of the Methodology, Analysis and Control is the establishment of acceptable Customs value. The sub-Division extracts valuation data from the Statistics Division and this is augmented through the submission of a CD-designed document, the “Declaration of Facts”. The document is required to be submitted by importers/exporters with the trade declarations where the value of the goods exceeds US$1,500. The “Declaration of Facts” provides details of the goods Imported/exported such as the costs related to the goods, discounts (if any), etc. The “Declaration of Facts” is required to be accurate in all aspects. Comparison of the values of similar products (the data extracted from Statistics Division) is performed and amendments to the “Declaration of Facts” will subject the declarant to a monetary penalty. All “Declaration of Facts” is kept at the Regional Offices and hard copies are submitted when required by the Sub-Division. The document also requires the derivation of acceptable values based on the six methods of valuation (transaction value, identical or similar goods value, etc). Data on prices are also maintained at the Regional Offices.

11

Post Customs Control requires site inspections of the premises selected and are carried out by the officers drawn from the Regional Offices. Post-clearance audits (this term is used in the same context as post-Customs control as indicated in the Customs Code of the Republic of Tajikistan) are normally based on information received on possible Customs infringements.

12

The Analysis and Management of Risks Sub-Division collects and analyses information of imports/exports. Currently the CIS countries on a mutual administrative assistance arrangement within the region largely derive analysis of trade information from those provided. The Sub-Division develops profiles of traders but these are kept within the unit.

13

The Explanation and Control of Execution of Customs Control Sub-Division serves as a central registry receiving correspondences directed from the Ministry. All foreign and local correspondences on Customs control, in particular, the request for information, are channeled to the MSRD. The Minister will then route the requests to the CD. The Sub-Division is responsible for registering the correspondences received and to channel the requests to the appropriate Division/Regional Offices for follow-up action. On receipt of the reports and replies from the appropriate body the SubDivision prepares the reply for approval by MSRD. A performance indicator of a reply within one month of the receipt of the request has been established.

14

The Division of Tariff Regulation and Customs Revenue consist of 3 Sub-Divisions of (a) The Account, Analysis and Methodology of Collection of Customs Revenue; (b) Tariff and Non-Tariff Regulations; and (c) Currency Control and Tariff Preferences.

15

The first mentioned sub-Division is entrusted with the main role of preparing fiscal reports on Customs duties, excise and VAT collected. The data is derived from Regional Offices submitted through telephone and email. Data is submitted to the Sub-Division and each complete report from the Regional Office is received on the 10th day of the following month. The Regional Offices only submits daily data from the 16th day to the end of the month whilst no daily data is required for the first 15th days. The Sub-Division may also call for data on an ad hoc basis. The monthly reports generated by the Sub-Division also depict the projected revenue targeted to be collected by the Regional Office and the actual collections made. The Customs

Final Release

Private & Confidential

Page 77 of 245

TA4451-TAJ

Final Report

December 2006

revenue reports are required to be submitted to the Ministry of Finance (MOF). MOF provides the projected (target) revenue to be collected by each Regional Office. CD RT can only revise the targeted revenue (to meet state budget needs) with MOF’s sanction. Such request for change must be substantiated by historical data or other viable reasons. Revenue collected by the Regional Offices is transferred to the MOF’s account daily. 16

The Tariff and Non-Tariff Sub-Division is responsible for the preparation of legislations on tariff and non-tariff regulations as well as their review and revision when required. The Sub-Division also projects the revenue collected/lost from adoption of preferential schemes in conjunction with the Ministry of Economy and Industry. The Sub-Division prepares 10 reports monthly.

17

The Currency Control and Tariff Preferences also deals with the preparation of reports from data received by hand, electronic mail, telephone or the Internet. Internet submission is discouraged owing to the sensitivity of the data. Data on tariff preferences consists of 19 attachments from the Regional Offices. Data on currency control and tariff preferences provided to other organizations require the sanction of MOF. Close coordination is maintained with the Statistics Division for the validation of data received.

18

The Statistics Division serves as the central nerve centre of information. The Division is equipped with the most ICT equipment consisting of 10 computers, connected to LAN (with an administrator for the LAN) and 2 servers (one with access to the Internet). Radio modems are used for communication and transfer of data from the 5 Regional Offices. The Regional Offices are required to inform the Division prior to the transfer of data via the radio modems.

19

Data is collected from the Regional Offices once every 10 days. Data is received through the radio modems, diskettes or in physical hard copies. Offices near the CD headquarters dispatch their information by hand. Data via the radio modem is collected on 1 computer connected to the radio modem and is manually distributed to the staff for validation checks and report compilation. The Gorno-Badakhshan Regional Office dispatches physical copies of Customs declarations to the Statistics Division for manual reconciliation and extraction of data.

20

The Division has been maintaining information databases since 1996. The Division generates the required statistical reports for submission to CD’s management by the 5th day of the following month. The reports are subsequently submitted to the MSRD by the 10th day of the month. The Division is required to prepare 35 reports monthly.

21

The Division of Anti-Smuggling and Customs Offences has 4 Sub-divisions of (a) Anti-Smuggling and Infringement of Customs Rules; (b) Customs Investigations; (c) Analytical (National Communication Centre); and (d) Interdiction of Narcotic Drugs.

22

The Anti-Smuggling and Infringement of Customs Rules Sub-Division provides a monitoring and supportive role to the Regional Offices. Visits are made to the Regional Offices to assist in identifying methods to be adopted to prevent entry/exit of contraband. The unit also identifies types of goods that are normally the subject of smuggling. The sub-division also checks for weaknesses in the system and provides training to the officers of the Regional Offices. In addition the unit establishes profiles of Customs offenders (other than drug offenders) that are disseminated to the Regional Offices. On detection of Customs offences by the Regional Offices, the information is transferred to the Sub-Division after follow-up actions have been completed by the Regional Offices.

Final Release

Private & Confidential

Page 78 of 245

TA4451-TAJ

Final Report

December 2006

23

The Customs Investigations Sub-Division receives the reports of Customs offences detected. It collects and analyzes the information pertaining to the Customs offences detected. The Sub-division then prepares and recommends action to be taken against the offenders to the Ministry of Justice within 10 days of the receipt of the report on the offence detected.

24

The Analytical Sub-Division serves as a centre for the analysis, collection and dissemination of information on Customs offences. Intelligence to support Customs clearance and the prevention of smuggling is thus a key responsibility of the unit. The Sub-Division is also tasked with issuing instructions to prevent smuggling. The Sub-Division also plays a major role in international cooperation in respect of mutual administrative assistance. It is also the contact point for the World Customs Organization (WCO) Regional Intelligence Liaison Office (RILO) CIS region. [RILO CIS region has its head office Moscow. RILO is a part of the WCO's regional projects to establish and enhance information exchange among Customs administrations in individual countries concerning illicit drug trafficking and strengthening the analysis of information on trends in smuggling in respective regions]. The Sub-Division is also required to prepare and submit reports to the RILO office in Moscow on the local smuggling scene and the detection and seizures of illicit drugs.

25

The Narcotics Drugs Sub-Division is tasked with the prevention and interdiction of import/export of narcotic drugs including precursor materials. The Sub-division provides support to the Regional Offices on intelligence and profiles of narcotic drug offenders and methods of smuggling. The Sub-Division also takes follow-up action (such as the method of smuggling, the weakness in the system, if any, and the contacts of the offenders) when drugs are detected by the regional neighbours and which are believed to have originated from Tajikistan. The analysis of information received also assist the unit in formulating and developing strategies to combat drug smuggling. In all the Sub-Division has 7 Narcotic Detector Dogs in service and these are largely based near the Afghanistan and China borders. Within the region and under the auspices of the UN, the officers of the narcotic detector dog programme receive a three-months training course at Almaty. A narcotic detector dog is also provided to the country after the training course.

26

The Division of the Organization of Customs Control comprises 3 Sub-Divisions (a) Customs Regime; (b) Special Customs Sub-Division; and (c) Customs Clearance.

27

The Customs regime Sub-division prepares instructions and legislations related to the 18 Customs regimes established in the country. One of the standard operating procedure developed by the sub-division relates to the preparation and procedures on the completion of the Customs declaration. The sub-division also seeks the expert opinions/advice of the other Divisions and the controlling agencies (competent authorities which have controlled over the imports of products such as medicine (Ministry of Health), arms and explosives (Ministry of Defence) etc).

28

The Sub-division is also responsible for the registration of Customs Brokers. To assist interested persons, a bulletin was developed to provide information on procedures and requirements for the registration of a Customs broker. The subdivision also arranges dialogues with other stakeholders. Most dialogues arranged are not on a regular basis except for a quarterly meeting with the Customs Brokers, Customs Specialists and major traders. The quarterly meeting constitutes a Consultative Body for the airing of views of the Customs and the other stakeholders on major issues.

Final Release

Private & Confidential

Page 79 of 245

TA4451-TAJ

Final Report

December 2006

29

The Customs Special Sub-division is tasked with overseeing and monitoring of the Customs regime in respect of the import/export of electrical power and fuel (natural gas) resources. Tajikistan, except for the winter period, is a major exporter of energy resources to Uzbekistan, Kazakhstan, Kyrgyzstan and Afghanistan. The subdivision pays site visits to the energy generating plants for verification and accounting of exports. The sub-division works closely with the Ministry of Energy that has overall control over such establishments. Customs declarations are submitted quarterly since 2003 and actual exports are adjusted according for accounting and payment of Customs dues.

30

The Customs Clearance sub-division is responsible for providing clarifications to the other Division and Regional Offices in respect of the operation of the various types of Customs regimes. The sub-division established 3 types of Customs declarations namely incomplete declarations, provisional declarations and the regular one. Incomplete declarations are valid for 45 days but this form of declaration is rarely used owing to the lack of adequate information technology structure to keep track of the declarations. Such declarations developed were not restricted to types of goods and were introduced to facilitate traders’ cash flow problems and the lack of supporting documents. Provisional declarations are on a temporary basis subject to providing a complete regular declaration within a week.

31

The sub-division provides management reports on the Customs regime from data received monthly from the Regional Offices. A quarterly report is submitted to the management. However, data on the use of TIR carnets are provided after three days on entry into/exit from the country. Reports on use of temporary storage and bonded warehouses are required by the 10th day of the following month.

32

The Customs Laboratory provides support to the CD in the verification of authenticity of goods (including signatures on Customs documents) when required, conducts tests to ensure national standards are met and to provide expert opinions on the classification of goods sent to the laboratory for confirmation.

33

The Regional Offices. Each Regional Office has under its purview Customs subdivisions and posts (premises for carrying out customs clearance) and frontier customs posts located along the land-locked frontiers (designated entry/exit points) of Tajikistan's neighbors (Uzbekistan, Kyrgyzstan, China and Afghanistan). A total of 87 customs posts and stations are located in the country.

34

Except for frontier posts which are border crossings located near the borders of her neighbours, other Customs posts comprise either (a) terminals (road, rail and/or air) where goods are moved for temporary storage prior to gaining clearance and (b) Customs Clearance Posts where Customs clearance is accorded. For example, the Regional Office of Tursunzade oversees a frontier post (Dusti) overlooking the border of Uzbekistan and three terminals consisting of a truck terminal, a railway post (Regar) and an excise factory (Tajik Aluminum Factory). Other Customs Clearance Posts include one at Gizar and another at Shahrinav. In the Regional Office of Dushanbe, there is no frontier post. However there are 2 rail terminals, a truck terminal and an airport terminal that undertakes customs clearance of air travelers and air cargo. Other Customs Clearance Posts include Ainy and Kofarnigan.

35

To a large extent, only basic Customs clearance formalities, such as examination of the Customs declarations and supporting documents and placement of Customs seals or Customs escorts of convoys to terminals, are carried out at the frontier posts. The Dusti frontier post, for example, may have adequate land space to permit the construction of adequate facilities to accomplish Customs clearance (subject to

Final Release

Private & Confidential

Page 80 of 245

TA4451-TAJ

Final Report

December 2006

the supply of adequate electrical and water resources and the availability of funds). The frontier post adequately serves the clearance of overland commuter traffic (including movement of people by foot) from Uzbekistan despite the fact that the border between the two countries is wide open and with no physical barrier to separate them. This explains the establishment of a Border Guard Camp close to the border. 36

Rail traffic, for example, from Uzbekistan also does not stop at the border, as there are no stations thereat. Clearance of train passengers is carried out further inland at Regar where the facilities are of the barest minimum. Passengers are cleared at Regar before re-boarding the train for the continued journey to Dushanbe. Travelers may exploit the situation by disposing of illegal goods along the way (for example, by throwing the goods out along the tracks). Rail cargo is sealed before their onward journey to Dushanbe (where there are 2 railway terminals (one a shunting yard and terminal at Dushanbe-2 for holding of containers and rail wagons and the other Dushanbe-1 that also caters to rail passenger traffic) for Customs formalities.

37

The state-owned Tajik Rail Corporation operates the rail terminals. Basic storage facilities are established at such terminals and offices for Customs and other stakeholders such as Customs Brokers and rail traffic agents. Customs pays rental for the use of the office space within the terminal. A constant misgiving of the Customs attached to the terminal is the lack of facilities such as sheltered areas for checking cargo especially in bad weather conditions and a storage warehouse for goods found to have infringed Customs laws and regulations. Cargo not examined by Customs at the terminals is moved to private warehouses for extended storage and accomplishment of the appropriate Customs regime. Private warehouses (also licensed by Customs) are found in the vicinity of the rail terminals. The operators are required to furnish inventory control reports to the Customs on the goods held within their premises.

38

The rail operators provide Customs with rail manifests (rail bills of lading) that are presented under seal and only opened by the Customs authorities. The rail operators will inform the owners of the goods when the cargo arrives at or departs from the terminals. Customs performs selected examination of cargo usually based on local expert knowledge since their clients are known to the Customs. At Dushanbe-2, for example, an import of 30 twenty-foot equivalent units (TEUs) of containers is received. However, half of the cargo is imported by aid organizations.

39

An Airport Command manages clearance of air travelers and air cargo. There are no dedicated commercial cargo flights and goods are imported together with the normal flights arriving in the country. The flights carry 3 copies of air manifests. Most air cargo is cleared within 2 days of their arrival. All cargo is examined owing to the small number of imports that is about 2 to 3 tons per week.

40

Air travelers are required to undergo Customs clearance and a dual-channel (Red & Green) system is in place. However, most if not all passenger baggage is required to pass through the X-ray machines maintained by the Customs. The Customs do no receive prior information of the passengers and this is known only when the flight arrives and air manifests are presented. The Airport Command is also required to submit reports on air cargo received and their eventual disposition weekly and monthly to the Headquarters. Revenue collected at the terminal is transferred daily to the state budget.

41

Road Terminals for temporary storage of trucks are operated and maintained by the national Association of International Automobile Carriers (ABBAT). Movement of

Final Release

Private & Confidential

Page 81 of 245

TA4451-TAJ

Final Report

December 2006

trucks to the terminals is normally under Customs escort and in convoys. This would require that trucks be laid up at the frontier border before a convoy is gathered for the trucks to be escorted to the designated terminals. ABBAT officials at the frontier border determine the routes to be taken by the trucks. This is to ensure that the conditions and usage of the roads traveled by the particular trucks satisfy the weight and volume limit imposed by the Ministry of Transport. (This is done despite the absence of a weighing platform at the frontier border). Escorts fees amounting to about twice the salary of the escort officers are payable. 42

Trucks are permitted with Customs endorsement to travel inland to their designated points without escort. A bank guarantee (or insurance company guarantee) or cash deposit is required for such movements to prevent possible abuse. Clearance time ranges from 3 hours with proper trading documents being presented to between 15 to 50 days for cargo which have no complete (or required) trade and other supporting documents. Goods, which are not cleared under a proper Customs regime within 50 days, must be removed from the country. Temporary storage of cargo is allowed within the private warehouses for a period not exceeding 4 months. All exports are produced to the terminal for examination. Customs at road terminals are required to send monthly data to ABBAT through the regional Offices. Other data and reports submitted by the Customs at truck terminals include information on the amount of humanitarian and emergency aid received. Such imports are not subject to payment of Customs taxes.

43

Most of the data captured for transmission to the HQ are done manually in view of the scarcity of computers. The possibility of erroneously transcribing data exists. For example, 13 computers are spread over the Regional Office command of Tursunzade. Apart from the lack of computers, the frontier post of Dusti suffers from a lack of electrical and water resources. An X-ray machine for the examination of cross-border travelers baggage or packages lies idle. Dusti Post also does not have a weighbridge platform for the measurement of the trucks weight. The weight is a significant factor for the directing of the vehicle to the proper terminal or customs clearance post using the proper highway in compliance with the transport rules on road usage. The lack of electrical energy is likely to be resolved in 2006 with the introduction of energy generating projects undertaken by the government by this year.

44

The Regional Office allocates an officer to handle requests for data submission from the respective Central Office Divisions. For example, an officer at the Customs posts or offices & stations is designated the Statistics Division officer and all requests from the Statistics Division is undertaken by him.

45

Customs officers are also housed in the respective Customs posts to conduct Customs clearance. The private operators rent some of the offices out to the CD; whilst some are provided free.

Final Release

Private & Confidential

Page 82 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX B OVERVIEW OF STAKEHOLDERS RELATED TO CUSTOMS OPERATIONS AND TRADE FACILITATION

Final Release

Private & Confidential

Page 83 of 245

TA4451-TAJ

Final Report

APPENDIX B.

December 2006

OVERVIEW OF STAKEHOLDERS

1

Several stakeholders have been mentioned in the earlier description of the operations within the CD Regional Office. Other stakeholders apart from the CD include parties from the private and public sectors. Within the public sector, the controlling agencies play a vital part in determining the fast track clearance of cargo and/or the lowering of business costs.

2

The public sector is normally involved in the provision of licenses and certificates of approval. The bodies involved in the Tajikistan context consist of the following Ministries i. ii. iii. iv. v.

Ministry of Economy & Industry Ministry of Agriculture Ministry of Health Ministry of Defence Ministry of Transport

3

The establishment of national standards in line with international ones, certification, legal metrology and accreditation by the Tajikistan Standardization and Metrology Department. The Customs Laboratory also plays an important supporting role in this context as well.

4

The private sector comprises players such as: i. The Chambers of Commerce and Industry of the Republic of Tajikistan (CCI RT) ii. Freight Forwarding Organizations and in particular ABBAT, the national Association of International Automobile Carriers iii. Banks iv. Importers/Exporters v. Warehouse Operators vi. Telecommunications Operators

5

The CCI RT with 500 members from all sectors of the industry serves as a vehicle for the private sector to push for foreign investment. It has also developed a guide for foreign investment with the help of the EU and maintains a directory of import and export information within its website. In the present context the CCI RT is vested with the responsibility for the issue of Certificates of Origin (CO). The CO is in accordance with the UN CEFACT format. The issue of COs takes no more than an hour to accomplish. The CCI also has a Department for Inspection of Export and Import Goods certifying the purpose and results of the inspection. In the event of major calamities, the department also issues the “Certificate of Force Majeure Circumstances”. The CCI RT also issues preferential COs (pertaining to goods under free trade agreements (FTAs). The organization conducts survey of imported goods upon requests (although the officials expressed the wish to be present at all instances of import clearance) made to the department. Apart from such tasks the CCI RT conducts training programmes for its members. One such training program was the seminar on the Customs procedures contained in the Customs Code introduced in 2004. There is no existing use of electronic submissions and approval of COs though this is being looked into. Dialogues between the Customs and the organization are not on a regular basis and are ad hoc ones. The organization disseminates information in facsimile form or in circulars. The CCI RT expects Customs as well as other controlling agencies to expedite clearance and reduce the

Final Release

Private & Confidential

Page 84 of 245

TA4451-TAJ

Final Report

December 2006

burden of trade. The CCI RT also perceives that public sector must support their operational efficiency. 6

ABBAT has 7 members and was established on 6th December 1995. It is a member of the International Road Transport Union (IRU) located in Geneva. The IRU administers the UNECE Customs Convention on the International Transport of Goods under Cover of TIR Carnets (TIR Convention) (“TIR" stands for Transports Internationaux Routiers”, International Road Transport) which provides for the transit movement of goods from one country to another (including moving across several member countries without payment of Customs taxes and simplified Customs formalities. ABBAT represents Tajikistan as the guaranteeing association for uses of TIR carnets. It issues licenses and required documents for the organization of international transportation within and without the republic. ABBAT was established under a legislation providing for its setup as a non-governmental organization. Besides being responsible for the control of movement of international carriers in the country and the issue of TIR carnet nationally (at a price of US$100 per application), several other tasks have been discussed earlier, that is, the operation of truck terminals and the determination at the frontier borders for designated routes to be used by the international transport carriers. The Association also provides training such as use of the TIR to Tajik nationals and the traffic rules and regulations of other countries. It works closely with the government, in particular, the Ministry of Transport. Officials of ABBAT mentioned the plans for a dry port complex (to be managed by ABBAT) near the border crossing with Uzbekistan where most trucking traffic originate. Although land space is available the complex has not been built. ABBAT perceives the dry port complex as a one-stop clearance point for the complete accomplishment of Customs formalities thus doing away with the requirement to move to inland depots. The present clearance of trucks from the borders is said to be about 3 hours.

7

Banks in Tajikistan do not operate cheque payment systems and all transactions are either through payment by cash or bank transfers made electronically. The latter was introduced from 2000 onwards. Real time on-line transfers can be made between the Central Bank of Tajikistan (which administers the government’s accounts) and other local banks. However, in view of shortage of power supplies in the winter months, manual transactions have to be resorted to. The possibility of direct debit systems exists although electronic fund transfers is rarely conducted between the banks’ clients and the government sector. Local banks have recently provided for Internet banking services.

8

In the telecommunication sector, the republic has 10 operators in this sector. By far the largest private company is the Babilon Telecommunications Group. The operators in expanding their services are not aware of any national master plan for the provision of infrastructures to support their operations. Communications can be through the means of satellite, radio waves and through optical fibres. Babilon, for example, plans to expand its services through WIFI means via satellite means. In remote regions the company can ride on the lines provided by the national communications authority.

9

The warehouse operators provide logistical support for importers/exporters within premises that can consist of warehouse storage space, open container yards and open spaces for bulk cargo. Cargo not cleared cannot be removed pending Customs inspection. Although warehouses are licensed by the Customs, a complain expressed was the visits made by other controlling agencies as well. In one case, it was expressed that the Police officers also arrived for audit checks. Separate visits may also be made by the Customs and Tax Departments. A concern expressed was

Final Release

Private & Confidential

Page 85 of 245

TA4451-TAJ

Final Report

December 2006

the high costs of moving trucks from one location to another that could amount to US$50 per truck. Physical examination of 100% of the cargo especially in rail wagons and trucks (even though there was no infringements) tended to be adverse to the operators bottom line. Although provided by the rail or road terminal operators a 3 days free storage, the requirement to examine the complete shipment tended to cause delays and increase costs to the operators. Human intervention was felt to be a major issue giving rise to corrupt practice. An operator, in particular, expressed that there was no renewal notices that were sent to them prior to the expiry of their licenses. 10

The Customs Broker. By far the most important stakeholder is the importer/exporter or in all, if not most instances, his representative, the Customs brokers. A Customs Brokerage System is adopted by the Customs to facilitate import and export transactions. The Customs Broker may be a local juridical person, included in the Customs Broker Register (customs broker representative) (article 140 of CC RT). State Company (Enterprise) cannot act be as a customs broker (representative of customs broker).

11

Customs Brokers are individuals who have been certified and licensed by the Customs, after having attended a training course and successfully passed an examination conducted by the Customs. They obtained license “ Of conducting activity on customs affairs”.

12

Customs brokers are required to be registered with the CD. The broker is to produce the following supporting documents: Company Charter (or Certificate issued by the Ministry of Justice), a letter from his bank attesting to his credit-worthiness and the curriculum vitae of at least two (if not more) of his personnel qualified for training as Customs Specialists. The CD of MSRD issues a Certificate with a registration number to the Broker. Likewise CD also records the Certificate in a Register of Division on organization of Customs Control.

13

Individuals are eligible to become Customs Specialists so long as they attend the Customs training courses and successfully passed the examination. Successful Customs Specialists are registered with the CD. CD's objective is to ensure that individual who prepares and submits trade declarations is familiar with the declaration processes and be professional in their work attitudes.

14

A Customs Specialist is required to attend re-training if he commits more than 3 errors in his declaration submission. CD by way of training at least 2 persons from a customs broker's organization is to ensure that training is cascaded down to other staff of company through the trained specialists. The other staff should pass the examinations in CD after which they will be given identification numbers and allowed to execute Customs Declaration processing.

15

In the current system, the customs broker prepares a Customs declaration with supporting trade documents (commercial invoices, packing lists, certificates of origin) submitted by his clients. Most trade documents are prepared manually by the Customs Brokers whilst others have used front-end software such as “ALTA GTD” developed in Russia and modified for use in Tajikistan. The software is an integrated system, which mirrors the Customs declaration forms. Several databases are housed in the software including the tariff classification structure, exchange rates (updated every 10 days through notices and circulars from CD), etc. The software used by the brokers are however not compatible to the Customs system, the latter having developed using the Microsoft Visual FoxPro database program.

Final Release

Private & Confidential

Page 86 of 245

TA4451-TAJ

Final Report

December 2006

16

The customs brokers have also formed an association, which is about three months old to date. One of the associations' objectives is to seek consultation and participation of the CD for a more effective capturing of trade data. No electronic data interchange (EDI) transaction or simplified flat files of data on disks or other media for Customs purposes is available at this present stage. The end result is that trade data captured by the brokers will have to be re-entered by Customs officers when a declaration is submitted by the Customs Brokers to the Customs.

17

Based on the trade information entered into their systems, the broker prepares a declaration to be lodged with Customs. The declaration form which hold 54 fields is based on the United Nations Lay-Out Key (UNLK) and is common in the Commonwealth of Independent States (CIS) of which Tajikistan is a member (other members include Azerbaijan, Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russia, Turkmenistan, Uzbekistan and Ukraine). All the CIS countries had the advantage of starting from the same basic level in the development of a trade declaration form.

18

In view of their experience and knowledge through their past dealings with the CD, the brokers will notify their clients on the potential unacceptability of good values declared by the clients. Brokers typically maintain a database on acceptable range of values of products, in particular, motor vehicles. An important supporting document submitted with the declaration is called a “Declaration of Facts”, and it provides codes of the products, and their values, etc.

19

A trade declaration consists of a fan-fold set of 4 pieces of self-carbonized forms. One copy of the declaration is submitted to the Customs Statistics Division for the processing and extraction of trade data. The Statistics Division is also responsible for the timely submission of statistical trade data to the MSRD. The Statistics Division also collects, collates and submits to National Committee on Statistics of the Republic of Tajikistan. In addition, supporting units of the Division housed at Customs offices and stations at the Regional Offices prepares and submits their results to the Central Office.

20

The trade declaration forms are government-controlled documents serially numbered and can be purchased from the MSRD or the Regional Offices. The purchaser must produce a company letter to provide him with authorization to procure the declaration forms. Each form costs the buyer US$0.50. Lost Declaration forms have to be reported to the CD of MSRD. Each declaration submitted to CD for processing also costs about US$4.00.

21

The first copy of the declaration retained by Customs contains on the reverse side, the actions taken by Customs officials, and the results of checks and inspections conducted, etc. There is also a limit of a 100 line items to be submitted in a declaration to CD. The original copy of the declaration has space for 1 line item only. Additional declaration of line items will require use of continual declaration sets with each form providing for 3 additional line items. To date, the CD has not encountered declaration containing more than 100 line items. Declaration with more than 100 line items is normally related to temporary export or import out of/into the country for exhibitions.

22

The broker does not maintain any revolving credit system with Customs or his clients. No electronic fund transfer system is currently in place to facilitate the payment of duties and taxes. On completion of the preparation of the declaration, the broker will require payment from his clients for the payment of customs duties and other taxes in cash.

Final Release

Private & Confidential

Page 87 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX C OVERVIEW OF CUSTOMS PROCEDURES AND PROCESSES

Final Release

Private & Confidential

Page 88 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX C. OVERVIEW OF CUSTOMS PROCEDURES AND PROCESSES 1

The Declaration Process. The law requires traders to be registered n the Republic of Tajikistan as legal entities. To participate in the trade, the legal entities are required to register and be licensed by the TD of MSRD RT. A unique Tax Identification Number (TIN) is allocated to the registered traders. The TIN is required to be entered in trade declarations made to CD.

2

There are a total of 18 Customs regimes as follows: i. ii. iii. iv. v. vi. vii. viii. ix. x. xi. xii. xiii. xiv. xv. xvi. xvii. xviii.

Release for home use; Export; International customs transit; Processing in the customs territory; Processing for home use; Processing out of the customs territory; Temporary import; Customs storage; Re-import; Re-export; Destruction; Refusal in favor of state; Temporary removal; Duty-free trade; Free customs zone; Free storage; The displacement of supplies; Special customs regimes.

3

Clearance and Control (Import). Goods crossing the frontier are directed to Customs clearance offices and stations for examination and clearance. These offices consist of Road, Rail and Air Terminals. All imports and exports are required to be transported to the nearest Customs office and stations, or to a site chosen by the importer (or his representative, ie the broker) and with the consent of CD. Customs clearance is not completed at the frontier posts. Seals are usually placed on the cargo to ensure they are intact when directed to Customs offices and stations.

4

The Customs Specialists deposits the declaration at the appropriate Customs office and station. The Customs officials will verify the accuracy and/or acceptability of the declarations made. Subsequently the statistic subdivision’s specialist in regional offices is required to enter 16 fields of declaration into the FoxPro database program. CD had not continued to modify the database program for the capturing of the complete data available. The indication of technical difficulty was raised as a reason for the non-development of the input system. Customs statistics of foreign trade of the Republic of Tajikistan is maintained in accordance with “Integrated methodology on maintaining international trade statistics in the CIS countries” approver by the Decree of the Government of the Republic of Tajikistan No. 363 dated August 5, 1999.CD has no system of electronic declaring. Customs Declaration is filled in manually, all operations are duplicated during data entry into data base system. It often results in incorrect data capture.

5

Payment of customs duties and taxes may be made in advance to CD's deposit account; otherwise all payments are made at the time of clearance. Payments are

Final Release

Private & Confidential

Page 89 of 245

TA4451-TAJ

Final Report

December 2006

typically made in cash or via the mode of fund transfers. No cheques are used. Normally the confirmation of the receipt of monies by the CD is 2 days. 6

It was also established that imports made under a foreign currency value (other than in US$) were required to be first converted to US$ (using the CD determined exchange rate). The converted value in US$ was subsequently required to be converted to the local currency (somoni) for duty and tax payment purposes.

7

Export and import of controlled goods determined by legislation require approval and/or certification from other ministries and agencies of the republic. These include the Ministry of Agriculture, Health or Veterinary, State Inspection of Communication, Tajikstandard, Foodstuffs Corporation, Ministry of Environment, Ministry of Internal Affairs, Chamber of commerce & industry, Ministry of Energy.

8

The number of trade declarations for the first 10 months of 2005 was 44079. The number of declaration in 2004 was 57,915. Based on 2004’s statistics the average number of declarations per day are 241(using 57,915 declarations in 240 working days).

9

Clearance and Control (Export). Declarations are submitted to the Customs accompanied with supporting trade documents. Exports with claims for preferential treatment in the country of destination require the Certificate of Origin under Preferential Treatment issued and endorsed by the Customs.

10

Exporters are required to produce their consignments to the nearest Customs office and station. All exports are examined for infringements of currency control, export of national treasures and prohibited items.

11

Clearance and Control (Enforcement Measures). The physical examination of cargo is vested with the Regional Offices at the various Customs offices and stations. Additional control is performed by mobile teams (fast response teams). To facilitate trade the CD has also recently adopted post clearance checks of documents.

12

Risk Management. Risk management appears to be limited based on information received from EurAsEC member states. The risk management concept was also introduced at the start of this year and is aimed at facilitating trade based on the directive from the MSRD. A major problem is the building up of risk profiles as a result of a limitation of electronic databases.

13

Sharing of information between Customs offices and stations and between the Regional Offices is thus encouraged. The Post Clearance and Audit Division has also drawn up an elaborate checklist for the field officers to support a program for risk profiling. The procedure has not yet been adopted and is currently seeking Customs management approval.

14

It appears that there is a lack of shared responsibility for the introduction and the adoption of risk management techniques. The strategic promotion of risk management as a continuous process internally in the CD is also not apparent, as not every officer is involved in the risk management process. Constant monitoring and review and the treatment of risks is thus worthy of consideration.

15

Valuation and Classification. It is one of Tajikistan’s long-term economic goals to apply for membership to the World Trade Organization (WTO). Although some resemblance to the Customs Valuation Code is written into the Customs Code, the Tax Code may vary in terms of value being based on “market price”. This may be

Final Release

Private & Confidential

Page 90 of 245

TA4451-TAJ

Final Report

December 2006

similar to the application of the Brussels Definition of Value (BDV). BDV determined the basis of customs value as being the normal price paid or payable for a sale in the open market. The valuation was generally a notional one subject to arbitrary uplifts and the like. 16

The Rules of Valuation set down the methods of valuation to be applied in a step by step basis should the transaction value be rejected for reasons such as improper, inaccurate and suspect integrity of supporting trade documents. The various transaction value shall then be determined by the following: i. ii. iii. iv. v.

Transaction value of Identical Goods; Transaction Value of Similar Goods The Deductive Value The Computed Value The Fallback Method

17

The use of the “Declaration of Facts” can be considered a useful document towards the building up of a database for values of goods. CD appears to have made a good start and seems to be supported by brokers who are maintaining a generally “acceptable” value database, which hinges on the experience with Customs.

18

Where customs value is determined by MSRD RT, the importer can challenge the valuation. The dispute resolution mechanism is laid down in the Customs Code with reference first being made to CD and the last resort of taking the matter to court.

19

Classification of goods is based on the Harmonized System Codification, and a common EurAsEC Codification Book used by the Customs Statistics Division. The tariff codification is based on a 10-digit entry with the last two digits being used for local (in this case, regional) statistical reasons.

20

There are few requests for classification of goods from the private sector, including the customs brokers. The CD also does not charge for providing classification codes when requests are made.

Final Release

Private & Confidential

Page 91 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX D FUNCTIONAL REQUIREMENTS OF UAIS

Final Release

Private & Confidential

Page 92 of 245

TA4451-TAJ

Final Report

APPENDIX D.

December 2006

FUNCTIONAL REQUIREMENTS OF UAIS

1

This section states the software requirements of the UAIS. This means the software features that are absolutely necessary for the UAIS to work as planned are listed down.

A.

Manifests Control System 1.

2

Introduction

The Manifest Control System is for the following group of users to submit electronic manifest to CD RT: • • •

Rail and air terminal operators; Freight forwarders; and Carriers

3

The submission of electronic manifest can be either pre-arrival or upon actual arrival of vessel at the border posts or terminals of Tajikistan.

4

The main purpose of manifest submission is for Customs to do risk assessment on the shipment. It also allows CD RT to reconcile the manifest information with the goods declaration information that is submitted later.

5

Another important functionality of the Manifest Control System is that it allows CD RT to auto-process the submitted manifest documents according to the rules set into the System. 2.

Functional Requirements

6

The System shall consist of client-software and server-software processing.

7

Client-software processing handles the electronic manifest declaration and submission by the declarants. Declarants, in this case, are the terminal operators, carriers, and freight forwarders. Server-software processing consists of rule checks, validations and controls set by CD RT.

8

The Manifest Control client-software has the following functions:

9

It shall have a user interface (UI) for declarants to manage the electronic manifest. For example they can create, save, update, copy, delete, or print the manifest information using the application.

10

It shall allow declarants to make electronic withdrawal or amendment requests on the manifest that they had submitted.

11

It shall be able to validate user input and check for input or syntax errors before saving it to the database.

12

It shall allow declarants to manage user codes within the System. Examples of user codes are consignee information, product information, vessel or vehicle information etc.

Final Release

Private & Confidential

Page 93 of 245

TA4451-TAJ

Final Report

December 2006

13

It shall allow the submission of electronic manifest to the server-software through the Messaging Gateway. The submission of electronic withdrawal and amendment requests shall also be through the Messaging Gateway.

14

It shall allow the retrieval of Customs responses from the server-software after the submissions. This will also be through the Messaging Gateway.

15

It shall have a user interface (UI) for declarants to manage the Customs responses that they have received. For example they can view, or print the response details using the application.

16

It shall allow the retrieval of updated Reference Codes into the client-software. Examples of Reference Codes that can be downloaded are country codes, port codes, and unit of measurement etc.

17

It shall allow the declarants to generate timely reports in either hardcopy or softcopy.

18

The Manifest Control server-software has the following functions:

19

It shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manualprocessing area. All electronic manifests will be routed to auto-processing logic first.

20

It shall be able to receive electronic manifest documents from the client-software application through the Messaging Gateway.

21

It shall perform Customs rule validation check on the submitted manifest documents. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.

22

It shall flag document for follow-up by the CD Officer if the document fails certain rule checking. The document will be re-routed to online-processing area.

23

It shall be able to assess the risk of the shipment. This function is provided by interface with the Risk Management and Intelligence Subsystem.

24

It shall flag high-risk shipment for follow-up and the document re-routed to onlineprocessing area.

25

It shall be able to reconcile the manifest document with the goods declaration document. This function is provided by interface with the Reconciliation Engine.

26

It shall be able to trigger post Customs Control audit and inspection of cargo. This function is provided by interface with the Post-Clearance Subsystem.

27

It shall allow fees and payments to CD RT to be deducted from the declarant’s bank account. This function is provided by interface with Fees and Billing Subsystem.

28

It shall allow CD Officers to manually process documents that are flagged for followup by the auto-processing mechanism.

29

It shall allow CD Officers to view the details of the submitted document. For example, view the data fields of the document.

Final Release

Private & Confidential

Page 94 of 245

TA4451-TAJ

Final Report

December 2006

30

It shall allow CD Officers to assign follow-up action to the shipment. Examples of follow-up action at this stage would be for Customs Inspectors to inspect the shipment.

31

It shall allow the submitted electronic manifest to be tagged with a status after processing. Examples of status are Cleared, Approve, Reject, Additional Document Needed etc.

32

It shall be able to return both manual-processing and auto-processing response back to client-software through the Messaging Gateway.

33

It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.

34

It shall be able to generate reports in hardcopy as well as softcopy format.

B.

Declaration Control System 1.

35

Introduction

The Declaration Control System is for the following group of users to submit electronic Customs declaration to CD RT: • •

Brokers; and Customs Specialists

36

The declaration can be for import, export, transshipment, or Customs declaration of any Customs Regime. Approved declarations will be returned with a permit number by the System.

37

Approved declarations are needed for any movement of goods in and out of the country. Therefore submission of declaration for approval is to be done before the cargo arriving at the border posts or terminals, so that the permit can be obtained in time for cargo clearance.

38

Another important functionality of the System is that it enables CD RT to autoprocess or manual-process submitted Customs declarations. The System will reconcile the declarations with the shipping manifests received.

39

The System will auto-calculated duties and taxes payable by declarants, and deduct the appropriate amount from their bank account. It will also provide accurate data for Customs statistics reports. 2.

Functional Requirements

40

The System shall consist of client-software and server-software processing.

41

Client-software processing handles the electronic Customs declaration and submission by the declarants. Server-software processing consists of rule checks, validations and controls set by the CD RT.

42

The Declaration Control client-software has the following functions:

Final Release

Private & Confidential

Page 95 of 245

TA4451-TAJ

Final Report

December 2006

43

It shall have a user interface (UI) for declarants to manage the electronic Customs declaration. For example they can create, save, update, copy, delete, or print the declaration information using the application.

44

It shall allow declarants to make electronic withdrawal or amendment requests on the Customs declaration that they had submitted.

45

It shall be able to validate input and check for input or syntax errors before saving it to the database.

46

It shall allow declarants to manage user codes within the System. Examples of user codes are importer, exporter, and forwarders information, as well as product and goods information etc.

47

It shall allow the submission of Customs declarations to the server-software through the Messaging Gateway. The submission of electronic withdrawal and amendment requests shall also be through the Messaging Gateway.

48

It shall allow the retrieval of Customs responses after the submissions through the Messaging Gateway. Response includes the approved Customs declaration.

49

It shall have a user interface (UI) for declarants to manage the Customs responses that they have received. For example they can view, or print the response details using the application.

50

It shall allow the retrieval of updated Reference Code into the System. Examples of Reference Code that will be downloaded are HS Code, country and port codes etc.

51

It shall be able to retrieve updated Customs Exchange Rate through the Messaging Gateway. This exchange rate will be used by the client-software when there is a need to convert from foreign currency to the RT currency.

52

It shall allow the declarants to generate timely reports in either hardcopy or softcopy.

53

The Declaration Control server-software has the following functions:

54

It shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manualprocessing area. All electronic Customs declarations will be routed to autoprocessing logic first.

55

It shall allow Border Post Officer to check on an approved Customs declaration either by bar code scanning, or entering the permit number. The status and follow-up action for the permit will be displayed to the Officer. Example of follow-up action will be to let the cargo pass, or to conduct a check on the cargo.

56

It shall be able to auto-receive Customs declarations from the client-software application through the Messaging Gateway.

57

It shall have the capability to auto-process and return processing response back to client-software. CD Officers shall have the ability to set and edit the auto-processing rules by the Rule Engine.

Final Release

Private & Confidential

Page 96 of 245

TA4451-TAJ

Final Report

December 2006

58

It shall perform Customs rule validation check on the submitted declaration documents. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.

59

It shall flag document for follow-up by the CD Officer if the document fails certain rule checking. The document will be re-routed to online-processing area.

60

It shall be able to assess the risk of the cargo that is declared. This function is provided by interface with the Risk Management and Intelligence Subsystem.

61

It shall be able to validate the correctness of the cargo value that is declared. This function is provided by interface with the Valuation Subsystem.

62

It shall flag high-risk cargo for follow-up and the document re-routed to onlineprocessing area.

63

It shall be able to reconcile the goods declaration document with the manifest document. This function is provided by interface with the Reconciliation Engine.

64

It shall be able to calculate and compute the duty and tariff that is applicable to the cargo declared. This function is provided by interface with the Tariff and Duty Management Subsystem.

65

It shall be able to update the Warehouse Control System whenever the declaration contains cargo movement to or from licensed warehouses and lots. This function is provided by interface with the Warehouse Control System.

66

It shall be able to compute and calculate the security deposit balance whenever the declaration contains cargo that requires security deposit. This function is provided by interface with the Security Deposit Subsystem.

67

It shall be able to validate the certificate and license number that is provided in the electronic Customs declaration. This function is provided by interface with the Certificate and License Control System.

68

It shall be able to trigger post Customs Control audit and inspection of cargo. This function is provided by interface with the Post-Clearance Subsystem.

69

It shall allow fees and payments to Customs to be deducted from the declarant’s bank account. This function is provided by interface with Fees and Billing Subsystem.

70

It shall allow CD Officers to manually process documents that are flagged for followup by the auto-processing mechanism.

71

It shall allow CD Officers to view the details of the submitted declaration. For example, view the data fields of the document.

72

It shall allow CD Officers to assign follow-up action to the Customs declaration. Examples of follow-up action at this stage would be for Customs Officers to seal the cargo, or for Customs Inspectors to inspect the goods at the warehouse.

73

It shall allow the submitted Customs declaration to be tagged with a status after processing. Examples of status are Approve, Reject, Additional Document Needed etc. In addition, a permit number shall be returned once the declaration is approved.

Final Release

Private & Confidential

Page 97 of 245

TA4451-TAJ

Final Report

December 2006

74

It shall be able to return both manual and auto processing status back to clientsoftware through the Messaging Gateway.

75

It shall provide functionality for CD Officer to manage Customs Exchange Rates within the System. Updated rates will be sent to client-software through the Messaging Gateway.

76

It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.

77

It shall be able to generate reports in hardcopy as well as softcopy format.

C.

Warehouse Control System 1.

Introduction

78

The Warehouse Control Subsystem is mainly for CD RT to track and account for all its licensed warehouses’ cargo quantity and value, as well as track inter-warehouse transfers.

79

The client-software of the System will be used to store and submit inventory data and cargo valuation data to the server-software. It can handle goods for duty free shops, as well as general goods.

80

The server-software is used to track all licensed warehouses’ inventory based on approved Customs declarations. All movement of cargo to and from the warehouses is tracked. It can also generate comprehensive reports for CD Officers to do post Customs Control audit and inspection. 2.

Functional Requirements

81

The System shall consist of a client-software and server-software processing.

82

Client-software application is used to capture the cargo data and cargo value that is in the warehouse. It also handles the electronic submission of the quantity and valuation data to the server-software.

83

Server-software application keeps track of warehouse inventory and content by drawing data from Customs declaration that is submitted. It will also tally its data with the information submitted by the client-software.

84

The Warehouse Control client-software has the following functions:

85

It shall have a user interface (UI) for Warehouse Operator to manage the warehouse and lot information. For example he can enter, save, update, copy, delete, or print the warehouse and lot information using the application.

86

It shall allow the Warehouse Operator to manage goods movement to and from the warehouses and lots. In other words, add or subtract the cargo quantity and Stock Keeping Unit (SKU) as they arrive and leave the warehouse.

87

It shall allow the Warehouse Operator to manage inventory value of stocks that are being stored. In other words, adjust the inventory value of the SKU as they arrive and leave the warehouse.

Final Release

Private & Confidential

Page 98 of 245

TA4451-TAJ

Final Report

December 2006

88

It shall be able to validate input and check for input or syntax errors before saving it to the database.

89

It shall allow the electronic submission of inventory quantity and inventory valuation to the server-software through the Messaging Gateway. Data to be submitted to the server-software includes approved Customs declaration number, warehouse number, lot number, goods quantity, and goods value.

90

It shall allow retrieval of Customs response through the Messaging Gateway.

91

It shall allow the retrieval of updated Warehouse Code into the System. Examples of Warehouse Code that will be downloaded to client-software are inventory transfer codes, removal codes, or inventory unit of measurements etc.

92

It shall allow the Warehouse Operator to generate reports in either hardcopy or softcopy.

93

The Warehouse Control server-software has the following functions:

94

It shall allow CD Officers to manage warehouse and lot data. Example of the information that can be managed is the warehouse and lot numbers, the cargo that it can contain etc.

95

It shall allow CD Officers to manage Warehouse Operators’ details. Example of the information that can be managed is the Operator license and name, expiry date, TIN number etc.

96

The server-software of the System shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manual-processing area.

97

It shall be able to auto-receive inventory quantity and valuation report from the clientsoftware through the Messaging Gateway.

98

The report from client-software shall trigger the System to tally the figures received against the figures that the System tracks in its database. Discrepancy may trigger an inspection to the warehouse.

99

It shall be able to receive inventory movement report from the Declaration Control System.

100

The report from Declaration Control System shall trigger the System to add or subtract the declared cargo from its warehouse and lot database.

101

It shall perform rule validation check on the submitted data from client-software. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.

102

It shall allow CD Officers to assign follow-up action to the submission. Examples of follow-up action at this stage would be for Customs Inspectors to check on the warehouse or lot.

103

It shall be able to return Customs acknowledgement to the client-software through the Messaging Gateway.

Final Release

Private & Confidential

Page 99 of 245

TA4451-TAJ

Final Report

December 2006

104

It shall provide functionality for CD Officer to manage and maintain Warehouse code within the system. Updated codes will be sent to client-software through the Messaging Gateway.

105

It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.

106

It shall be able to generate reports in hardcopy as well as softcopy format.

D.

Certificate and License Control System 1.

107

The Certificate and License Control System is for the following group of users to submit electronic certificate or license application to CD RT: • • •

108

Importers; Exporters; and Traders

The applicants can apply for certificates from the following Agencies: • •

109

Introduction

Tajikistan Chamber of Commerce and Industry (CCI) Tajikstandard

The applicants can apply for license from the following Ministries (for example): • Ministry of Agriculture of RT • Ministry of Health of RT (this list is not exhaustive and will include all the government agencies which have control over the licensing and approval for the import and export of controlled products such as arms and explosives, artifacts, etc)

110

The applicant can then either print out the certificates or license from the clientsoftware, or collect them at the Agencies and Ministries.

111

An important functionality of the system is that it allows Officers of the Agencies and Ministries to login to receive and process application for certificate or licenses.

112

The System will auto-calculated fees payable by applicants, and deduct the appropriate amount from the designated financial institution. 2.

Functional Requirements

113

The System shall consist of a client-software and server-software processing.

114

Client-software processing handles the certificate or license application used by the trading community to facilitate electronic certificate and license application and printing. Server-software processing consists of rule checks, validations and controls set by the Agencies or Ministries.

Final Release

Private & Confidential

Page 100 of 245

TA4451-TAJ

Final Report

December 2006

115

The Certificate and License Control client-software has the following functions:

116

It shall have a user interface for applicants to manage the applications that they are submitting. For example they can create, save, update, copy, delete, or print the application details.

117

It shall allow applicants to make withdrawal or amendment requests on the application that they had submitted.

118

It shall be able to validate input and check for input or syntax errors before saving it to the database.

119

It shall allow applicants to manage user codes within the system. Examples of user codes are importer, exporter, and forwarders information, as well as product and goods information etc.

120

It shall allow the submission of electronic application to the server-software through the Messaging Gateway. The submission of withdrawal and amendment requests shall also be through the Messaging Gateway.

121

It shall allow the retrieval of Agency responses after the submissions through the Messaging Gateway. Response may include electronic format of the certificate itself.

122

It shall have a user interface for applicants to manage the Agency responses that they have received. For example they can view, or print the response details using the application.

123

It shall allow the retrieval of updated Reference Code into the System. Examples of Reference Code that will be downloaded are certificate types, country and port codes etc.

124

It shall allow the applicants to generate timely reports in either hardcopy or softcopy.

125

It shall allow the printing of electronic Certificate Of Origin or other certificate types.

126

The Certificate and License Control server-software has the following functions:

127

It shall be hosted at Customs HQ Data Center. It will logically be divided into two major functionality areas. One is the auto-processing area and one is the manualprocessing area. All electronic applications will be routed to auto-processing logic first.

128

It shall be able to auto-receive certificate or license applications from the clientsoftware through the Messaging Gateway.

129

It shall have the capability to auto-process and return processing status back to client-software. Agency Officers shall have the ability to set and edit the autoprocessing rules by the Rule Engine.

130

It shall perform validation check on the submitted applications. Validation checks will include data validation, syntax and business logic checking. This function is provided by interface with the Rule Engine.

Final Release

Private & Confidential

Page 101 of 245

TA4451-TAJ

Final Report

December 2006

131

It shall allow the Agency Officer to manually process application for follow-up if the application fails certain rule checking. The application will be re-routed to onlineprocessing area.

132

It shall allow the Agency Officer to view the details of the submitted application. For example, view the data fields of the document.

133

It shall allow Agency Officers to upload certificate or license data to the System via a user interface. An example will be the issued license database, or the permitted certificate users etc.

134

It shall be able to deduct fees and payments from the applicant’s account. This function is provided by interface with the Fees and Billing Subsystem.

135

It shall allow the submitted application to be tagged with a status after processing. Examples of status are Approve, Reject, Additional Document Needed etc. In addition, an electronic copy of the certificate may be returned once application is approved.

136

It shall be able to return Agency Response back to client-software through the Messaging Gateway.

137

It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.

138

It shall be able to generate reports in hardcopy as well as softcopy format.

139

It shall be able to interface with systems of other Agencies or Ministries. This is provided so that the Certificate and License Control System can be expanded to process more types of documents in the future. For example, if the System is linked up with the Ministry of Defense, then it will be able to process application to export or import firearms.

E.

Registration Subsystem 1.

Introduction

140

The purpose of the Registration Subsystem is to provide a centralized application where the trade and logistic community can be registered with the UAIS as users.

141

The CD Administrators have to register companies, then individuals from that company. They can grant access rights to users based on the Core Systems that they use, and assign user roles to them.

142

Other than company and declarant contact information, this Subsystem keeps the bank account information of users as well. The bank account information will be used for billing and duty deduction.

143

The Subsystem is able to verify and authenticate the registration data with national registry in other Ministries to ensure that users of UAIS are accounted for.

Final Release

Private & Confidential

Page 102 of 245

TA4451-TAJ

2.

Final Report

December 2006

Functional Requirements

144

It shall allow registering of company profiles. A company profile identifies a business entity within the UAIS. It will include information such as company name, address, and a unique identifier. The unique identifier for a company is usually its TIN.

145

It shall be able to verify a company’s unique identifier with an external registration database if required.

146

It shall store the company bank account information and payment preferences. This information will be used for billing, as well as any payment needed.

147

It shall allow updating the status of a company account. A company account may have one of the following statuses: Created, Registered, Deregistered, and Blacklisted.

148

It shall allow registering of user profiles. A user profile identifies a person within the UAIS. A user profile is associated with an account, and it usually includes information such as name, address and identification number of the person.

149

It shall be able to verify a person’s identification number with an external registration database if required.

150

It shall allow updating the status of a user account. A user account may have one of the following statuses: Created, Registered, Deregistered, and Blacklisted.

151

It shall allow the CD Administrators to assign user rights and role to each of the user account.

152

It shall allow the CD Administrators to check, verify and approve a company or a user account.

153

It shall allow other Subsystems to query its database for company or user contact information.

154

It shall allow other Subsystems to query its database for bank account information for payment deduction purposes.

155

It shall provide a function for notifying the company or user of the status of their application.

156

It shall provide a function for banks to be notified that it has to setup an auto-debit account for the company or user.

157

It shall be able to generate reports from the company ID and user ID database. There should be various filters that can be used in the generation of the reports.

158

It shall be able to schedule report generation, or produce them on-demand.

Final Release

Private & Confidential

Page 103 of 245

TA4451-TAJ

F.

Final Report

December 2006

Administration Subsystem 1.

Introduction

159

The Administration Subsystem is used by CD Administrators to assign user roles and rights to Customs officers. It is similar in concept to the Registration Subsystem, but for CD RT personnel only.

160

In addition, the Subsystem is the communication center for CD RT to send information to stakeholders of the UAIS. It can store and send notices and circulars, as well as make announcements to external parties. 2.

Functional Requirements

161

It shall allow registering of CD Officers as users of the UAIS. A user account will be created for each CD Officer registered.

162

It shall allow registering of UAIS users from outside the CD as well. For example users from Ministry of Finance, or from Agencies such as the Tajikistan Chamber of Commerce and Industry.

163

It shall allow updating the status of the user account. An account may have one of the following statuses: Created, Registered, Deregistered, and Blacklisted.

164

It shall be able to notify users by email or fax upon any change of the status of the user account in the UAIS system.

165

It shall allow the CD Administrators to assign user rights and role to each of the user account. The user rights will restrict user to which System or Subsystem he can access, while user role will restrict the user within that System or Subsystem.

166

It shall allow the CD Administrators to check, verify and approve officer profile registration.

167

It shall allow the CD Administrators to manage the UAIS Communication Center. The Communication Center consist of user interface to send circular, notices, emails and faxes to stakeholders, as well as external parties.

168

It shall be able to retrieve contact information of stakeholders of the UAIS by interface with the Registration Subsystem.

169

It shall be able to store and retrieve contacts of other Agencies, organizations, and governments.

170

It shall be able to generate reports from the related database tables. There should be various filters that can be used in the generation of the reports.

171

It shall be able to schedule report generation, or produce them on-demand.

Final Release

Private & Confidential

Page 104 of 245

TA4451-TAJ

G.

Final Report

December 2006

Tariff Nomenclature Subsystem 1.

Introduction

172

The Tariff Nomenclature Subsystem is for CD Officers to manage and control the codes that are used throughout the UAIS. For example HS Code, country code, port codes, and product codes etc. CD Officers can also use the Subsystem to set the tariff rates to the goods.

173

The codes managed by the Subsystem can be international standard codes, or RT standard codes.

174

Finally, it can also update the Core System client-software with new or changed code through the Messaging Gateway. 2.

Functional Requirements

175

It shall allow the CD Officer to manage HS Code table. This includes creation, save, update and delete of HS Code, its description, and its standard Unit of Measurement etc.

176

It shall allow the CD Officer to mange Core Systems’ code. This includes creation, save, update and delete of international standard (ISO standard) country code, port code, and other codes etc.

177

It shall allow the CD Officer to manage Subsystems’ code. This includes creation, save, update and delete of permit code, rejection code etc. CD RT usually defines these codes.

178

It shall allow the CD Officer to manage the tariff rates of goods. This includes setting the tariff rates, update, and delete the rates. Tariff rates can be set for individual HS Code, or a broad category.

179

It shall support preferential rate settings.

180

It shall be able to help validate and ensure that correct tariff rate is applied to Customs declaration. This function is provided to the Declaration Control System by an interface.

181

It shall allow the CD Officer to send updated codes to client-software of the UAIS via the Messaging Gateway.

182

It shall allow the CD Officer to notify users of the client-software by circular, email or fax that Reference Code has been updated.

183

It shall be able to retrieve contact information of client-software users of the UAIS by interface with the Registration Subsystem.

184

It shall be able to support upload and download of codes in Comma Separate Value (CSV) format.

185

It shall be able to support effective and defunct of the codes by the date and times defined by the CD Officers and not require any system downtime for them to take effect.

Final Release

Private & Confidential

Page 105 of 245

TA4451-TAJ

Final Report

December 2006

186

It shall be able to generate reports from the related database tables. There should be various filters that can be used in the generation of the reports.

187

It shall be able to schedule report generation, or produce them on-demand.

H.

Valuation Subsystem 1.

Introduction

188

The Valuation Subsystem is mainly for CD Officers to track the standard value of goods. CD Officers can use it to create and maintain the goods valuation database.

189

The Subsystem also handles the validation of cargo value that is declared by declarants. It will analyze the declared value and flag any non-conformance. It automatically adjusts its database of values as it collects more data. 2.

Functional Requirements

190

It shall allow the CD Officer to manage the goods valuation database. This includes create, save, update, copy, and delete the valuation value, its allowable range, and its standard Unit of Measurement etc.

191

It shall be able to handle cargo value validation when requested by the Declaration Control System. The validation will involve matching the goods allowable value with the one in the Customs declaration.

192

It shall be able to flag the Customs declaration for follow-up, or alert the CD Officer when it encounters a non-conformance.

193

It shall be able to collect and adjust its valuation database as more data is analyzed. For example, the allowable value range may be adjusted.

194

It shall be able to generate reports from the related database tables. There should be various filters that can be used in the generation of the reports.

195

It shall be able to schedule report generation, or produce them on-demand.

I.

Customs Conditions subsystem 1.

Introduction

196

The main function of Customs Coding subsystem is to allow CD Officers to program the RT Customs Code into the UAIS. This will ensure all processing of manifest and Customs declaration by the UAIS is carried out according to the Customs Code, with consistency and effectively.

197

CD Officers will program processing rules and logic into the UAIS using the Rule Editor of the Rule Engine. 2.

198

Functional Requirements

It shall allow the CD Officer to create processing rules of the Core Systems. Rule Editor provides this function, which is part of the Rule Engine. Examples of a rule will

Final Release

Private & Confidential

Page 106 of 245

TA4451-TAJ

Final Report

December 2006

be “Import declaration must be submitted before vessel arrival date”, or “Gross weight of cargo must be equal to the sum of all the items declared”. 199

It shall allow the CD Officer to manage rules that have been created. This includes update, copy, and delete.

200

It shall be able to generate reports from its related databases. There should be various filters that can be used in the generation of the reports.

201

It shall be able to schedule report generation, or produce them on-demand.

J.

Post-Clearance Subsystem 1.

Introduction

202

The Post-Clearance Subsystem has two main functions. One is the inspection scheduling and tracking. The other is post audit team (CD Inspectors) management.

203

It can be used to handle inspection requests that are triggered by the Manifest Control, Declaration Control, or the Warehouse Control System. CD Officer will use it to schedule inspections, as well as view detail of cargo that requires inspection.

204

CD Inspectors personnel and contact information is stored in this Subsystem. The CD Officer using the Subsystem can deploy them. 2.

Functional Requirements

205

It shall be able to receive follow-up requests from Core Systems such as Manifest Control, Declaration Control, and Warehouse Control. Follow-up request means that a post Customs Control audit on the cargo is required.

206

It shall allow CD Officer to manage Customs inspections. For example, the CD Officer can schedule inspection based on the schedule of cargo arrival, the location of the cargo, and the personnel available.

207

It shall allow CD Officer to assign Customs Inspectors to declarations that are marked for inspection.

208

It shall allow CD Officer to schedule ad-hoc inspections that are not triggered by the Core systems. This is needed to handle calls from Warehouse Operators to open sealed cargo.

209

It shall lodge a case with the Customs Offence Subsystem whenever an inspection is scheduled. This will ensure that the inspection result is tracked. This function is provided by an interface of the Customs Offence Subsystem.

210

It shall allow CD Officer to send inspection notice to the related CD Inspector to inform him of his inspection schedule.

211

It shall allow CD Inspectors to receive notice of impending inspection schedule. This can be in the form of email and SMS alerts.

212

It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.

Final Release

Private & Confidential

Page 107 of 245

TA4451-TAJ

Final Report

December 2006

213

It shall be able to schedule report generation, or produce them on-demand.

K.

Customs Offence Subsystem 1.

Introduction

214

The Customs Offence Subsystem is used by Customs Inspectors to enter inspection result and offence data. The Customs offences will be tracked in the UAIS database.

215

It assists CD Inspectors in the recording and categorizing of offence data, as well as interface with Risk Management and Intelligence Subsystem. Inspection results are feedback into the Risk Management Subsystem in order to improve its effectiveness. 2.

Functional Requirements

216

It shall have a function for CD Inspectors to manage Customs offence codes. For example, CD Officer can create, save, update, copy, and delete offence codes. Offence codes here means codes that represent different types of offences.

217

It shall be able to create an inspection result case when triggered by the PostClearance Subsystem. This will ensure that all inspections are tracked and result saved into the Subsystem.

218

It shall allow CD Inspectors to input inspection result into the Subsystem. For example the inspection date and time, duration, location, findings and observations. Inspection result may or may not end with an offence.

219

It shall allow CD Inspectors to manage Customs offence details and launch follow-up actions. For example, CD Officer can create, save, update, copy and delete offence details.

220

It shall be able to update the Risk Management and Intelligence Subsystem with the inspection results so that the effectiveness of the Subsystem can be improved in the future.

221

It shall be able to trigger fine payment when an offence is committed. This function is provided by interface with the Fees and Billing Subsystem.

222

It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.

223

It shall be able to schedule report generation, or produce them on-demand.

L.

Duty Payment Subsystem 1.

224

Introduction

The Duty Payment Subsystem has two main functions. One is to handle duty and charges calculation and collection. The other function is to link up with financial institutions, for example banks, to deduct the funds from declarants’ accounts.

Final Release

Private & Confidential

Page 108 of 245

TA4451-TAJ

225

Final Report

December 2006

The Subsystem automatically calculates duties and other taxes for each Customs declaration based on the customs value, classification of the goods, and various duty, taxes and fee rates applicable. 2.

Functional Requirements

226

It shall be able to help the Declaration Control System to compute and verify the duty payable in the Customs declaration. This function is carried out by interface with the Tariff Nomenclature Subsystem.

227

It shall be able to check with the Registration Subsystem whether the declarant is capable of payment of duties by auto-payment method. Whether he still requires manual-payment.

228

For auto-payment, the Subsystem shall be able to trigger auto-payment of duties once the amount payable is verified. This function is provided by interface with Banks. This is known as auto-debit of funds from the declarant’s bank account.

229

If auto-payment is not available for the declarant, CD Officer will wait for the declarant to pay the duties manually, before entering the payment details into the Subsystem to release the Customs declaration.

230

It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.

M.

Fees and Billing Subsystem 1.

Introduction

231

The Fees and Billing Subsystem has an important function – to bill users and to collect money. It will generate monthly bills to users of the UAIS, and also helps CD RT to collect fines from declarants who had committed Customs offences.

232

The monthly bill amount will be based on usage of the UAIS. For example, it can be by the number of electronic Manifest or Customs Declaration submitted, or it can be a flat monthly amount.

233

CD Officers also use the Subsystem to manage the billing cycle and charge codes of the UAIS. 2.

Functional Requirements

234

It shall provide several modes of payment or collection, in accordance to the legislation of the Customs Code. The user through the Registration Subsystem should specify the mode of payment.

235

It shall have function to debit from user’s account the fees calculated by the UAIS. This functionality is provided by direct-debit interface with banks.

236

It shall have function to make repayment (credit) back to users in case they are over charged or had made changes to their Customs declarations.

237

It shall have deferred payment mechanism for late payment.

Final Release

Private & Confidential

Page 109 of 245

TA4451-TAJ

Final Report

December 2006

238

It shall have function to collect surcharge amount from the user for delayed or late payment.

239

It shall allow the CD Officer to manage the billing mechanism of the Subsystem. For example set the auto-billing date, set the billing frequency, or set the billing preferences.

240

It shall allow the CD Officer to manage the charge codes of the UAIS. For example, different methods of charging will have different charge codes.

241

It shall allow the CD Officer to mange the application codes of the UAIS, and associate the applications with charge codes. For example Manifest Control System and Declaration Control System will each have an application code, but they may have difference charge codes to indicate different billing rate.

242

It shall be able to handle transaction triggers from the Core Systems and log the transactions for the monthly billing.

243

It shall be able to handle fees and fine payment triggers from the Customs Offence Subsystem and Registration Subsystem.

244

It shall allow CD Officer to view transaction history of each account or user ID.

245

It shall be able to generate payment notice or payment receipt.

246

It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.

N.

Security Deposit Subsystem 1.

Introduction

247

The Security Deposit Subsystem provides facilities for managing securities lodged by traders, importers, or exporters. This is to cover both goods moving in and out of Customs territories. Information such as security applicants, providers, as well as forms and types of security are captured and stored online. CD RT will maintain such information.

248

Traders can lodge their security applications, which will then be processed by CD Officers with approval or rejection. Functions such as review request, discharge request, liquidation request, and exemption request are also provided in this Subsystem. 2.

Functional Requirements

249

It shall allow CD Officers to manage a list of pre-defined security purposes. There will be procedures and conditions attached to each purpose.

250

It shall allow the CD Officers to capture security applications and its details through an interface. It could either be normal lodge, a waiver application or an exemption application.

251

It shall have a function for CD Officers to check and verify the security applicant and application with financial institutions through the Messaging Gateway component.

Final Release

Private & Confidential

Page 110 of 245

TA4451-TAJ

Final Report

December 2006

252

It shall be able to interface with the Warehouse Control Subsystem to validate whether the security lodge amount is sufficient for the inventory held at the warehouse.

253

It shall be able to handle review request, discharge request, liquidation request, and exemption request and be able to process them accordingly.

254

It shall provide a facility for liquidating filed securities, and determining the amount of security subject for liquidation. This is used for non-compliance with any customs procedures, thus, resulting to liquidation as a form of penalty.

255

It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.

256

It shall be able to generate reports in hardcopy as well as softcopy format.

O.

Risk Management and Intelligence Subsystem 1.

Introduction

257

The Risk Management and Intelligence Subsystem have two main functions. First is that it helps to identify and flag any potential threats or non-conformance, and alerts the CD Officer. Second is that CD Officers can specify and set the risk criteria for each Core System.

258

In addition, the Subsystem can be used to build risk profile for companies as well as individual; this can be referred to as the Blacklists.

259

It can take in risk data from external systems and incorporate this data into its criteria for consideration. However, this data has to be of pre-defined file format, or it has to be converted through the Conversion Engine.

260

The Subsystem can analyze trends and projections. The overall goal is to provide Customs with an intelligent system that allows it to direct its limited resources to potentially high-risk consignments. 2.

Functional Requirements

261

It shall allow the documentation of identified risk with the recording of risk criteria using online tools, so that these new risk can be stored in the database and used in the future.

262

It shall be able to import risk data or profiles from systems external to the UAIS and notify CD Officers of the new threats.

263

It shall be able to analyze and assess the risk of the cargo from the Manifest and Declaration Control Systems. It will alert the CD Officer whenever it detects a threat.

264

It shall be able to analyze data from the Post-Clearance and Offence Subsystems and automatically build up the risk profile of a company, a person, or for certain types of cargo.

Final Release

Private & Confidential

Page 111 of 245

TA4451-TAJ

Final Report

December 2006

265

It shall be able to prompt CD Officer to update the risk criteria and database if it detects that more non-conformances and offences have been committed.

266

It shall allow CD Officers to mange risk profiles of company, person, and cargo. For example, risk profiles can be flagged to ignore or highlighted for follow-up when appropriate.

267

It shall allow CD Officers to specify instruction and the required action upon risk detection.

268

It shall have the function to generate a Blacklist of companies or persons to be used by the Core Systems.

269

It shall include analytical tools to analyze the risk data that it has collected. Analysis result should be able to help CD Officers in determining how to reduce the areas of threat or non-conformance.

270

It shall be able to generate reports from the related databases. There should be various filters that can be used in the generation of the reports.

271

It shall allow the CD Officer to generate reports of threats or profiles from the risk database, and send them to external systems. For example the HQ of RILO.

272

It shall allow the CD Officer to manually manage the system alerts when threat is detected.

273

It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.

274

It shall be able to generate reports in hardcopy as well as softcopy format.

P.

Customs Statistics Subsystem 1.

Introduction

275

The Customs Statistics Subsystem is used by CD Officers to generate customs and trade statistics for the CD RT or the Ministry.

276

The Subsystem can be scheduled to generate routine reports, or be operated to generate reports on-demand. Data will be drawn from the UAIS central database. 2.

Functional Requirements

277

It shall allow CD Officer to generate pre-programmed reports as well as ad-hoc ones based on the flexible filtering criteria of the Report Engine interface.

278

It shall allow scheduling and auto-generating of reports, as well as generate reports on-demand basis.

279

It shall be able to generate reports in hardcopy as well as softcopy format. Softcopy format include, PDF format, CSV format, and Microsoft Excel format.

280

It shall allow the CD Officer to manage the Report Engine and set the scope and criteria for each report.

Final Release

Private & Confidential

Page 112 of 245

TA4451-TAJ

Final Report

December 2006

281

It shall allow the CD Officer to send softcopy of reports to external parties. For example, reports can be sent to other Ministries or foreign counterparts.

282

It shall allow the CD Officer to generate consolidated reports from the central database.

283

It shall allow the Customs Administrator to archive data that are more than 1 year old. Archive data can be in the form of tape backup or external drive backup.

Q.

Excise Control Subsystem 1.

284

Introduction

The Excise Control Subsystem automates the excise stamps department activities. For example, stamp application registration, paying for stamps and securities and issue of stamps on the receipts; to the control of stamps utilization and application closure. 2.

Functional Requirements

285

It shall allow CD Officers to capture and manage excise stamp requests and application. It will also cater for payment and security calculation.

286

It shall allow CD Officers to draft and submit request for stamps production.

287

It shall allow CD Officers to register marks with certain warehouses and keep track of stamps in the warehouses.

288

It shall allow CD Officers to notify importers of the arrival of stamps and their collection schedules.

R.

Currency Control Subsystem 1.

Introduction

289

The Currency Control Subsystem is used by CD Officers to track the export revenue of companies and the validity of payments for imported goods in a foreign currency.

290

It will store and manage the transaction certificates of traders, as well as securing control on the amount that exceeds the contract. 2.

Functional Requirements

291

It shall allow CD Officers to enter and manage transaction certificate data of traders. This includes functions to create, save, view, copy, update, delete and search transaction certificates in the Subsystem.

292

It shall allow CD Officers to review the list of CCDs that are registered under a certain transaction certificate.

293

It shall allow CD Officers to check the juridical capability of the authorized bank.

Final Release

Private & Confidential

Page 113 of 245

TA4451-TAJ

Final Report

December 2006

294

It shall allow CD Officers to inform the National Bank of Tajikistan on the movement of goods and vehicles through Customs border.

295

It shall allow CD Officers to notify the National Bank of Tajikistan of any infringements of the currency legislations by traders.

S.

Common Services 1.

Introduction

296

The Common Services are centralized services used by all Systems in the UAIS server-software. For example the Rule Engine, Reporting Engine etc. They are the building blocks of the UAIS, and are subsystems that can be extended to provide similar functionality to all the Core and Subsystems.

297

In the future, the Common Services may also be used by external systems to the UAIS if a proper interface is agreed upon. 2.

Functional Requirements a.

Access and Password Service

298

The UAIS shall have the Access and Password Service to authenticate users, and to ensure only authorized users have access to the UAIS.

299

Access to authorized Systems or Subsystems is granted according to the user rights set by the Registration and Administration Subsystems.

300

This Service shall also provide support functions to facilitate administration of users’ accounts, as well as, maintenance of users’ profiles and access controls. It shall have the capability of establishing rules that restrict users to only predefined action in the Subsystem.

301

The passwords to the UAIS subsystems shall be encrypted at all times.

302

The Service shall deactivate the user access when the user has failed to login to the UAIS after a number of consecutive attempts. b.

Notification and Alert Service

303

The UAIS shall have the capability to send out letters or circulars to the targeted external recipients.

304

The notification shall be customized in accordance to the respective Subsystem’s requirement and based on a set of common templates with standard Customs header and footer. It shall indicate that this is a system-generated letter and therefore, no signature is required.

305

Authorized CD Officers shall be allowed to maintain their respective templates, such as update of contents in letters and generating new templates based on existing templates.

Final Release

Private & Confidential

Page 114 of 245

TA4451-TAJ

Final Report

December 2006

306

For notification of the public users (e.g. traders and warehouse operators), the Service shall send out the notification via email or e-fax. The Service shall monitor to ensure successful dissemination of the notification to the targeted recipients.

307

For general notification to internal users, alerts are sent instead of letters or circulars. Alerts include email and SMS.

308

The Service shall have the capability to send out short alert messages to the targeted internal recipients via email, SMS, or electronic fax. The alerts will be informal and have no headers or footers of the CD RT. c.

309

System Audit Service

The Service shall ensure all transactions are adequately logged, including the following information: i. ii. iii. iv. v. vi. vii.

Transaction Date; Transaction Time; User id; Name of System accessed; Activity; Any other details of the event; and Reason for event being logged.

310

The audit trails shall be made available to the authorized users, who can retrieve the records either online or from a long-term archive.

311

The average online retention period for the audit trails is 3 months and archive offline for a period of 7 years.

312

The Service shall ensure that the audit trails are not tampered with and alert the respective officers for any security violations and unauthorized access attempts. d.

Rule Engine

313

The UAIS shall have the facility for CD Officers to enter business rules and validation logic for each of the Core and Supporting System.

314

There shall be a depository where rules can be centrally stored, managed, and deployed throughout the System.

315

There shall be a way for CD Officers to specify new rules, or edit existing ones using rule language that is easy to learn. The tool for managing the rules shall be called a Rule Editor.

e.

Report Engine

316

The UAIS shall support both online and batch generation of reports for the CD Officers, in the format and frequency required. This includes ad-hoc and on-demand basis generation of reports.

317

All reports generated shall be accessible by the respective authorized officers online, and allow them to print or download in PDF and Microsoft Excel compatible formats.

Final Release

Private & Confidential

Page 115 of 245

TA4451-TAJ

Final Report

f.

December 2006

Reconciliation Engine

318

The UAIS shall be able to reconcile the cargo manifest data against goods declaration data.

319

It shall trigger the automatic alert mechanisms to inform Customs Administrators of possible discrepancies in goods declaration if the reconciliation fails. g.

Conversion Engine

320

The UAIS shall have the capability to convert one file format to another in real-time.

321

The Customs Administrators shall have the ability to specify the file format to be converted from, and the file format to be converted to, plus the mapping of data between them.

322

The Conversion Engine shall be able to handle XML, UN/EDIFACT, ANSI X12, and user defined flat files.

T.

Messaging Gateway 1.

323

The Messaging Gateway will be used to facilitate data submission and retrieval between various UAIS Systems as well as with external systems. It is a secured server that supports several secured Internet protocols. Data files can be transmitted in or out of the Messaging Gateway. 2.

324

Introduction

Functional Requirements

The Gateway shall support established and commonly adopted industry standards, which include the following: i. ii. iii. iv.

XML UN/EDIFACT ANSI X12 Flat file formats

325

The Gateway shall use open standard network protocols such as TCPIP, SMTP, SNMP, etc.

326

The Gateway shall support secure communications. The following communication protocols shall be supported: i. ii. iii. iv.

327

Secure File Transfer Protocol (SFTP) HTTP over SSL (HTTPS) Open standard secure web services Message-based queue delivery mechanism

All messages that are sent and received by the Gateway shall be guaranteed delivery. In the event that a message is not successfully delivered, the messaging infrastructure shall be able to accept and store messages until the intended recipient is ready to accept the message.

Final Release

Private & Confidential

Page 116 of 245

TA4451-TAJ

Final Report

December 2006

328

The Gateway shall be able to allow monitoring of the messages in transmission to and from all receivers and senders. It shall allow generation of reports and statistics to report on the usage, messages send/receive, success/failure rates on an ad hoc or periodic basis.

329

External parties that the UAIS interfaces with have to provide the following information in order for the messaging infrastructure to exchange information with them: ii. iii. iv. v. vi. vii. viii.

Format of the interface files; Frequency of transfer; Medium for data transfer; Suitable application protocol for the interface; Security of the transmission; Record size, record header and trailer information; and Data items and field structures.

330

The interface with external parties shall be done through the Messaging Gateway.

331

The proposed internal working of the Messaging Gateway is as follows:

Final Release

Private & Confidential

Page 117 of 245

TA4451-TAJ

U.

Final Report

December 2006

Illustration of the Functional Requirements (Use Cases)

Use Case 1: Manifest Control System client-software

Final Release

Private & Confidential

Page 118 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 2: Manifest Control System server-software

Final Release

Private & Confidential

Page 119 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 3: Declaration Control System client-software

Final Release

Private & Confidential

Page 120 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 4: Declaration Control System server-software

Final Release

Private & Confidential

Page 121 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 5: Warehouse Control System client-software

Final Release

Private & Confidential

Page 122 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 6: Warehouse Control System server-software

Final Release

Private & Confidential

Page 123 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 7: Certificate and License Control client-software

Final Release

Private & Confidential

Page 124 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 8: Certificate and License Control server-software

Final Release

Private & Confidential

Page 125 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 9: Registration Subsystem

Final Release

Private & Confidential

Page 126 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 10: Administration Subsystem

Final Release

Private & Confidential

Page 127 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 11: Tariff Nomenclature Subsystem

Final Release

Private & Confidential

Page 128 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 12: Valuation Subsystem

Final Release

Private & Confidential

Page 129 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 13: Customs Conditions Subsystem

Final Release

Private & Confidential

Page 130 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 14: Post-Clearance Subsystem

Final Release

Private & Confidential

Page 131 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 15: Customs Offence Subsystem

Final Release

Private & Confidential

Page 132 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 16: Duty Payment Subsystem

Final Release

Private & Confidential

Page 133 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 17: Fees and Billing Subsystem

Final Release

Private & Confidential

Page 134 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 18: Security Deposit Subsystem

Final Release

Private & Confidential

Page 135 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 19: Risk Management and Intelligence Subsystem

Final Release

Private & Confidential

Page 136 of 245

TA4451-TAJ

Final Report

December 2006

Use Case 20: Customs Statistics Subsystem

Final Release

Private & Confidential

Page 137 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX E PROPOSED ORGANIZATION CHART

Final Release

Private & Confidential

Page 138 of 245

TA4451-TAJ

Final Report

APPENDIX E.

December 2006

PROPOSED ORGANIZATION STRUCTURE

(In view of the introduction of the UAIS, CD RT may have to review and establish a new organization structure to meet the needs of the organization. The organization chart proposed is only a proposal and should be subjected to the review and study to be undertaken by CD RT through the establishment of an Organization and Methods Committee.) A.

Organization Chart of CD RT

HEAD OF CUSTOMS

DEPUTY HEAD ENFORCEMENT

DEPUTY HEAD CORPORATE SERVICES

COMPUTER INFORMATION SYSTEMS DIVISION

TRAINING DIVISION

STATISTICS DIVISION

CORPORATE AFFAIRS DIVISION

CUSTOMS DOCUMENTATION DIVISION

CUSTOMS CONTROL DIVISION

ANTISMUGGLING DIVISION

POST CLEARANCE AUDIT DIVISION

CENTRAL CUSTOMS LABORATORY

HEAD DUSHANBE REGION

HEAD LENINABAD (SUGHD) REGION

HEAD KHATLON REGION

HEAD TURZUNSADE REGION

HEAD GORNO-BADAKSHAN REGION

Final Release

Private & Confidential

Page 139 of 245

TA4451-TAJ

B.

Final Report

December 2006

Organization Chart of Computer Information System Division (CISD)

Head Computer Information Systems Division [1]

Head Systems Development [1]

Pool of System Analysts and Programmers [17] Systems Analyst (2) Programmers (5) Programmers (10) - 2 for each region

Head Systems Maintenance [1]

Head Adminstration [1]

Pool of System Engineer and Programmers [13]

Administration Clerks [2]

Systems Engineer (2) Programmers (3) Systems Operators in Data Center (8) - 2 persons per shift of 8 hours

The Computer Information System Division (CISD) is proposed for the following reasons : (a) (b) (c)

Final Release

To centralize CD RT operations of the UAIS under the Division Will have hands-on practical experience of CD RT requirements and commitment to CD RT objectives Immediate response to systems failure

Private & Confidential

Page 140 of 245

TA4451-TAJ

C.

Final Report

December 2006

Organization Chart of Training Division

Head Training Division [1]

Pool of Trainers [4]

The Training Division is proposed for the following reasons : (a) (b) (c) (d) (e)

To provide regular training on Customs matters To conduct studies on CD RT training needs assessments To provide and coordinate inter-agency training To conduct training to the private sector To coordinate and conduct professional, management and other midmanagement training course for CD RT

Final Release

Private & Confidential

Page 141 of 245

TA4451-TAJ

D.

Final Report

December 2006

Organization Chart of Corporate Affairs Division

Head Corporate Affairs Divivison

Publicity Materials

Public Relations Officers

The Corporate Affairs Division will take charge of promoting the image of the department. The tasks of the Corporate Affairs include : (a) (b) (c) (d)

E.

Enhance the CD RT Website as a medium for providing information to the public To prepare publicity materials such as brochures announcing the new UAIS and other Customs matters To undertake the preparation of replies to queries from the public for submission for approval of Head CD RT or MSRD To arrange and conduct presentations to national and international guests on CD RT and/or arrange programmes for national and international guests

Organization Chart of Customs Documentation Division

Head Customs Documentation Division

Sub Division of Goods Classification and NonTariff Regulation

Non-Tariff Regulations

Final Release

Currency Control

Sub Division of Valuation Regulations

Classification of Goods

Private & Confidential

Duty Payment Accounting

Tariff Regulations

Page 142 of 245

TA4451-TAJ

F.

Final Report

December 2006

Organization Chart of Anti-Smuggling Division

Head Anti-Smuggling Division

Intelligence Sub Division

Investigations Sub Division

Detector Dog Sub Division

Interdiction of Narcotic Drugs Sub Division

The Intelligence Sub- Division is responsible for collection, collating and analyzing information and intelligence received from overseas and locally and from Customs Offences committed. The Intelligence Sub Division will carry out field surveillance, provide support to Investigations Sub Division and the Post Clearance Audit and the Regional Offices as well. Intelligence Sub Division will also be the contact point for RILO CIS receiving, analyzing and providing the necessary statistics to RILO CIS. The Sub Division will provide reports of RILO CIS information to the field offices. The Sub Division will also be responsible for maintaining the Customs Offence Records. After investigations of offences have been completed, the files will be sent to the Sub Division for it to enter data into the Customs Offence Record.

Final Release

Private & Confidential

Page 143 of 245

TA4451-TAJ

G.

Final Report

December 2006

Organization Chart of Posts Clearance Audit Division

Head Post Clearance Audit Division

Risk Management Sub Division

Post Clearance Audit

The Risk Management Sub-Division is responsible for formulating risk assessment, risk analysis and determining the risk level of imports by products, by country of origin, etc. The Sub Division will draw data from all the appropriate computer application sub-systems to develop risk profiles of products, companies and persons.

Final Release

Private & Confidential

Pool of Field Audit Teams

The Post Clearance Audit will have field audit teams to perform audits. Audits can be immediate (alerted by the computer systems on, for example, low values being declared), planned (based on decision to audit by company) and selection by particular product across companies.

Page 144 of 245

TA4451-TAJ

H.

Final Report

December 2006

Organization Chart of Customs Control Division

Head Customs Control Division [1]

Excise Control Sub Division [3]

Head Customs Warehousing Sub Division

Customs Declaration & Security Deposit Sub Division

Administration Support Section Customs Declaration/ ManifestReconciliation Section

Security Deposit Section

Inspection Teams

The Warehousing Division will undertake issue of Customs Warehouse licenses. The officers will carry out inspection of the sites applied for, prepare reports on their findings and seek management approval. The Sub-Division will also conduct inventory control checks on the licensed premises drawing data from the Warehousing Sub System and will initiate action against warehouse operators upon alerts by t he system o r on de te ct in g Cu stoms infringements during their inventory control checks.

Final Release

Private & Confidential

The Customs Declaration Sub Division will be responsible for the maintenance and tracking of use of Customs Declaration, return of Customs declarations to CD RT and Manifest Reconciliation. The Sub Division will also be Custodian of security Deposits and be responsible for requesting addi ti onal secu rit y dep osit s t o be deposited when necessary. The Sub Division will also be responsible for the return of security deposits on finalization of Customs formalities for which the deposits were made.

Page 145 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX F HARDWARE SPECIFICATIONS

Final Release

Private & Confidential

Page 146 of 245

TA4451-TAJ

Final Report

APPENDIX F. A.

December 2006

HARDWARE SPECIFICATIONS

Customs HQ Data Centre 1

General Requirements The room for the Data Centre must be sufficiently big enough to hold current number of network equipments plus various servers and communication equipments. The recommended size of the data centre requires a minimum of 1000 sq ft. The location of the Data Centre is chosen with care whereby it has minimum risks from natural disaster and environment factor. The height of the data centre from the raised floor to the false ceiling has a minimum of 8 ft clearance for the equipments and airflow. Outside the Data Centre, a room with 500 sq ft is used for Network Operation Centre (NOC) where by operator operates 24 x 7 shift. This operation centre staff will monitor equipments availability, server performance and communication links. The NOC staffs will support system engineers and application engineers in simple tasks and monitoring the batch jobs as well as the back up jobs. The NOC staff will adhere to strict control in change management via ISO 9001:2000 and BS 7799 certification. In the event where systems or applications mal function, the NOC staff will center point of contact for escalation to various departments and management team. The NOC staffs will create forms and policies procedures for all operation procedures. In the NOC room, a network management server allows operators to monitor servers, routers and switches. Beside, the NOC, a staging area is required for testing of equipment before it is put up into the production room. This will help to reduce the outage due to spoilt equipment or incorrect configuration of the equipments when it is put into the production area. The staging area is built with enough power socket and workspace for all type testing. The network points in this room are sufficient for multiple equipments to test at the same time. The walls and the partition of the data centre are constructed of fire retarding material. It shall have a minimum of 2 hour fire rating.

2

Data Centre Power The power supply to the data centre and NOC shall come from two different power sources. The two power sources will connect to the two power generators so that when the power supplies cut off the generators will kick in to supply power to the data centre and the NOC. Each generator has an 8hour capacity diesel fuel day-tank. The diesel fuel tank storage capacity of 15,000 liters or more is desirable depending on the calculation of the power consumption per day. The power plant is constructed with soundproof backup area to allow continuous operation without distraction to the community. The generators each operate via parallel switchgear for load sharing and backup system configuration. A pair of UPS with sufficient power rating is connected in parallel to the Data centre and the NOC. This connectivity will allow the power to continuing supply to the equipment without any surge or downtime. The UPS power rating should have sufficient power to supply the equipments for minimum of 30mins. During this time the power generator will automatic start up it operation to generate electricity for the data centre. The power cables that lay to the equipment racks are properly concealed in metal trunking under the raised floor.

Final Release

Private & Confidential

Page 147 of 245

TA4451-TAJ

Final Report

December 2006

UPS

Generator

3

Data Centre Racks All racks supply to the data centre come in 42U 19” EIA full height rack. The racks are mounted with two power strips of ten power sockets supplying to the servers and equipments in the rack. Each rack is supplied with 6.6KVA power supply with 230V 60 Hz single phases. Each power distribution strip connects to different power sources. Hence, any failure from one power source will not affect the power supply to the equipment racks. Each rack is supply with top mounted exhaust fan and four trays for mounting equipments. The racks are enclosed with glass door and secure with locks in front and from the back. The arrangement of the rack shall be flexible to allow rack intervals of 150 cm each for front and rear access. The racks shall be installed with cable management trays for easy cable management.

4

Final Release

Air-conditioning The data centre room need to maintain at the temperature of 19ºc to 20ºc. The air-conditioning units supply to the data centre must have sufficient cooling capacity (BTU) to maintain the data centre at the above temperature for 24 hours operation. The calculation for the cooling capacity need to consider the overall thermal transfer value to the data centre and the NOC, which include heat transmit from light buds, human, glass window, infiltration, servers, routers, switches etc. Three units of air-condition shall be installed for the 24 hours operation, at any one time there will be two units in operation so that one can be off for servicing and standby. The two units of air-conditioner shall have the sufficient cooling capacity to cool and maintain the data centre temperature to 19ºc, and humidity at 60%. The design for the airflow for the air-conditioner shall be take into consideration. Proper design of airflow is depicted as follows:

Private & Confidential

Page 148 of 245

TA4451-TAJ

Final Report

December 2006

Figure 1

The fan coil unit shall have sufficient power to blow the air all the way to the back of the racks so that it is able to cool the equipments behind the room. 5

Raised Floor The raised floor is properly designed to take the load of the various equipments and personal working in the data centre. The stud shown in figure 2 supports the raised floor. The stud is secured (bolted) to the concrete floor so that it shall not be moveable.

Figure 2

The raised floor panels are measure by 61 cm by 61 cm and the vertical clearance under floor height is 46 cm. Each panel shall support at least 455 kg of concentrated load, 2,200kg of axial load and 568 kg of panel rolling load. At the entrance of the data centre a ram slope is constructed for easy access of equipment through trolley. The ramp slope (pitch) should be 1:12. That means that for every inch of raised floor height add 12“ of ramped surface accessing the floor. Example: For a 6" raised floor, a 6-foot ramp would be required to meet ADA Code. A 12” high floor requires a 12’ ramp, an 18” high floor would require an 18’ ramp, etc. A typical ram slope is show in figure 3.

Final Release

Private & Confidential

Page 149 of 245

TA4451-TAJ

Final Report

December 2006

Figure 3

The ram kit shall include: bare concrete filled panels, pedestal bases, ramp swivel pedestal heads, stringers, fasteners, aluminum ADA ramp shoe, galvanized steel bottom angle, ramp threshold, aluminum fascia plate, aluminum fascia trim, non-skid black ramp surface and adhesive. A ramp shoe is the first thing equipment touches when going up a ramp. This heavy duty all aluminum pieces can take years of abuse from equipment caster wheels and personnel traffic. Anchors into your sub floor at the base of the ramp and makes the slope from grade to 1 inch. This ramp shoe is a full 12 inches wide that meets ADA 1:12 requirements for ramped surfaces. Protects the ramp from equipment damage and makes an excellent seamless transition between two surfaces. Figure 4 show picture of RAM shoe.

Figure 4

The data centre allows one entrance from the front and an emergency exit for escape route during emergency. The entrance at the data centre require access mat as show in the figure 5. The access mat shall cover a generous of 4 foot by 6-foot area. The advantages of the access mat are: • • • • • 6

Final Release

Reduce expensive maintenance cost Increases life span of floor Traps water, dirt, sand and oil Easily cleaned Stops harmful particulates from entering the room

Fire Fighting and Detection System (FM-200 System Specification) • The design, fabrication, and installation of the Fire Fighting installation and its components shall be in compliance with the requirements and recommendations of ANSI/NFPA 2001 (2004 edition) • The FM-200 shall interface with the building fire alarm system. • Design of a clean agent fire extinguishing system (FM-200) shall be performed by a currently certified NICET Engineering Technician (NICET Level II or greater) in Fire Protection Engineering Technology. • Submit shop drawings indication detailed layout of system, locating each component. Include control diagrams, wiring diagrams, and written sequence of operation. Private & Confidential

Page 150 of 245

TA4451-TAJ

Final Report





• • • • •

• • • • • • •

• • • • •

Final Release

December 2006

Submit product data specification of all components used. Include storage cylinders, control valves and pilot controls, control panels, nozzles, pushbutton stations, detectors, alarm bells or horns, switches and annunciators. For total flood hazards, submit design calculations derived from computer program written specifically for clean agent used. Analysis shall include calculations to verify system terminal pressures, nozzle flow rates, piping pressure losses, component flow data, and pipe sizes considering actual and equivalent lengths of pipe and elevation changes. Submit test reports indicating successful completion of tests. Inspect system 6 months and 12 months after substantial completion of project. At each inspection, determine agent contents and pressure, and that system is in proper working order. Include complete checkout of control, detection and alarm systems. Submit documents, certifying satisfactory system conditions. Include manufacturer’s certificate of acceptance of qualifications of Inspectors. Piping materials such as stainless steel or other piping or tubing may be used with approval of the authority having jurisdiction, providing an internal pressure of 300 psi will not cause material stress greater than the materials yield point when calculated according to ANSI B-31.1, Power Piping code All fittings shall have a minimum working pressure of 620 psi, cast iron and Class 150 pound fitting shall not be used. All pipes shall be reamed after cutting so that all burrs and sharp edges are removed. All pipe must be thoroughly cleaned before installation All pipe and fittings installed outdoor or in corrosive areas must be galvanized or treated with a proper protective coating. All screwed pipe shall be coated with Teflon tape or an appropriate pipe joint compound. An experienced welder must perform all welding. Threaded valves such as selector valves, check valves, and solenoid valves shall be installed with a union immediately downstream. Valves having more than two connection points such as shuttle valves and pilot valves shall be installed with union adjacent to the valve in each connection line. Pipe connections to equipment items such as discharge delay devices, pressure switches, etc., shall have a union adjacent to the equipments. Piping to pressure releases shall be as specified above for discharge piping. All take-offs for pressure release piping shall be from the top of the discharge piping. Rigid hangers are required wherever a change in direction or change in elevation in the piping system occurs. All hangers shall be fabricated of steel. All piping shall be attached to rigid hangers by means of U-bolts locked with double nuts, one on each side of hanger. The distance between hangers shall follow the tables

Private & Confidential

Page 151 of 245

TA4451-TAJ

Final Report

• •

Final Release

December 2006

The cylinder shall be fitted with an approved valve design and shall have a threaded steel anti-recoil protective cap. The cylinder shall be mounted in freestanding steel racks or on solid wall and shall be arranged to allow a service aisle for cylinder removal and cylinder weighing. Private & Confidential

Page 152 of 245

TA4451-TAJ

Final Report

• • • • • • • •

B.

December 2006

Each cylinder shall be fitted with a pressure operated discharge valve that includes an integral safety relief device that serves to protect cylinder against excessive internal pressure. Each valve shall be provided with a removable pressure gauge. The smoke detector located in the hazard area will signal the control panel for automatic release of FM-200 gas. Before this operation, the control panel shall sound appropriate alarms to evacuate the hazard area. The nozzles shall be supplied in quantities sufficient to properly cover the areas being protected in accordance with NFPA 2001 Nozzles shall be of corrosion resistant construction and shall be designed specifically for FM-200 system. Electrically actuated fire alarm horns shall be furnished and installed. Alarms shall be adequate to alert Data Centre personnel located in the protected areas. The control panel shall be programmable such that an adequate predischarge alarm period can be set at the time of system test to ensure personnel safety.

Customs HQ 1

Router A router device that will ensure routing of all the connections for the offering of services to be given over UAIS shall be supplied. This router shall have the capacity and capabilities to ensure UAIS services to be established. This router shall have the following features.

Final Release

(i)

The router shall connect to the service provider without any problem

(ii)

Power source and fan shall have spares. Power source shall be capable of working by sharing the load and they shall be hot swappable.

(iii)

The router shall support operation between 100 – 240V AC or -24V to -60VDC

(iv)

The router shall have at least 2 numbers of 10/100/1000 Mbps Ethernet ports

(v)

The router shall have minimum of 6 slots

(vi)

An external flash memory shall be found on the router by default

(vii)

The router shall be manageable by TELNET, Console and graphic user interface.

(viii)

The router shall support WAN connection.

(ix)

The throughput value of the router shall be specified and the throughput value of the device in question shall be at least 10 Mpps.

Private & Confidential

Page 153 of 245

TA4451-TAJ

2

Final Release

Final Report

December 2006

(x)

The router shall have a CLI providing a secure and easy entry of the commands to the running system.

(xi)

The router shall have the characteristic of easily returning to previous configuration from the carried out configuration.

(xii)

The router device shall support Layer 2 and Layer 3 protocols as well as ARP, IPCP, IP forwarding, IP host, IP multicast, TCP, Telnet, TFTP, UDP, transparent bridging, VLAN, MPLS and IPv6 protocols.

(xiii)

The routing device shall support Layer 3 routing protocols as well as IS-IS, OSPF, BGP, PIM and RIP protocols

(xiv)

The router device shall support Network Management and security protocols as well as CHAP, FTP, RADIUS, SNMP, PAP protocols.

(xv)

The router device shall have RFC 1483 (Multiprotocol Encapsulation over ATM AAL5), RFC 1577(Classical IP and ARP over ATM AAL5) protocol support

(xvi)

The router device shall have ARP, RARP, BOOTP, ICMP support

Core Switch (i)

The core switch shall work in pair in the system.

(ii)

The core switch shall have a minimum of 16 pieces of Fiber Gigabit Ethernet port and minimum of 36 piece of 10/100/1000 copper Ethernet ports

(iii)

The backplane capacity of the switches to be used shall be minimum 200Gbps (non-blocking). Also all offered port shall work with wirespeed.

(iv)

The pair of core switch connect to each other shall support 4Gbps

(v)

The core switches are modular chassis and it should be possible to use its slots for Fast Ethernet or Gigabit Ethernet when required.

(vi)

The core switches to be used shall work redundant both within themselves (e.g. power supplies and control unit) and with each other. In the event that any of the units (as the power supply and control unit) or the switch chassis can not continue its services, the other one should without any interruption continue the service without any decrease in the performance and without falling down the throughput value.

(vii)

It shall have L3 support. It shall be possible to use it for VLAN routing purposes. It should have the features of static routing and all kinds of dynamic routing (RIP, OSPF, BGP etc.).

(viii)

It shall have SSH v2 feature

Private & Confidential

Page 154 of 245

TA4451-TAJ

Final Report

December 2006

(ix)

The pair of core switches will backup each other in terms of both L2 and L3. It should ensure Spanning Tree (IEEE 802.1d and all the IEEE 802.1x, 802.1w, 802.1s, 802.1q all of which speed spanning tree up or all their equivalents at different standards (provided that those standards shall be stated as well) features in order to provide L2 redundancy. In the same way, it shall support VRRP or a similar protocol in order to support L3 redundancy.

(x)

It must be possible to assign QoS parameters to the ports.

(xi)

It shall have Multicast support.

(xii)

There shall not be any service interruption; when an error occurs in the software, there shall have a go back feature (going back to the last working configuration).

(xiii)

802.1p traffic priority appointment and, in order to prevent package loss in ports that are used intensively, 802.3x (flow control) standard shall be supported. It shall be possible to identify these features separately for each port.

(xiv)

It shall have 802.3ad Link aggregation feature.

(xv)

It shall support SNMP and RMON standards.

(xvi)

It shall have port mirroring support to be able to perform detailed realtime traffic analysis.

(xvii)

It shall have IEEE 802.1q VLAN support.

(xviii) It shall have RFC 1757 RMON (groups 1, 2, 3, 9) support. (xix)

It shall have RADIUS support and whether it has TACACS support shall be specified.

(xx)

Power supplies shall be redundant. In the event of a breakdown, the spare power supply shall be put in use without the operation is been interrupted.

(xxi)

Restart shall not be required during loading of the patches or corrections and for these to be actively used.

(xxii)

Switches shall support hardware based and more than one priority queues.

(xxiii) Switches shall support ruling according to MAC address, thus it shall be possible to inspect access to the network by unauthorized users. (xxiv) The switches shall block ARP Spoofing. They shall support static and/or dynamic ARP entry. (xxv)

Final Release

Management subsystem or card shall be redundant and in the event of a breakdown, the spare management card shall be put in use without booting and interrupting the operation. The existing switching traffic shall not be interrupted in the time that passes until the spare Private & Confidential

Page 155 of 245

TA4451-TAJ

Final Report

December 2006

management card is put in use and transfer duration shall be stated in terms of milliseconds. (xxvi) It shall support source based routing or policy based routing. (xxvii) The switches shall allow management from Telnet, SNMP, Web and consol ports. (xxviii) IPv6 routing support shall be provided natively. (xxix) The switches shall have the power to be able to work wire-speed even when all the ports are fully populated on the subsystem. (xxx)

The user interface shall be manageable by the web-based management panel. The management software required for management shall be proposed. It shall be possible to perform all configuration operations with this management software.

(xxxi) The switch shall support access control list. (xxxii) The switch shall support Jumbo frame. 3

4

Final Release

Access Switch & DMZ switch (i)

The switches shall be redundant.

(ii)

Each switch device shall be offered with its spare power source.

(iii)

At least 24 of 10/100/1000 Base-T ports

(iv)

The switch device shall have minimum 12 Gbps non-blocking switch fabrics and 1.8 Mpps wire-speed switching throughput value.

(v)

There shall be VLAN support.

(vi)

It shall be manageable.

(vii)

It shall have 802.3ad Link aggregation feature.

(viii)

It shall/should be managed with a web based management console.

Firewall (i)

Firewalls with redundancy shall be offered to the system.

(ii)

In case that it is package or server based, it shall have power source spare.

(iii)

There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site-to-site VPN support on the firewall.

(iv)

Whether the firewall has static packet filtering, dynamic packet filtering and proxy firewall feature shall be specified. Private & Confidential

Page 156 of 245

TA4451-TAJ

5

Final Release

Final Report

December 2006

(v)

The firewall shall be with an active-active load sharing or activepassive structure. If it is positioned in active-passive structure, the other firewall shall continue to work without loading the configurations back from any backup in case that the active firewall has become disabled.

(vi)

The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)

(vii)

Firewall shall support an unlimited number of users.

(viii)

The firewall to be offered should have at least two of TSE ISO 15408, Common Criteria Evaluation Assurance Level 4 (EAL4), FIPS 140-1 Level 2, ICSA, ITSEC E3, VPNC certificates.

(ix)

Access inspection shall be possible according to stateful inspection on the packets coming and going between the target and the source.

(x)

It shall be able to limit the number of premature connections in order to decrease the effects of DoS and DDoS attacks.

(xi)

It shall be capable of performing identity verification server over the external database, to the systems which if provide security to the once who require to access services such as Radius, TACACS, SecureID, LDAP etc.

(xii)

It shall be capable of performing Network Address Translation (NAT). It shall be able to hide Internet addresses of internal machines and ensure access to external networks through a single IP address.

(xiii)

It shall have H323 NAT Traversal support.

(xiv)

Firewall throughput of 300Mbps and above

(xv)

Concurrent session of 50,000

(xvi)

IPSec VPN peers sessions of 250

(xvii)

It should have logging and monitoring features

Network-Based Active Defense System (i)

IDS/IPSs shall be package or card based. The products of two different manufacturers shall be used in the 1st layer and the solutions of any of these two different manufacturers shall be used in the second and the third layer.

(ii)

Signature updates shall be automatically performed from the Internet and the sensors shall be downloaded automatically.

(iii)

The IDS/IPS to be offered shall have minimum the following characteristics. The Tenderer shall offer products with higher characteristics. Private & Confidential

Page 157 of 245

TA4451-TAJ

Final Release

Final Report

December 2006

(iv)

The Tenderer shall offer sufficient amount of device by considering that the firewall throughput and that the IDS/IPS’s will work as in-line.

(v)

In case that it is package or server based, it shall have power source spare.

(vi)

IDS/IPS shall work as in-line if requested.

(vii)

TCP reset or blocking should be applied for suspicious packages, whether Trojan or not, passing through any standard port such as HTTP port which has to be open.

(viii)

New policies should be defined in IDS/IPS and attack definition automatically and manually should be performed.

(ix)

It should send an alarm to the console in case of an attack (with SNMP or its own protocol), monitor the active session, perform reporting, log the packages coming from the attack points.

(x)

For the known attacks such as Syn attack, ICMP flood, port scan, tear_drop, it should be capable of disconnecting TCP connection by reducing the package when the attack is received and should send an alarm to the system administrator with e-mail, SNMP or syslog.

(xi)

It shall have fail-open (automatic by-pass) feature.

(xii)

It shall work according to the attack signature and protocol/application anomalies determination essential (Hybrid mode). While working according to the protocol/application anomalies determination essential it should monitor the traffic as stateful and it should perform IP defragmentation, combining of TCP traffic (stream reassembly), protocol analysis and parsing, asymmetric traffic analysis and protocol normalization.

(xiii)

It should determine Unicode and Whisker attacks.

(xiv)

The following attacks should be determined and prevented: •

Sweep and flood



DoS



Worm-virus



CGI and WWW attacks



Buffer floods



RPC attacks



ICMP attacks



E-mail attacks such as SMTP, IMAP, POP3



FTP, SSH, Telnet, rlogin attacks



DNS attacks

Private & Confidential

Page 158 of 245

TA4451-TAJ

6

Final Release

Final Report



TCP hijack attacks



Backorifice and similar backdoor attacks



Windows and NetBIOS attacks



NTP attacks



P2P file sharing applications

December 2006

(v)

There should be SSL, SSH support for secure communication with the management subsystem, the attack defining packages should be sent to the management center by being encrypted.

(vi)

When an attack is performed, it shall have the “Forensic” data collection feature that ensures the collection of the proofs assisting in the commencement of a legal process by determining the source, type, size and the access area of the attack.

VPN (i)

The VPN to be offered shall be separate package or server or card based and it shall be offered redundant.

(ii)

In case of the VPN to be offered as package or server based; it shall have power source spare.

(iii)

The specifications of the VPN package shall be specified in detail.

(iv)

That the encryption operations are performed with Hardware Crypto Accelerator cards shall be a matter of preference.

(v)

The VPN solution to be proposed shall support at least 2000 siteto-site tunnels and the maximum client-to-site tunnel supported shall be stated.

(vi)

The throughput value for the packages been encrypted with DES in the VPN or with one or more package shall be minimum 145 Mbps.

(vii)

Packet encryption with DES, 3DES, AES algorithms shall be possible.

(viii)

It shall support IPSec standards. Supported IPSec identity verification methods shall be stated. (SHA-1, MD5, PKI, SCEP (Automated certificate enrollment), OCSP (Online Certificate Status Protocol) etc.).

(ix)

Software/hardware required for the management of VPN packages shall be included in the proposal and for this software/hardware, pricing per site/client shall not be made.

(x)

Remote connections and LAN-to–LAN connections shall be monitored on the monitoring screen.

Private & Confidential

Page 159 of 245

TA4451-TAJ

7.

Final Report

December 2006

(xi)

Even if there is a device performing NAT in between, in order for IPSec not to break, NAT transparency shall be ensured through TCP or UDP encapsulation.

(xii)

All tunneling operations to be made on VPN shall be made on network layer.

Load Balancer (i)

Minimum of 8 x 10/100 Base-T ports

(ii)

Should be able to work in active-standby or active-active mode

(iii)

Should be able to be managed via telnet, ssh, http or https.

(iv)

Should be able to achieve 200k or more concurrent sessions

(v)

Should be rack mountable

(vi)

Should support TCP, UDP, and IP application server load balancing support, including HTTP (persistent and non-persistent), FTP, SSL, SMTP, POP, IMAP, DNS, Telnet, and others

(vii) Should support the following protocols: • • • • • • • • • • • • • • • • • •

8.

10/100/1000 Base-TX (IEEE 802.3) 1000Base-SX/LX (IEEE 802.3) Spanning Tree (IEEE 802.1d) Logical link control (IEEE 802.2) Flow control (IEEE 802.3x) Link negotiation (IEEE 802.3z) VLANs (IEEE 802.1Q) Frame tagging (IEEE 802.1Q) on all ports when VLANs enabled SNMP IP RIPv1 BGP v4 OSPF TFTP (RFC 783) BootP (RFC 1542) BootP (RFC 951) Telnet (RFC 854) EtherChannel-compatible trunking

Servers (i)

All servers shall work with load balancing basis or redundant.

(ii)

All servers (Web, Application and Database) should be of the same brand.

(iii)

All servers within the solution shall be mountable to the rack cabinet.

Web Servers

Final Release

Private & Confidential

Page 160 of 245

TA4451-TAJ

Final Report

December 2006

(i)

The web server shall have minimum of one CPU processor. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed.

(ii)

The web server processor should have the characteristics of 64 bit memory addressing and Simultaneous Multi Threading.

(iii)

The web server shall be at least 2 GB DDR2 RAM with ECC protection on the system and upgradeable to 8 GB of main memory shall be installable for the expansion of the system.

(iv)

Memory DIMM’s should be capable of backup (DIMM sparing)

(v)

There shall be Online Spare Memory support

(vi)

There should be Memory Mirroring feature.

(vii)

The web server shall be 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 72 GB on the server.

(viii)

The disks on the web server shall be configured as RAID1. The system architecture shall support Raid 0, 1 and 0+1.

(ix)

There shall be a remote management card on the web server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.

(x)

There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex.

(xi)

There shall be PCI-X or PCI Express slots for expanding the web servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the systems in question.

(xii)

The web server power sources shall be hot swap redundant and redundant, and the cooling fans shall be redundant.

(xiii)

There shall be at least 2 USB, 1 serial, keyboard and mouse entries on the web server.

Application Server

Final Release

(i)

The application server shall have minimum 2 or more processors. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed. The processor should have the characteristics of 64 bit memory addressing and Simultaneous Multi Threading.

(ii)

The application server shall be at least 4 GB DDR2 RAM with ECC protection on the system and at least up to 12 GB of main memory shall be upgradeable for the system.

(iii)

Memory DIMM’s should be capable of backup (DIMM sparing) Private & Confidential

Page 161 of 245

TA4451-TAJ

Final Report

December 2006

(iv)

There shall be Online Spare Memory support.

(v)

There should be Memory Mirroring feature.

(vi)

There shall be minimum 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 72 GB on the application server.

(vii)

The application server shall be a hot-swap disk slot that minimum 4 disk would be installed by considering the expandability of the system.

(viii)

The disks on the application server shall be configured as RAID 1. The system architecture shall support Raid 0, 1, 0+1 and 5.

(ix)

There shall be a remote management card on the application server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.

(x)

There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex on the application server.

(xi)

There shall be PCI-X or PCI Express slots for expanding the application servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the systems.

(xii)

The application server power source and cooling fans shall be hotswap redundant and redundant.

(xiii)

The application server shall be at least 2 USB, 1 serial, keyboard and mouse entries on the server.

Database Server

Final Release

(i)

The database server shall have minimum 2 or more processors. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed. The processor should have the characteristics of 64 Byte memory addressing and Simultaneous Multi Threading.

(ii)

The database servers shall be at least 8 GB DDR2 RAM with ECC protection on the system and at least up to 12 GB of main memory shall be upgradeable for the system.

(iii)

Memory DIMM’s should be capable of backup (DIMM sparing).

(iv)

There shall be Online Spare Memory support.

(v)

There should be Memory Mirroring feature.

(vi)

There shall be minimum 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 360 GB on the database server before any RAID.

(vii)

The database servers shall be in RAID 5, & RAID 0+1. Private & Confidential

Page 162 of 245

TA4451-TAJ

Final Report

December 2006

(viii)

There shall be a remote management card on the database server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.

(ix)

There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex on the database server.

(x)

There shall be PCI-X or PCI Express slots for expanding the database servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the database systems.

(xi)

There shall be redundant power sources and cooling fans on the database servers.

Development/ Testing Server

Final Release

(i)

The Development and testing servers shall install in a separate network that will not impact on the production segment during testing.

(ii)

The Development/Testing server shall have minimum of one CPU processor. It is recommended to use SUN UltraSparc server with at least 1.3GHz processor speed.

(iii)

The Development/Testing server processor should have the characteristics of 64 bit memory addressing and Simultaneous Multi Threading.

(iv)

The Development/Testing server shall be at least 2 GB DDR2 RAM with ECC protection on the system and upgradeable to 8 GB of main memory shall be installable for the expansion of the system.

(v)

The Development/Testing server shall be 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 72 GB on the server.

(vi)

The disks on the Development/Testing server shall be configured as RAID1. The system architecture shall support Raid 0, 1 and 0+1.

(vii)

There shall be a remote management card on the Development/Test server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.

(viii)

There shall be a minimum of 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex.

(ix)

There shall be PCI-X or PCI Express slots for expanding the Development/Testing servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the systems in question.

Private & Confidential

Page 163 of 245

TA4451-TAJ

Final Report

December 2006

(x)

The Development/Testing server power sources shall be hot swap redundant and redundant, and the cooling fans shall be redundant.

(xi)

There shall be at least 2 USB, 1 serial, keyboard and mouse entries on the Development/Testing server.

(xii)

The Development/Testing server shall install with 64-bit UNIX or LINUX Operating system

Mail Cluster server (i)

The mail servers shall be at least 8 GB DDR2 RAM with ECC protection on the system and at least up to 12 GB of main memory shall be upgradeable for the system. • • •

Final Release

Memory DIMM’s should be capable of backup (DIMM sparing). There shall be Online Spare Memory support. There should be Memory Mirroring feature.

(ii)

There shall be minimum 2 pieces of 10,000 RPM Ultra320 SCSI or SAS (Serial Attached SCSI) or FC Hot-Swap disk with a capacity of minimum 360 GB on the database server before any RAID.

(iii)

The mail servers shall be in RAID 5, & RAID 0+1.

(iv)

The mail Cluster servers shall have minimum 4 or more processors with minimum 3.4 GHz speed and 2 MB cache in x86 server architecture. The processor should have the characteristics of 64 Byte memory addressing and Simultaneous Multi Threading.

(v)

There shall be a remote management card on the mail server providing a secure access over the local and wide area network by being connected to PCI slot or by being integrated.

(vi)

There shall be minimum 2 pieces of integrated Ethernet port running 10/100/1000 Mbps Full Duplex on the database server.

(vii)

There shall be PCI-X or PCI Express slots for expanding the database servers in the offers been constituted with x86 architecture and PCI slots in the offers been constituted with RISC architecture. There must be at least 2 empty slots in the database systems.

(viii)

There shall be redundant power sources and cooling fans on the database servers.

(ix)

2 pieces of Fiber Channel cards each having a port at 2 GBPS speed on the servers to be connected to SAN system shall be found.

(x)

The server shall install with windows 2003 enterprise operating system or above with clustering capability.

(xi)

The Mail server shall be installed with exchange 2003 or higher edition with the clustering capability (Exchange enterprise edition).

Private & Confidential

Page 164 of 245

TA4451-TAJ

9.

Final Report

December 2006

Disk Storage Subsystems for Clusters and Servers Two (2) Identical Subsystems of Storage Servers each of following requirements: Performance Requirements: Data Transfer Rate ≥ 1500 MB/Sec (+/10%) IO/sec ≥ 500000 (+/- 10%) Note: Performance can be achieved in combination of few storage server devices, but single device is more preferable. Managements Software:

Multi-Path Failover/Load-Balancing Cluster Storage Management Software Point-in-Time (Instant) Copy Software/License Host Access Security- License for 8 Hosts

Architecture:

FiberChannel - 2Gbit (4GBit more preferable) Dual/Redundant RAID Processors Design

Cache:

4GB (or more), battery backed

Host Ports:

Eight (or more) 2Gbit FC, Optical (4GBbit ports are more preferable)

Disk Capacity Expansion:

up to 200 Hot-Swap Drives

Disk Drives Support:

10.

FC-73GB/10K, FC-73GB/15K, FC-146GB/10K, FC-146GB/15K, FC300GB/10K, SATA-250GB/7.2K

Installed Disk Drives:

Twelve 146GB 10K RPM Hot-Swap Hard Disks Sixteen 73GB 15K RPM Hot-Swap Hard Disks

Disk Drives Interface:

2Gbit FiberChannel (or 4Gbit)

RAID Levels Support:

0, 1, 3, 5 and 0+1

Connectivity License:

Support all above listed server’s Operating Systems

Power Redundancy:

Two (or more) Power Supplies

Chassis:

Rack Mountable

SAN Switches for Main Cluster and Main Storage Subsystems Two (2) Identical SAN Switches, each of following requirements:

Final Release

Private & Confidential

Page 165 of 245

TA4451-TAJ

11.

Final Report

December 2006

Architecture:

FiberChannel - 4Gbit

Ports:

Sixteen FC/SW 4Gbit Ports

Cables:

Eight 5m FC Optical Cables Eight 25m FC Optical Cables

Security Features:

Advanced Zoning

Chassis:

Rack Mountable

Tape Library One (1) Tape Library of following requirements:

12.

13.

Managements Software:

Automated Network Backup Software Automated SAN Backup Software Library Management Software

Architecture:

LTO Generation-3

Drives:

Two (or more) LTO Generation-3 Tape Drives

Host Interface:

2GBIT FiberChannel

Tape Slots:

Thirty (or more)

Cartridges:

70x LTO-3 Data & 4x LTO Cleaning Cartridges

Chassis:

Rack Mountable

Racks Form Factor:

19”, 42U, Enterprise Depth

Doors:

Lockable Front, Rear Doors and Sidepanels

Power Distribution Units:

Four 9-Plug Power Distribution Units

Console:

Console Tray w/ 15” TFT Screen & Keyboard 2X8 Ports Console Switch w/ Eight KVM Cables

UPS Two (2) Sets of UPS’es and Racks, each of following configuration:

Final Release

UPS Power Capacity:

Two 5KVA (10KVA Total)

UPS Powerless Runtime:

Not less than 45 minutes

Private & Confidential

Page 166 of 245

TA4451-TAJ

Final Report

December 2006

UPS Management Software: Power Management/Auto-shutdown Software (Compatible to all Operating Systems installed at above specified servers) Rack for UPS and Batteries: 20–30U Rack Rack PDU: C.

High-Voltage input PDU

Regional Office 1

Router A router device that will ensure routing of all the connections for the offering of services to be given over UAIS shall be supplied. This router shall have the capacity and capabilities to ensure UAIS services to be established. This router shall have the following features.

Final Release

(i)

The router shall connect to the service provider without any problem

(ii)

Power source and fan shall have spares. Power source shall be capable of working by sharing the load and they shall be hotswappable.

(iii)

The router shall support operation between 100 – 240V AC or -24V to -60VDC

(iv)

The router shall have at least 2 numbers of 10/100/1000 Mbps Ethernet ports

(v)

The router shall have minimum of 2 slots

(vi)

An external flash memory shall be found on the router by default

(vii)

The router shall be manageable by TELNET, Console and graphic user interface.

(viii)

The router shall support WAN connection.

(ix)

The throughput value of the router shall be specified and the throughput value of the device in question shall be at least 10 Mpps.

(x)

The router shall have a CLI providing a secure and easy entry of the commands to the running system.

(xi)

The router shall have the characteristic of easily returning to previous configuration from the carried out configuration.

(xii)

The router device shall support Layer 2 and Layer 3 protocols as well as ARP, IPCP, IP forwarding, IP host, IP multicast, TCP, Telnet, TFTP, UDP, transparent bridging, VLAN, MPLS and IPv6 protocols.

(xiii)

The routing device shall support Layer 3 routing protocols as well as IS-IS, OSPF, BGP, PIM and RIP protocols

Private & Confidential

Page 167 of 245

TA4451-TAJ

2

Final Release

Final Report

December 2006

(xiv)

The router device shall support Network Management and security protocols as well as CHAP, FTP, RADIUS, SNMP, PAP protocols.

(xv)

The router device shall have RFC 1483 (Multiprotocol Encapsulation over ATM AAL5), RFC 1577(Classical IP and ARP over ATM AAL5) protocol support

(xvi)

The router device shall have ARP, RARP, BOOTP, ICMP support

Firewall (i)

Firewalls working redundant shall be offered to the system.

(ii)

In case that it is package or server based, it shall have power source spare.

(iii)

There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site to site VPN support on the firewall.

(iv)

Whether the firewall has static packet filtering, dynamic packet filtering and proxy firewall feature shall be specified.

(v)

The firewall shall be with an active-active load sharing or activepassive structure. If it is positioned in active-passive structure, the other firewall shall continue to work without loading the configurations back from any backup in case that the active firewall has become disabled.

(vi)

The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)

(vii)

Firewall shall support an unlimited number of users.

(viii)

The firewall to be offered should have at least two of TSE ISO 15408, Common Criteria Evaluation Assurance Level 4 (EAL4), FIPS 140-1 Level 2, ICSA, ITSEC E3, VPNC certificates.

(ix)

Access inspection shall be possible according to stateful inspection on the packets coming and going between the target and the source.

(x)

It shall be able to limit the number of premature connections in order to decrease the effects of DoS and DDoS attacks.

(xi)

It shall be capable of performing identity verification server over the external database, to the systems which if provide security to the once who require to access services such as Radius, TACACS, SecureID, LDAP etc.

(xii)

It shall be capable of performing Network Address Translation (NAT). It shall be able to hide Internet addresses of internal

Private & Confidential

Page 168 of 245

TA4451-TAJ

Final Report

December 2006

machines and ensure access to external networks through a single IP address.

3

4

Final Release

(xiii)

It shall have H323 NAT Traversal support.

(xiv)

Firewall throughput of 150Mbps and above

(xv)

Concurrent session of 50,000

(xvi)

IPSec VPN peers sessions of 250

Switch (i)

At least 24 of 10/100/1000 Base-T ports

(ii)

The switch device shall have minimum 12 Gbps non-blocking switch fabrics and 1.8 Mpps wire-speed switching throughput value.

(iii)

There shall be VLAN support.

(iv)

It shall be manageable.

(v)

It shall have 802.3ad Link aggregation feature.

(vi)

It shall/should be managed with a web based management console.

(vii)

IPv6 routing support shall be provided natively.

VPN (i)

The VPN to be offered shall be separate package or server or card based and it shall be offered redundant.

(ii)

In case of the VPN to be offered as package or server based; it shall have power source spare.

(iii)

The specifications of the VPN package shall be specified in detail.

(iv)

That the encryption operations are performed with Hardware Crypto Accelerator cards shall be a matter of preference.

(v)

The VPN solution to be proposed shall support at least 2000 siteto-site tunnels and the maximum client-to-site tunnel supported shall be stated.

(vi)

The throughput value for the packages been encrypted with DES in the VPN or with one or more package shall be minimum 145 Mbps.

(vii)

Packet encryption with DES, 3DES, AES algorithms shall be possible.

Private & Confidential

Page 169 of 245

TA4451-TAJ

D.

Final Report

December 2006

(viii)

It shall support IPSec standards. Supported IPSec identity verification methods shall be stated. (SHA-1, MD5, PKI, SCEP (Automated certificate enrollment), OCSP (Online Certificate Status Protocol ) etc.).

(ix)

Software/hardware required for the management of VPN packages shall be included in the proposal and for this software/hardware, pricing per site/client shall not be made.

(x)

Remote connections and LAN-to–LAN connections shall be monitored on the monitoring screen.

(xi)

Even if there is a device performing NAT in between, in order for IPSec not to break, NAT transparency shall be ensured through TCP or UDP encapsulation.

(xii)

All tunneling operations to be made on VPN shall be made on network layer.

Border Posts 1.

2.

Final Release

Router (i)

The router shall have the relevant WAN connection. For border post with leased line connection, the router shall support serial connection. For those with ADSL connection, the router should have the interface to provide the connection.

(ii)

The router shall support operation between 100 – 240V AC or -24V to 60VDC

(iii)

The router shall have at least 2 numbers of 10/100/1000 Mbps Ethernet ports

(iv)

The router shall be manageable by TELNET, Console and graphic user interface.

(v)

The router device shall support Layer 2 and Layer 3 protocols as well as ARP, IPCP, IP forwarding, IP host, IP multicast, TCP, Telnet, TFTP, UDP, transparent bridging, VLAN.

(vi)

Can have integrated firewall feature.

Firewall (i)

Shall have a minimum of 2 x 10/100 Base-T Ethernet ports

(ii)

Minimum throughput of 50Mbps

(iii)

The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)

Private & Confidential

Page 170 of 245

TA4451-TAJ

3.

Final Report

December 2006

(iv)

There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site to site VPN support on the firewall.

(v)

Logging and monitoring features

Switch (i)

At least 24 of 10/100/1000 Base-T ports

(ii)

The switch device shall have minimum 12 Gbps non-blocking switch fabrics and 1.8 Mpps wire-speed switching throughput value.

(iii)

There shall be VLAN support.

(iv)

It shall be manageable.

(v)

It shall have 802.3ad Link aggregation feature.

(vi)

It shall/should be managed with a web based management console.

VPN Client

Final Release

(i)

Support for Windows 98, NT 4.0, 2000, XP, and ME; Linux (Intel); Solaris (UltraSparc 32- and 64-bit); and Mac OS X 10.2, 10.3, and 10.4.

(ii)

Integrated with personal firewall.

(iii)

Can be preconfigured for mass deployment.

(iv)

VPN access policies can be downloaded from the central VPN appliance and pushed to the client

(v)

Support tunneling protocols, including ESP, PPTP, L2TP/IPSec, Network Address Translation (NAT), Transparent IPsec, Ratified IPsec/UDP, IPsec/TCP

(vi)

Support encryption/Authentication protocols, including IPsec (ESP) using Data Encryption Standard (DES)/Triple DES (3DES) (56/168-bit) or AES (128/256-bit) with MD5 or SHA

(vii)

Support key management protocols, including Internet Key Exchange (IKE)-Aggressive and Main Mode (Digital certificates) Diffie-Hellman (DH) Groups 1, 2, and 5 Perfect Forward Secrecy (PFS) Rekeying.

(viii)

Support Data compression

(ix)

Support digital certificates

Private & Confidential

Page 171 of 245

TA4451-TAJ

Final Release

Final Report

December 2006

(x)

Support authentication protocols, including RADIUS, Keberos, Active Directory, Microsoft NT domain.

(xi)

Provide support for Domain Name System (DNS) including DDNS/DHCP computer name population, Split DNS, Windows Internet Name Service (WINS), and IP address assignment

Private & Confidential

Page 172 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX G PROCESSES FOR SOFTWARE DEVELOPMENT & QUALITY ASSURANCE

Final Release

Private & Confidential

Page 173 of 245

TA4451-TAJ

APPENDIX G.

Final Report

December 2006

PROCESSES FOR SOFTWARE DEVELOPMENT AND QA

A.

Processes

1

The table shows the processes and its deliverables and the quality assurance (QA) records.

S/no 1

2

3

Process Products Requirements Development • Software and Management Requirement Specifications • Software Requirements Traceability Matrix Software Design Design Specifications • System Architecture Design • High level Design • Detailed Design Software Coding



Program Specifications

• •

4

Software Testing

Unit Test plan, Unit Test specifications • Unit test results Test plan, test specifications, test scripts, test results – • • • •

5

Software Release and System Commissioning

• • • •

6

Project Management

Final Release

Quality records Review records Requirement Specifications

of

Review records of Design specifications

Code review report

Review records of Unit Test plan and specifications Review records for test plan, specifications and scripts

Integration Testing System Testing Quality Assurance Testing User Acceptance Testing Implementation Plan User manual System Operations manual Post implementation review report

Project Management Plan

Private & Confidential

Review records of Implementation plan and manuals Customer acceptance of the product

Review project plan

records of management

Page 174 of 245

TA4451-TAJ

Final Report

December 2006

7

Software Configuration

Change Software Configuration Plan

Change Review records of Software Change Configuration Plan

8

Software Management

Change Change Requests

Change Requests are approved by CCB. Functional Configuration Audit report

9

B.

Software Quality Assurance

Quality Assurance Plan

Physical Configuration Audit report Software Quality Assurance audit report

Development Processes

1

Requirements Development and Management

2

The goal of Requirements Development is to aid human understanding of the systems and the problem domain. Requirements represent “what” the Customer needs in the end product. This process element focuses on discovering and understanding the requirements allocated to software, after which the Software Design process can start.

3

This process element does requirements analysis and reviews and a software requirements specifications (SRS) is produced. Besides the functional requirements, the SRS should also include interface, performance and security requirements.

4

The initial baseline for requirements is established after the sign-off of the SRS from the customer. When there are some new requirements or changes to the existing requirements, the process of Software Change Management is applied.

5

To manage requirements, it is essential to produce a software requirements traceability matrix that ensures that the all requirements are taken care of in the final design and the software product.

Final Release

Private & Confidential

Page 175 of 245

TA4451-TAJ

2 6

Final Report

December 2006

Software Design

The goal of Design is to generate a description of “how” to synthesize software that behaves in accordance with the requirements analysis models and meets all the system requirements. This process element helps create the program specification through a two or more step transformation of the requirements into a high level design, and subsequently into a detailed design.

System Design Application Design

Architectural High

Level

Describes the high level structure of the system that includes the external components to be used. • Also called as Application Architectural Design, Application High Level Design makes use of SRS to decompose the system into sub systems and subsystems for ease of development and to make the system easily maintainable. •

Application High Level Design Documents includes the following: o o

Detailed Design

Component Diagram Deployment Diagram

Refers to the following Detailed Design Documents: o o o o o o o

Sequence Diagrams Program Specification Class Diagrams Database Design Specifications Use Interface Design Message Specifications File Specifications

Table 1: Documents used in Design

3 7

Coding is the conversion of the detailed design specifications into testable code. It also involves verification and validation activities such as code reviews/inspection and unit testing.

4 8

Software Coding

Software Testing

Software Testing involves verifying and validating the code generated against the project requirements. Integration and System testing is performed according to Test Plans and Test Specifications, and any problems identified are fixed. During testing, defects found are logged and managed until is closed. Software Testing also includes Security Testing such as penetration test on network and application,

Final Release

Private & Confidential

Page 176 of 245

TA4451-TAJ

Final Report

vulnerability test on system and security mechanisms.

5

December 2006

port scans to determine the effectiveness of

Software Release and System Commissioning

9

The procedure is intended to identify important activities to be performed in order to for the System to go live in production. It also includes releasing the software and the associated documentation to the customer. An implementation plan is produced and includes pre-implementation activities such as user training, preparing release notice, data migration and ensuring the production environment is ready.

10

The process also includes post implementation review to include analysis of project success or failure and process effectiveness, and archiving such information for future use. The lessons learned from the project experience are also formally documented.

C.

Support Processes 1

Project Management

11

The Project Management element addresses the mechanism of executing the project within the constraints imposed by the Customer.

12

The process starts with planning where a workable scheme to accomplish the business need that the project was undertaken to address is devised and maintained. It involves core activities such as: (i) (ii) (iii) (iv) (v) (vi) (vii) (viii) (ix)

Scope planning and definition; Activity definition and sequencing; Estimation; Schedule development; Resource planning; Quality planning; Staff acquisition; Communications planning; Risk identification, assessment and management

13

The Project Plan provides the basis for performing and managing the project’s activities and addresses the commitment to the customer according to the resources, constraints, and capabilities of the project. The plan is then carried out by coordinating people and other resources to perform the activities included therein.

14

To ensure that project objectives are met, software activities and progress are monitored and measured and corrective actions are taken when necessary. These actions include revising the Project Plan to reflect the actual accomplishments and re-planning the remaining work or taking actions to improve the performance.

Final Release

Private & Confidential

Page 177 of 245

TA4451-TAJ

2

Final Report

December 2006

Software Configuration Management

15

The Configuration Management element provides a repository to effectively monitor the software work products and ensure that changes to these work products that occur during the project life cycle are systematically controlled.

16

This process element consists of a set of activities performed to identify and organize software items at given points in time, systematically controlling their modifications, and maintaining the integrity and traceability of the software items throughout the software life cycle. The software items that are placed under a formal configuration management include software products that are delivered to customer (e.g., Software Requirements Specification and the code) and the items that are identified with to create these software products (e.g., Compiler). There is proper versioning control for all artifacts of the application software.

3

Software Quality Assurance

17

The Software Quality Assurance element involves reviewing and auditing the software projects and its activities to verify that they comply with Software Development Processes, and providing the project teams and appropriate managers with the results of these reviews and audits. A Software Quality Assurance Representative (SQAR) shall be appointed at the beginning of the project to work with the project teams during its early stages to establish plans, standards and processes that will add value to the project and satisfy both the constraints of the project and policies.

18

The SQA Representative ensures that: (i)

Software development activities are carried out in accordance with the applicable procedures and standards;

(ii)

Software work products are implemented according to the designated procedures, standards and contractual agreements.

19

All SQA activities to be carried out in the project such as reviews, audits, or interim assessments are spelled out in the Quality Assurance Plan. Standards and other components to manage SQA activities are also addressed.

20

SQA Representative shall also carry out the following configuration audits to project: (i)

Functional Configuration Audit To check that the product conforms to its currently approved requirements

(ii)

Physical Configuration Audit To check that all the configuration items listed in the Software Configuration Management Plan are present. To check that the status accounting information is maintained.

Final Release

Private & Confidential

Page 178 of 245

TA4451-TAJ

Final Report

December 2006

To check that there is consistency with the status of the configuration items

4

Peer Review

21

The Peer Review element examines the software work products in order to detect error as close to the source of injection as possible, thereby helping prevent a fan-out effect in the entire software development project.

22

This process element involves a disciplined examination of software product by the author’s (or producer’s) peers known as peer review team to identify defects and areas where changes are needed. The specific software work products that will undergo a peer review are identified and scheduled as part of the project planning activities.

23

Peer review should look for security related problems like logic problems such as algorithms that perform unforeseen functions such as opening other means of communication and boundary errors that could result in buffer overflows.

5 24

Software Change Management

The Software Change Management Process is intended to manage and control changes on the software requirements so that the affected project plans, work items, and activities are adjusted to remain consistent with the updated requirements. Change Request is raised using a Change Request Form. A change request log is maintained to keep track of all the change requests. A Change Request is then analyzed by a board (Software Change Control Board – SCCB) that is comprised of users’ representative and Project Manager. The SCCB takes the decision to approve or reject the Change Request based on the impact analysis done. Change Control shall also ensure that any configuration changes taking place in software will not adversely affect the security of the system.

Final Release

Private & Confidential

Page 179 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX H TESTING PHASES

Final Release

Private & Confidential

Page 180 of 245

TA4451-TAJ

Final Report

APPENDIX H.

December 2006

TESTING PHASES

A.

Testing Phases

25

In order to ensure that the software product is relatively free of detects, it is necessary to adopt a phased approach to software testing.

Figure 1: Testing Phases

26

As shown in the figure 1, there are four testing phases in the development life cycle prior to User Acceptance Testing.

27

Software testing begins with unit testing of the smallest individual component - class or procedural functions. This is followed by integration testing of components and is done incrementally till all components are integrated. This is then followed by system testing of the entire suit of components that comprises the system.

Final Release

Private & Confidential

Page 181 of 245

TA4451-TAJ

1 28

Final Report

Unit Testing

Unit Testing is the testing of the smallest component software that can be compiled and executed which refers to the class or procedural function. The testing approach should comprise primarily of white-box testing and some black box testing. (i) (ii) (iii) (iv) (v) (vi) (vii) (viii)

2 29

Integration Testing

System Testing

System Testing involves testing of every function of a system or application to ensure it complies with the relevant functional requirements. It shall involve testing of software components that have been distributed across multiple platforms (e.g. client, web server, application server, database server) to produce failures caused by system integration defects.

4

Functional Testing (i) (ii) (iii)

5 31

All classes and procedural functions are to be tested. For white-box testing, the coverage should include: Statement coverage (for simple classes or functions) Branch coverage (for average classes or functions) Path coverage (for complex, error prone classes or functions) Loop testing (check for boundaries and infinite loops) Exception testing Boundary testing (for all inputs or derived values)

The integration testing is conducted after components have gone through successful unit testing. The purpose is to allow progressively larger group of tested software components of the architectural design to be integrated and tested until the software interfaces and interactions between groups of components work as a whole as subsystems and to check for consistency between subsystems before proceeding to System Testing phase. Test should include each interface between software components including in-house or third party components.

3 30

December 2006

All work flows and use case paths are to be tested. All input values are to be tested at boundaries. Perform negative test to ensure system can handle invalid data and the pre condition is not satisfied. Exception handling has to be tested.

Graphical User Interface Testing

The complete system is tested to ensure that it complies with the User Interface Guide for Windows and Web Applications and the requirement specifications.

Final Release

Private & Confidential

Page 182 of 245

TA4451-TAJ

6 32

Memory leak

Recovery Testing

Recovery Testing is used to ensure that operations can be continued after a disaster. The testing include whether adequate backup data is preserved and stored in a secure location and recovery procedures are documented. 10

36

Load and Performance Testing

Program bugs may cause memory leak. Running the application continuously and monitoring the memory usage using memory leak tool test the system.

9 35

Configuration Testing

The system is to be subjected to maximum work load as would be expected in the production environment or as defined in the contract, to test the response time is within acceptable level.

8 34

Security Testing

Penetration tests are used to uncover any vulnerability in the system. The tests include: (i) (ii) (iii) (iv) (v) (vi)

11 37

December 2006

The system is to be tested against the different configuration - such as operating systems, databases, and computer hardware to ensure that the system is producing the same behavior for all configurations. This will involve testing several combinations of variables.

7 33

Final Report

Buffer overflow SQL injection Cross-site scripting Brute force Session Hijacking Cookie manipulation

Regression Testing

Changes in component may induce a failure because of the incompatibility, side effect, or undesirable feature interaction. Revise the test cases and rerun the baseline test suite. A change impact analysis to assess the regression test suite e.g. given one or more classes of objects that have been changed, derived the set of components whose test cases need to be included in the regression test.

Final Release

Private & Confidential

Page 183 of 245

TA4451-TAJ

12

Final Report

December 2006

Quality Assurance Testing

38

Quality Assurance Testing shall be conducted by an independent group of testers who will verify that the software product is relatively free from bugs before it is released for User Acceptance Testing or production migration. The team shall verify that the main functions and use case scenarios of the application are working. Quality Assurance testing will be able to detect bugs not caught by the developers and hence provide more confidence to customers on the quality of the software.

B.

User Acceptance Testing

39

The diagrammatic approach on user acceptance testing is depicted below: -

Functional Test Integration Test Business Flow Test Performance & Load Test Security Test

1

40

Function testing refers to the testing of user functions defined in the design specifications. This would involve mapping the user functions from the design specifications into test scripts and stating the user actions and data input and the expected results. The focus should be on frequently used user functions and on functions that will have a direct operation impact.

2 41

System Functional Test

System Integration Test

Integration testing is simply relating a collection of user functions to test that the results provided at each function supports the next function to be executed. Again, the test script in executing a collection of functions will have to be defined together with the expected results. Integration test will include testing of interfaces between subsystems and subsystems within system interface with other external systems are also to be tested to ensure interoperability with these systems.

Final Release

Private & Confidential

Page 184 of 245

TA4451-TAJ

3 42

December 2006

Business Flow Test

The business flow test should be done when the system has passed all functional and integration tests. The purpose of business flow test is to subject the system to the sequence by which the respective user groups are expected to carry out their designated work functions in the daily operations of Customs and should encompass end-to-end testing.

4 43

Final Report

Performance and Load Test

When the system delivered has passed functional testing, integration testing and business flow testing, the next step is to test the systems on the performance requirements as defined in the requirements specification. The purpose is to ensure that the system can meet the response time and can manage the load defined in requirements specification.

5

Security Test

44

This involves penetration testing to uncover any vulnerability in the system and ascertain the compliance of the system to the system security requirements.

C.

Data Migration Testing

45

User acceptance testing shall also encompass the data migration.

46

Data migration involves the mapping and transformation of data from the existing system to the new system’s databases. It shall be treated as a separate project with its own requirements management, software design, software coding, software testing and implementation phases and runs parallel and preferably slightly later with the core development project. This is to minimize rework should there be changes to the development work at a later stage.

47

The testing shall cover the data migration scripts and programs, which are developed, based on the data mapping requirement specifications and transformation rules. It shall also include the reports, user interface screens and logs developed for verification of data.

Final Release

Private & Confidential

Page 185 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX I SECURITY SPECIFICATIONS

Final Release

Private & Confidential

Page 186 of 245

TA4451-TAJ

Final Report

APPENDIX I. A.

December 2006

SECURITY SPECIFICATIONS

Security Architecture (i)

There shall be three level security layers in the UAIS corresponding to the DMZ zone, application zone and database zone.

(ii)

In the security layer at the first level, there shall be firewall, network based IPS/IDP, antivirus, SSL accelerator and SSL terminator and VPN functions.

(iii)

In the security layer at the second level, there shall be firewall and network based IPS/IDP.

(iv)

In the security layer at the third level, there shall be firewall and network based IPS/IDP.

(v)

The traffic coming to web servers over Intranet and extranet at first level security layer shall first pass through firewall, if the SSL or VPN traffic is different, then it shall be concluded in DMZ zones and shall be routed to IPS/IDS by again passing through the firewall. The traffic passing through the IPS/IDS shall then pass through the firewall (it shall be blocked if there is a harmful traffic) and arrive to the web servers. The whole traffic of the internal users shall also be checked with antivirus scanning. In case that the external users to upload file to the system, these shall also be checked with antivirus scanning.

(vi)

The traffic coming to second and third level security layer shall first pass through the firewall and then the IPS/IDP.

(vii)

Filters according to RFC 1918 and RFC 2827 shall be written to reduce the effects of the DoS attacks on the routers.

(viii)

The unnecessary services such as finger, echo, discard etc. running on the router shall be closed to reduce the effects of DoS attacks.

(ix)

DNS servers, antivirus servers, SSL and VPN terminators shall take place in different DMZ zones of first level security layer.

(x)

Web servers, ntp servers etc. (such as mail) shall take place at the back of first level security layer. These servers shall be located at different DMZ zones.

(xi)

Application servers shall take place at the back of second level security layer.

(xii)

Database servers and identity verification servers shall take place at the back of the third level security layer.

(xiii)

In the general operation principle of the system, the end users shall not establish a connection directly to servers located in the second and third levels and responding the requests coming from the internet shall be provided if the servers in the second level communicates with the servers in the third level (web server- application server- database server).

Final Release

Private & Confidential

Page 187 of 245

TA4451-TAJ

Final Report

December 2006

(xiv)

At the bottom of each security layer there shall be backbone switches redundant and load sharing.

(xv)

All network segments serving for different purposes and related to each other functionally shall be made with Layer 3 switches according to the solution. If load balancing is required, this shall be performed with load balancing switches that will be placed to this level and then the LAN structures shall be connected to the backbone switch structures, which are one upper layer.

(xvi)

System management servers shall be designed as a separate physical LAN.

(xvii)

The infrastructure and software designs of the UAIS shall be protected against known attack methods. The supplier shall eliminate the security defects that occur during the project and guarantee periods and shall take necessary measures against new attack methods.

(xviii) The hardware and software to be used shall ensure a secure environment for the information exchange.

B.

C.

System Security (i)

UAIS shall be capable of determining and getting rid of harmful codes that may change and delete the data in the system without permission and be defined by antivirus products such as viruses.

(ii)

There shall be host-based-IDP software on all servers of UAIS.

(iii)

The desktop and servers are loaded with antivirus software with the latest pattern.

Network Security (i)

Firewalls working redundant shall be offered for UAIS.

(ii)

Firewalls shall be package or card based. The products of two different manufacturers shall be used in the 1st layer and the solutions of any of these two different manufacturers shall be used in the second and the third layer.

(iii)

A three layered structure has been projected and the firewalls shall be physically positioned in each layer.

(iv)

In case that it is package or server based, it shall have power source spare.

(v)

All the traffic received from the Internet shall be directed to IDS/IPS after passing through the firewalls. The traffic shall be disconnected or forwarded by operating security policies of the firewall.

(vi)

There shall be a client to site VPN support on the firewall to be offered or on the offered VPN solution that it will work as integrated. Also, there shall be a site to site VPN support on the firewall.

Final Release

Private & Confidential

Page 188 of 245

TA4451-TAJ

Final Report

December 2006

(vii)

Whether the firewall has static packet filtering, dynamic packet filtering and proxy firewall feature shall be specified.

(viii)

The firewall shall be with an active-active load sharing or active-passive structure. If it is positioned in active-passive structure, the other firewall shall continue to work without loading the configurations back from any backup in case that the active firewall has become disabled.

(ix)

The hardware characteristics of the offered firewalls should be specified (CPU, RAM, session amount, disk capacity etc.)

(x)

Firewall shall support an unlimited number of users. No license shall be paid for the firewall on the basis of number of users.

(xi)

The firewall to be offered should have at least two of TSE ISO 15408, Common Criteria Evaluation Assurance Level 4 (EAL4), FIPS 140-1 Level 2, ICSA, ITSEC E3, VPNC certificates.

(xii)

The concurrent session amount on the firewall shall be minimum 250,000.

(xiii)

The throughput of the firewall must be minimum 4 Gbps. If this traffic value cannot be established with a single package, using more than one package shall provide it.

(xiv)

The firewall to be proposed shall have security support for applications in various categories (business applications, VoIP etc.).

(xv)

Access inspection shall be possible according to stateful inspection on the packets coming and going between the target and the source.

(xvi)

It shall be able to limit the number of premature connections in order to decrease the effects of DoS and DDoS attacks.

(xvii)

It shall have port hiding support without changing the activation characteristics of the open TCP/UDP ports belonging to systems protected by the firewall.

(xviii) It shall be capable of performing identity verification server over the external database, to the systems which if provide security to the one who require to access services such as Radius, TACACS, SecureID, LDAP etc. (xix)

It shall be capable of performing Network Address Translation (NAT). It shall be able to hide Internet addresses of internal machines and ensure access to external networks through a single IP address.

(xx)

It shall be capable of performing Port Address Transformation (PAT).

(xxi)

It shall have H323 NAT Traversal support.

(xxii)

Classification for Host, protocol and services shall be possible.

Final Release

Private & Confidential

Page 189 of 245

TA4451-TAJ

D.

E.

F.

Final Report

December 2006

Logging and Monitoring Features of the Firewall (i)

Real-time analysis shall be possible. Characteristics of analysis and logging shall be stated in detail. Detailed search and examination on log files that are kept shall be possible.

(ii)

It is required that the log files kept are understandable and software that will report these log files (on an hourly, daily, weekly, monthly basis) shall be given.

(iii)

There shall be the possibility of monitoring the connections that are established at any time as online. The log shall send the logs to central logging server.

(iv)

The operator should block any connection and this blockage information should be distributed to all the firewalls.

(v)

Reporting and analysis capabilities of the firewall shall be stated in detail.

(vi)

For the examination of the demands that come to the systems protected by the firewall, it shall keep a detailed log related with its connections such as HTTP, SMTP and FTP.

(vii)

It shall be capable of warning via e-mail or SMS when an attack is caught.

(viii)

It shall ensured that the logs generated by the firewalls are archived automatically to the log server by the firewall.

High Availability Feature on the Firewall (i)

Firewall system shall definitely not cause packet loss.

(ii)

It shall have Stateful failover feature.

(iii)

It shall be capable of determining hardware errors and sending alerts.

(iv)

It shall be capable of observing connection statuses. It shall be able to interfere when required and it shall allow manual interference.

(v)

Firewall machines shall be configured in such a way that they will work as synchronized with firewall machines of the same kind. When required, in the event that one of them collapses, the other shall automatically undertake all its connections (Automatic transfer of H323 and VPN sessions shall be a matter of preference). For this collaborative operation, a separate license or an additional device shall not be required.

System Management Features of the Firewall (i)

Final Release

Along with secure connection over GUI (HTTPS etc.), all kinds of operation and configuration support shall be found.

Private & Confidential

Page 190 of 245

TA4451-TAJ

G.

Final Report

December 2006

(ii)

Configuration support along with CLI shall be found.

(iii)

Support for manageability with SSH shall be found.

(iv)

All firewall machines to be used to form the solution shall be manageable from a single center. It shall be possible to load subsystems, patches and licenses to all firewall machines in a distributed structure from a single center when required.

(v)

Managers with different authorizations level shall be identified and the upper limit for this number shall be stated.

(vi)

Detailed monitoring on system status shall be possible; it shall be possible to monitor information such as firewall version, RAM, CPU use, number of sessions etc. Whether the capability of receiving alerts and alarms when the verge limits are exceeded.

Network Based Active Defense System

Final Release

(i)

IDS/IPS2s shall be package or card based. The products of two different manufacturers shall be used in the 1st layer and the solutions of any of these two different manufacturers shall be used in the second and the third layer.

(ii)

Signature updates shall be automatically performed from the Internet and the sensors shall be downloaded automatically.

(iii)

The IDS/IPS to be offered shall have minimum the following characteristics. The Tenderer shall offer products with higher characteristics.

(iv)

The Tenderer shall offer sufficient amount of device by considering that the firewall throughput has been requested as 330 Mbps and that the IDS/IPS’s will work as in-line.

(v)

In case that it is package or server based, it shall have power source spare.

(vi)

IDS/IPS shall work as in-line if requested.

(vii)

TCP reset or blocking should be applied for suspicious packages, whether Trojan or not, passing through any standard port such as HTTP port which has to be open.

(viii)

New policies should be defined in IDS/IPS and attack definition automatically and manually should be performed.

(ix)

It should send an alarm to the console in case of an attack (with SNMP or its own protocol), monitor the active session, perform reporting, log the packages coming from the attack points.

(x)

For the known attacks such as Syn attack, ICMP flood, port scan, tear_drop, it should be capable of disconnecting TCP connection by Private & Confidential

Page 191 of 245

TA4451-TAJ

Final Report

December 2006

reducing the package when the attack is received and should send an alarm to the system administrator with e-mail, SNMP or syslog. (xi)

It shall have fail-open (automatic by-pass) feature.

(xii)

It shall work according to the attack signature and protocol/application anomalies determination essential (Hybrid mode). While working according to the protocol/application anomalies determination essential; it should monitor the traffic as stateful and it should perform IP defragmentation, combining of TCP traffic (stream reassembly), protocol analysis and parsing, asymmetric traffic analysis and protocol normalization.

(xiii)

It should determine Unicode and Whisker attacks.

(xiv)

The following attacks should be determined and prevented: o o o o o o o o o o o o o o o

H.

Sweep and flood DoS Worm-virus CGI and WWW attacks Buffer floods RPC attacks ICMP attacks E-mail attacks such as SMTP, IMAP, POP3 FTP, SSH, Telnet, rlogin attacks DNS attacks TCP hijack attacks Back office and similar backdoor attacks Windows and NetBIOS attacks NTP attacks P2P file sharing applications

(xv)

There should be SSL, SSH support for secure communication with the management subsystem, the attack defining packages should be sent to the management center by being encrypted.

(xvi)

When an attack is performed, it shall have the “Forensic” data collection feature that ensures the collection of the proofs assisting in the commencement of a legal process by determining the source, type, size and the access area of the attack.

Host Based Active Defense System

Final Release

(i)

For all servers to take part in the system, server based IDS shall be taken.

(ii)

Server based IDS shall bring a maximum CPU load of 5% to the server on which it will be installed.

(iii)

When it is disconnected with the central management and log server, it shall be capable of keeping the logs related with the stream it has monitored until the connection is restored. Private & Confidential

Page 192 of 245

TA4451-TAJ

I.

Final Report

December 2006

(iv)

Its communication with the central management unit shall be realized in a secure environment (SSL, SSH, etc.). All the data flow between those two shall be ensured with encryption.

(v)

It shall monitor incidents related with the Operation System, and be capable of checking unauthorized access and activities to the system by examining the operation system logs.

(vi)

All host based agents shall be controllable and updateable from a single point.

(vii)

It shall be capable of forming rule based policies.

(viii)

It shall not cause interruption in the services running on the servers in any way.

(ix)

It shall be capable of stopping unknown attacks, worms and viruses with zero updating.

(x)

It shall identify and prevent TCP packets that are created for attack purposes and that do not comply with the standards.

(xi)

It shall inspect file, network and registry access.

(xii)

It shall ensure protection against e-mail worms.

(xiii)

It shall be capable preventing the buffer floods.

(xiv)

It shall be capable of preventing key-loggers.

Secure Socket Layers (SSL)

Final Release

(i)

SSL technology shall be used for secure and reliable performance of transactions over UAIS using browsers.

(ii)

It shall be server or package or card based and the devices shall be offered as they will work redundant.

(iii)

In case of the SSL device to be offered as package or server based; it shall have power source spare.

(iv)

Software and devices required for the existence of SSL certificates on the Custom Gateway servers shall be included in the proposal.

(v)

Asymmetric encryption technology (public and private key) shall be used and the minimum key size shall be 1024 bits.

(vi)

Encryption process shall be performed with hardware crypto cards.

(vii)

Symmetric encryption of minimum 128 bits shall be made.

Private & Confidential

Page 193 of 245

TA4451-TAJ

J.

K.

Final Report

(viii)

It shall have command line support (CLI).

(ix)

It shall have management through Web interface.

December 2006

Virtual Private Network (VPN) (i)

The VPN to be offered shall be separate package or server or card based and it shall be offered redundant.

(ii)

In case of the VPN to be offered as package or server based; it shall have power source spare.

(iii)

The specifications of the VPN package shall be specified in detail.

(iv)

That the encryption operations are performed with Hardware Crypto Accelerator cards shall be preferable.

(v)

The VPN solution to be proposed shall support at least 2000 site-to-site tunnels and the maximum client-to-site tunnel supported shall be stated.

(vi)

The throughput value for the packages that have been encrypted with 3DES in the VPN or with one or more package shall be minimum 145 Mbps.

(vii)

Packet encryption with standard algorithms such as 3DES, and AES shall be possible.

(viii)

It shall support IPSec standards. Supported IPSec identity verification methods shall be stated, such as SHA-1, MD5, PKI, SCEP (Automated certificate enrollment), OCSP (Online Certificate Status Protocol ).

(ix)

Software/hardware required for the management of VPN packages shall be included in the proposal and for this software/hardware, pricing per site/client shall not be made.

(x)

Remote connections and LAN-to–LAN connections shall be monitored on the monitoring screen.

(xi)

Even if there is a device performing NAT in between, in order for IPSec not to break, NAT transparency shall be ensured through TCP or UDP encapsulation.

(xii)

All tunneling operations to be made on VPN shall be made on network layer.

Antivirus

Final Release

(i)

Antivirus systems running in gateway structure for giving services to the internal users and antivirus running of servers to prevent attack.

(ii)

Anti-Virus solution shall have an appliance/server structure.

Private & Confidential

Page 194 of 245

TA4451-TAJ

Final Release

Final Report

December 2006

(iii)

The antivirus products to be offered shall be capable of scanning all the traffic of the internal users (HTTP, POP3, SMTP, etc.). It shall be scanned after the SSL traffic is terminated on the SSL terminators.

(iv)

Antivirus system shall scan the HTTP traffic of the internal users.

(v)

Anti virus system shall be designed in a way that it will work continuously (redundant)

(vi)

It shall have anti-relay, anti-spam, anti-spoof, anti-bombing and alarm mechanisms.

(vii)

Determination and blocking of file types shall be performed not only according to their extensions but also according to real file types.

(viii)

Anti-virus system shall be updated at the determined time intervals.

(ix)

It shall be able to determine worms, Trojans and hoaxes and to perform operations defined by the administrator.

(x)

It shall be capable of scanning and blocking HTML Script, VBScript based viruses and harmful Java Applets.

(xi)

It shall be easily manageable with Web interface (with https) and/or management console.

(xii)

When a virus is found, it shall be capable of sending a warning e-mail and/or SMS to the system administrator and a warning e-mail to the sender and receiver of the message.

(xiii)

It shall be capable of scanning archive files (zip, arj, rar, lha, lhz, ace, cab, tar, vb), exe files, embedded files and e-mail attachments by going down to the deepest archive level. What kind of a precaution is taken against files on which archiving has been made many times in order to perform attacks shall be stated.

Private & Confidential

Page 195 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX J COST ESTIMATES OF UAIS

Final Release

Private & Confidential

Page 196 of 245

TA4451-TAJ

Final Report

APPENDIX J. A.

December 2006

COST ESTIMATES OF UAIS

Data Centre Cost Estimate Location

Data Centre

Type Equipment

Telecommunication

Final Release

Items

Quantity

Unit Cost (USD)

Cost (USD)

Web Server and Java web server software

2

19,200

38,400

Application Server and Weblogic software

2

85,200

170,400

Database Server and Oracle software

2

145,000

290,000

Development server and software Storage Disks -

2 2

19,200 78,000

38,400 156,000

Backup server and software Mail server and Microsoft Exchange software PC UPS Anti-Virus Printer Web Portal Router - leased line Router - ADSL line DR-router Firewall 1st tier Firewall 2nd tier Firewall 3rd tier Firewall (Standalone) IPS Core Switches Edge Switches

1

16,625

16,625

2 6 6 6 2 1 1 1 1 6 2 6 2 5 2 6

24,000 800 100 45 350 50,000 25,500 14,000 1,800 20,000 35,000 20,000 10,000 20,000 92,000 1,000

48,000 4,800 600 270 700 50,000 25,500 14,000 1,800 120,000 70,000 120,000 20,000 100,000 184,000 6,000

Private & Confidential

Page 197 of 245

TA4451-TAJ

Final Report

Load Balancer Remote Access Server VPN Setup Data Centre

6 1 2

11,000 16,000 3,000

66,000 16,000 6,000

1 2 lot 200 m2 lot lot

21,000 17,500 18,000 24,000 36,000 6,000

21,000 35,000 18,000 24,000 36,000 6,000

Security Access System- CCTV, Intercom

lot

6,000

6,000

EMS System - autopaging and sensors

lot

6,000

6,000

Building works- partition, doors, false ceiling

lot

18,000

18,000 1,733,495

UPS 30 kva, 30 mins battery backup AirCon Electrical works Raised floor system FM 200 Gas suppression Water Detection System

Subtotal for Data Centre

Final Release

December 2006

Private & Confidential

Page 198 of 245

TA4451-TAJ

B.

Final Report

December 2006

Disaster Recovery Cost Estimate Location

DR site

Type Equipment

Communication

Setup DR site

Items

Quantity

Web Server and Software Application Server and Software Database Server and software Storage Disks Internet Router DR router Firewall VPN IPS Core Switches Edge Switches

Cost (USD)

1 1 1 2 1 1 3 1 4 1 3

19,200 85,000 145,000 78,000 26,000 1,800 9,000 3,000 12,000 57,000 1,000

19,200 85,000 145,000 156,000 26,000 1,800 27,000 3,000 48,000 57,000 3,000

1 2 lot 100 m2 lot lot lot

21,000 17,500 9,000 12,000 36,000 6,000 6,000

21,000 35,000 9,000 12,000 36,000 6,000 6,000

EMS System - autopaging and sensors

lot

6,000

6,000

Building works- partition, doors, false ceiling

lot

9,000

9,000

UPS 30 kva, 30 mins battery backup AirCon Electrical works Raised floor system FM 200 Gas suppression Water Detection System Security Access System- CCTV, Intercom

Subtotal for Disaster Recovery Centre

Final Release

Unit Cost (USD)

711,000

Private & Confidential

Page 199 of 245

TA4451-TAJ

C.

Final Report

December 2006

Customs HQ Cost Estimates HEADQUARTERS COSTS Systems

Division/InterDivision

Ref

Systems Totals (US$)

Comms Totals (US$)

Server #

Unit Costs→

UPS

Cost (US$)

#

5,000

Laptop

Cost (US$)

#

500

PCs

Cost (US$)

#

1,500

Comms

UPS

Cost (US$)

#

800

Anti-Virus

Cost (US$)

#

100

Printer

Cost (US$)

#

45

Cost (US$)

Photocopier Cost # (US$)

100

700

Scanner

Cost (US$)

#

350

Mobile #

Cost (US$) 365

Management

1

Chief of Customs Department

2

Deputy Chiefs Management Totals

0

0

0

0

1

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

1,895

0

0

0

0

0

1

1,500

0

0

0

0

1

45

1

350

0

0

0

0

0

0

2,095

0

0

0

0

0

0

0

1

800

1

100

1

45

1

350

1

100

1

700

0

0

0

0

0

0

2

3,000

5

4,000

5

500

5

225

5

1,750

1

100

1

700

2

730

10,275

730 0

0

0

0

1

1,500

15

12,000

15

1,500

16

720

5

1,750

1

100

1

700

0

0

0

0

0

0

0

0

6

4,800

6

600

6

270

6

2,100

1

100

1

700

9

3,285

0

0

0

0

2

3,000

15

12,000

16

1,600

18

810

14

4,900

4

400

1

700

0

0

0

0

0

0

0

0

4

3,200

4

400

2

90

2

700

0

0

1

700

1

365

0

0

0

0

5

7,500

46

36,800

47

4,700

48

2,160

33

11,550

8

800

6

4,200

12

4,380

1,895

0

0

1,500

0

0

0

0

1

45

1

350

0

0

0

0

0

0

CSD Divisions Internal Division

Control

3

Customs Division

Control

4

5

Tariff Regulations & Revenue Division

18,270

0

6

Anti-Smuggling & Customs Rules Division

8,570

3285

7

Statistics & Analysis Division

23,410

0

8

Central Laboratory

5,090

365

67,710

4,380

Customs

CSD Division Totals

Final Release

Private & Confidential

Page 200 of 245

TA4451-TAJ

Final Report

December 2006

Systems

Ref

Systems Totals (US$)

Division/InterDivision

Comms Totals (US$)

Server #

Unit Costs→

UPS

Cost (US$)

#

5,000

Laptop

Cost (US$)

#

500

PCs

Cost (US$)

#

1,500

Comms

UPS

Cost (US$)

#

800

Anti-Virus

Cost (US$)

#

100

Printer

Cost (US$)

#

45

Cost (US$)

Photocopier Cost # (US$)

100

700

Scanner

Cost (US$)

#

350

Mobile #

Cost (US$) 365

Shared Responsibility Divisions

9

Information Analytical Division

&

10

Training Institute (Separate Costings)

11

16,850

0

0

0

0

2

3,000

10

8,000

10

1,000

10

450

10

3,500

2

200

1

700

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

9

7,200

9

900

9

405

8

2,800

2

200

1

700

0

0

0

0

0

0

1

1,500

9

7,200

9

900

9

405

2

700

2

200

1

700

0

0

0

0

0

0

0

0

5

4,000

5

500

5

225

3

1,050

1

100

1

700

0

0

0

0

0

0

1

1,500

5

4,000

5

500

5

225

3

1,050

1

100

1

700

0

0

0

0

0

0

0

0

4

3,200

4

400

4

180

2

700

1

100

1

700

0

0

0

0

0

0

0

0

7

5,600

7

700

7

315

7

2,450

3

300

1

700

0

0

0

0

0

0

1

1,500

10

8,000

10

1,000

10

450

5

1,750

2

200

1

700

0

0

0

0

0

Staff Policy Division

12,205

0

12

Modernization/Reform Bureau

11,605

0

13

Improvement of Tax & Customs Policy

6,575

0

14

Legislation Division

8,075

0

15

Mass Media Division

5,280

0

16

International Cooperation Division

10,065

0

17

Finance & Economic Division

13,600

0

Shared Division Totals

84,255

0

0

0

0

0

5

7,500

59

47,200

59

5,900

59

2,655

40

14,000

14

1,400

8

5,600

0

0

HQ DIVISIONAL TOTALS

151,965

4,380

0

0

0

0

11

16,500

105

84,000

106

10,600

108

4,860

74

25,900

22

2,200

14

9,800

12

4,380

Final Release

Private & Confidential

Page 201 of 245

TA4451-TAJ

D.

Final Report

December 2006

Regional Offices and Post Equipment Cost Estimates

REGIONS & POSTS (Dushanbe) - SYSTEMS COSTS

Ref

Post

Code

Type

For

Systems Totals (US$)

Server

UPS

Laptop

#

Cost (US$)

4,300

1

500

0

4,300

1

500

0

#

Cost (US$)

51,730

1

51,730

1

#

PCs

Cost (US$)

UPS

#

Cost (US$)

#

Cost (US$)

0

43

34,400

43

0

43

34,400

43

Anti-Virus #

Cost (US$)

4,300

44

4,300

44

Printer #

Cost (US$)

1,980

15

1,980

15

Photocopier

Scanner #

Cost (US$)

#

Cost (US$)

5,250

3

300

1

700

5,250

3

300

1

700

DUSHANBE REGION Unit Costs→

Regional Office 1

Dept of Customs Control

76200

Regional Office Regional Office Totals

4,300

Unit Costs→

Posts

500

4,300

1,500

500

800

1,500

100

800

45

100

350

45

100

350

700

100

700

2

Dept of Strategic Customs Control in Dushanbe Airport

76202

Clearance

Air

15,655

1

4,300

1

500

0

0

8

6,400

8

800

9

405

9

3,150

1

100

0

0

3

Dushanbe 1

76203

Clearance

Rl+Mail

10,720

1

4,300

1

500

0

0

5

4,000

5

500

6

270

3

1,050

1

100

0

0

4

Dushanbe 2

76205

Clearance

Rail

10,720

1

4,300

1

500

0

0

5

4,000

5

500

6

270

3

1,050

1

100

0

0

5

Terminal

76206

Clearance

Road

10,620

1

4,300

1

500

0

0

5

4,000

5

500

6

270

3

1,050

0

0

0

0

76207

Clearance

Rail

10,620

1

4,300

1

500

0

0

5

4,000

5

500

6

270

3

1,050

0

0

0

0

76260

Clearance

Rail

3,535

0

0

0

0

0

0

3

2,400

3

300

3

135

2

700

0

0

0

0

Post

Road

6

Ainy

7/1

Kofarnigan Dept

7/2

Karamik

Customs

Posts Totals DUSHANBE REGIONAL TOTALS

Final Release

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

63,165

5

21,500

5

2,500

0

0

32

25,600

32

3,200

37

1,665

24

8,400

3

300

0

0

114,895

6

25,800

6

3,000

0

0

75

60,000

75

7,500

81

3,645

39

13,650

6

600

1

700

Private & Confidential

Page 202 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Khudjant) - SYSTEMS COSTS

Ref

Post

Code

Type

For

Systems Totals (US$)

Server #

UPS

Cost (US$)

#

Laptop

Cost (US$)

#

PCs

Cost (US$)

#

UPS

Cost (US$)

#

Anti-Virus

Cost (US$)

#

Cost (US$)

Printer #

Photocopier

Scanner

Cost (US$)

#

Cost (US$)

#

Cost (US$)

KHUDJANT REGION Unit Costs→

Regional Office 8

Dept of Customs Control

76210

Regional Office Regional Office Totals

Dept of Strategic Customs Control in Airport Khudjant

76212

Clearance

10/1

G.Rosulov (Proletar)

76215

10/2

Madaniyat

11/1

Asht Customs Post

11/2

Navbunjod

Post

11/3

Uzbek-Okjar

Post

12/1

Nouv Customs Dept

Clearance

Road

76216

76217

500

1,500

800

100

45

350

100

700

41,830

1

4,300

1

500

0

0

33

26,400

33

3,300

34

1,530

12

4,200

2

200

2

1,400

41,830

1

4,300

1

500

0

0

33

26,400

33

3,300

34

1,530

12

4,200

2

200

2

1,400

Unit Costs→

Posts 9

4,300

Air

2,690

Clearance

Rail

Post

Road

Clearance

Road

4,300

500

1,500

800

100

45

350

100

700

0

0

0

0

0

0

2

1,600

2

200

2

90

2

700

1

100

0

0

10,125

1

4,300

1

500

0

0

4

3,200

4

400

5

225

4

1,400

1

100

0

0

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

100

0

0

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

100

0

0

1

1

12/2

Nouv

Post

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

12/3

Plotina

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

12/4

Hashtjak

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

12/5

Farmon Kurgan

13/1

Mastchoh Customs Dept

13/2

Kuruksai

13/3

Fatehabad

14/1

Zafarabad Customs Dept

14/2

DEU-58

14/3

Zomin

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

14/4

Comsomol

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

15/1

Istravshan Customs Post

100

0

0

15/2

Havotag

0

0

0

Final Release

76218

76219

76220

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

Clearance

Road

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

Clearance

Road

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

Clearance

Road

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

Private & Confidential

1

1

1

0

0

0

100

0

0

0

0

0

0

0

0

100

0

0

0

0

0

Page 203 of 245

TA4451-TAJ

Ref

Final Report

Post

Code

Type

For

Server

December 2006

UPS

Laptop

PCs

UPS

Anti-Virus

Printer

Photocopier

Scanner

Systems Totals (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

1

100

0

0

KHUDJANT REGION (2) 16/1

Kanibadam Dept

16/2

Customs

Clearance

Rd+Rl

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

Kanibadam

Post

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

16/3

Patar

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

16/4

Ravat

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

17/1

Isfara Customs Dept

Clearance

Rd+Rl

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

100

0

0

17/2

Isfara-3

Post

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

17/3

Dahana

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

17/4

Batkent

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

17/5

Jakka Uruk

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

18/1

Pendjakent Dept

Clearance

Road

3,985

0

0

0

0

0

0

3

2,400

3

1

100

0

0

18/2

Sarazm

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

19/1

Khudjant Customs Dept

Clearance

Rd+Rl

11,420

1

4,300

1

500

0

0

5

4,000

5

500

6

270

5

1,750

1

100

0

0

19/2

Customs Legal Group

Clearance

Rd+Rl

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

19/3

Auchi Kalacha

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

Clearance

Road

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

1

100

0

0

86,000

2

8,600

2

1,000

0

0

58

46,400

58

5,800

60

2,700

58

20,300

12

1,200

0

0

127,830

3

12,900

3

1,500

0

0

91

72,800

91

9,100

94

4,230

70

24,500

14

1,400

2

1,400

20

Terminal

Customs

76221

76222

76223

76225

76226

Posts Totals KHUDJANT REGIONAL TOTALS

Final Release

Private & Confidential

0

0

0 300

0 3

135

3

1,050

1

Page 204 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Khatlon) - SYSTEMS COSTS

Ref

Post

Code

Type

For

Systems Totals (US$)

Server #

UPS

Cost (US$)

#

Laptop

Cost (US$)

#

PCs

Cost (US$)

UPS

#

Cost (US$)

Anti-Virus

#

Cost (US$)

#

Cost (US$)

Printer

Photocopier

Scanner

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

KHATLON REGION Unit Costs→

Regional Office 21

Dept of Customs Control

76230

Regional Office Regional Office Totals

500

1,500

800

100

45

350

100

700

1

4,300

1

500

0

0

25

20,000

25

2,500

26

1,170

9

3,150

3

300

1

700

32,620

1

4,300

1

500

0

0

25

20,000

25

2,500

26

1,170

9

3,150

3

300

1

700

Unit Costs→

Posts 22

4,300

32,620

4,300

500

1,500

800

100

45

350

100

700

Kurgan Tube

76233

Clearance

Rd+Rl

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

1

100

0

0

23/1

Shartuze Customs Dept

76234

Clearance

Road

2,690

0

0

0

0

0

0

2

1,600

2

200

2

90

2

700

1

100

0

0

23/2

Ajvadj

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

23/3

Hoshadi

Post

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

23/4

Iskra

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

23/5

Strategic Group NajzaBulok

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

24/1

Kulab Customs Dept

24/2

Airport Kulab

24/3

Kokul

25/1

Nijni Dept

25/2 25/3

76235

Clearance

Rd/Rl/A

2,690

0

0

0

0

0

0

2

1,600

2

200

2

90

2

700

1

100

0

0

76282

Clearance

Air

2,690

0

0

0

0

0

0

2

1,600

2

200

2

90

2

700

1

100

0

0

Post

River

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

76270

Clearance

River

10,720

1

4,300

1

500

0

0

5

4,000

5

500

6

270

3

1,050

100

0

0

Kolhozobad

76237

Clearance

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

Javan

76238

Clearance

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

25/4

Vahsh

76239

Clearance

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

25/5

Sargazan

76271

Clearance

Rail

2,590

0

0

0

0

0

0

2

1,600

2

200

2

90

2

700

0

0

0

34,430

1

4,300

1

500

0

0

23

18,400

23

2,300

24

1,080

21

7,350

5

500

0

0

67,050

2

8,600

2

1,000

0

0

48

38,400

48

4,800

50

2,250

30

10,500

8

800

1

700

Customs

Piange

Post

Customs

Terminal

Clearance

Posts Totals KHATLON REGIONAL TOTALS

Final Release

Private & Confidential

1

Page 205 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Badakhshon) - SYSTEMS COSTS

Ref

Post

Code

Type

For

Systems Totals (US$)

Server #

UPS

Cost (US$)

#

Laptop

Cost (US$)

#

PCs

Cost (US$)

#

UPS

Cost (US$)

#

Cost (US$)

Anti-Virus #

Cost (US$)

Printer #

Cost (US$)

Photocopier

Scanner #

Cost (US$)

#

Cost (US$)

BADAKHSHON REGION Unit Costs→

Regional Office 26/1

Dept of Control

Customs

76240

Regional Office Regional Office Totals

Tem

500

1,500

800

100

45

350

100

700

12,365

1

4,300

1

500

0

0

6

4,800

6

600

7

315

3

1,050

1

100

1

700

12,365

1

4,300

1

500

0

0

6

4,800

6

600

7

315

3

1,050

1

100

1

700

Unit Costs→

Posts 26/2

4,300

4,300

500

1,500

800

100

45

350

100

700

Post

Road

1,395

0

0

0

0

0

0

1

800

1

100

1

45

1

350

1

100

0

27

Darvaz

76241

Clearance

Road

1,395

0

0

0

0

0

0

1

800

1

100

1

45

1

350

1

100

0

0

28

Ishkashim

76242

Clearance

Road

1,395

0

0

0

0

0

0

1

800

1

100

1

45

1

350

1

100

0

0

29/1

Murgab Customs Dept

76243

Clearance

Road

3,985

0

0

0

0

0

0

3

2,400

3

300

3

135

3

1,050

1

100

0

0

29/2

Dept of Customs Control Terminal

Clearance

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

29/3

Kizil-Art

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

29/4

Kulma

Post

Road Posts Totals

BADAKHSHON REGIONAL SYSTEMS TOTALS

Final Release

0

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

12,055

0

0

0

0

0

0

9

7,200

9

900

9

405

9

3,150

4

400

0

0

24,420

1

4,300

1

500

0

0

15

12,000

15

1,500

16

720

12

4,200

5

500

1

700

Private & Confidential

Page 206 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Tursunzade) - SYSTEMS COSTS

Ref

Post

Code

Type

For

Systems Totals (US$)

Server #

UPS

Cost (US$)

#

Laptop

Cost (US$)

#

PCs

Cost (US$)

UPS

Cost (US$)

#

Anti-Virus

Cost (US$)

#

Printer

Cost (US$)

#

Cost (US$)

#

Photocopier

Scanner #

Cost (US$)

#

Cost (US$)

TURSUNZADE REGION Unit Costs→

Regional Office 30

Dept of Control

Customs

76250

Regional Office Regional Office Totals

Tajik Factory

32/1

Regar

32/2

Pahtaobad

Aluminium

76252 76253

Clearance

Rail

500

1,500

800

100

45

350

100

700

32,520

1

4,300

1

500

0

0

25

20,000

25

2,500

26

1,170

9

3,150

2

200

1

700

32,520

1

4,300

1

500

0

0

25

20,000

25

2,500

26

1,170

9

3,150

2

200

1

700

Unit Costs→

Posts 31

4,300

1,395

4,300 0

0

500 0

0

1,500 0

0

800 1

800

100 1

100

45 1

45

350 1

350

100 1

100

700 0

0

Clearance

Rail

2,590

0

0

0

0

0

0

2

1,600

2

200

2

90

2

700

0

0

0

0

Post

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

33

Shahrinav (Cheptura Station)

76254

Clearance

Rail

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

34/1

Gizar Customs Dept

76255

Clearance

Rail

9,775

1

4,300

1

500

0

0

4

3,200

4

400

5

225

3

1,050

1

100

0

0

34/2

Customs Terminal

76256

Clearance

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

Post

Road

2,690

0

0

0

0

0

0

2

1,600

2

200

2

90

2

700

1

100

0

0

Post

Road

1,395

0

0

0

0

0

0

1

800

1

100

1

45

1

350

1

100

0

0

Post

Road

1,295

0

0

0

0

0

0

1

800

1

100

1

45

1

350

0

0

0

0

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

23,025

1

4,300

1

500

0

0

14

11,200

14

1,400

15

675

13

4,550

4

400

0

0

55,545

2

8,600

2

1,000

0

0

39

31,200

39

3,900

41

1,845

22

7,700

6

600

1

700

171,065

5

21,500

5

2,500

0

0

132

105,600

132

13,200

137

6,165

48

16,800

11

1,100

6

4,200

218,675

9

38,700

9

4,500

0

0

136

108,800

136

13,600

145

6,525

125

43,750

28

2,800

0

0

389,740

14

60,200

14

7,000

0

0

268

214,400

268

26,800

282

12,690

173

60,550

39

3,900

6

4,200

35/1 35/2 35/3 35/4

Customs Post # 1 Bratstvo Customs Post # 3 Pravda Customs Post # 4 Mikojan Customs Post # 6 Komsomol /Namuna (Seasonal)

Posts Totals TURSUNZADE REGIONAL SYSTEMS TOTALS REGIONAL OFFICE SYSTEMS TOTALS POSTS SYSTEMS TOTALS REGIONS & POSTS SYSTEMS TOTALS

Final Release

Private & Confidential

Page 207 of 245

TA4451-TAJ

E.

Final Report

December 2006

Regional Offices and Posts Telecommunications Cost

REGIONS & POSTS (Dushanbe)- TELECOMMUNICATIONS COSTS

Ref

Post

Code

Type

For

Comms Totals (US$)

LAN #

Router

Cost (US$)

#

Switch

Cost (US$)

#

Firewall

Cost (US$)

#

IPS

Cost (US$)

#

Comms Mobile

VPN

Cost (US$)

#

Cost (US$)

#

Comms/ Stationary

Cost (US$)

#

Cost (US$)

DUSHANBE REGION Unit Costs→

Regional Office 1

Dept of Control

Customs

76200

Regional Office Regional Office Comms Totals

4,000

3,500

11,000

12,000

3,000

365

9,000

72,650

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

10

3,650

2

18,000

72,650

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

10

3,650

2

18,000

Unit Costs→

Posts

14,000

400

500

1,000

0

12,000

3,000

365

9,000

2

Dept of Strategic Customs Control in Dushanbe Airport

76202

Clearance

Air

3

Dushanbe 1

76203

Clearance

Rl+Mail

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

4

Dushanbe 2

76205

Clearance

Rail

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

5

Terminal

76206

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

6

26,470

1

400

1

500

1

1,000

1

0

0

0

0

0

18

6,570

2

18,000

Aini

76207

Clearance

Rail

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

7/1

Kofarnigan Customs Dept

76260

Clearance

Rail

12,360

1

400

1

500

1

1,000

1

0

0

0

0

0

4

1,460

1

9,000

7/2

Karamik

Post

Road Posts Comms Totals

DUSHANBE REGIONAL COMMS TOTALS

Final Release

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

95,810

6

2,400

6

3,000

6

6,000

6

0

0

0

0

0

34

12,410

8

72,000

168,460

7

6,400

7

17,000

8

13,000

7

11,000

1

12,000

1

3,000

44

16,060

10

90,000

Private & Confidential

Page 208 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Khudjant) - TELECOMMUNICATIONS COSTS

Ref

Post

Code

Type

For

Comms Totals (US$)

LAN #

Router

Cost (US$)

#

Switch

Cost (US$)

#

Firewall

Cost (US$)

#

IPS

Cost (US$)

#

Comms Mobile

VPN

Cost (US$)

#

Cost (US$)

#

Comms/ Stationary

Cost (US$)

#

Cost (US$)

KHUDJANT REGION Unit Costs→

Regional Office 8

Dept of Control

Customs

76210

Regional Office Regional Office Comms Totals

4,000

3,500

11,000

12,000

3,000

365

9,000

76,300

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

20

7,300

2

18,000

76,300

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

20

7,300

2

18,000

Unit Costs→

Posts

14,000

400

500

1,000

0

12,000

3,000

365

9,000

9

Dept of Strategic Customs Control in Airport Khudjant

76212

Clearance

Air

12,360

1

400

1

500

1

1,000

1

0

0

0

0

0

4

1,460

1

9,000

10/1

G.Rosulov (Proletar)

76215

Clearance

Rail

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

76216

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

10/2

Madaniyat

11/1

Asht Customs Post

11/2

Navbunjod

11/3

Uzbek-Okjar

12/1

Nouv Customs Dept

12/2

Nouv

76217

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

Post

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

3

0

1

9,000

1,095

1

9,000

0

1

9,000

12/3

Plotina

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

12/4

Hashtjak

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

12/5

Farmon Kurgan

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

13/1

Mastchoh Customs Dept

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

1,095

1

9,000

13/2

Kuruksai

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

13/3

Fatehabad

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

14/1

Zafarabad Customs Dept

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

1,095

1

9,000

14/2

DEU-58

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

14/3

Zomin

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

14/4

Comsomol

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

15/1

Istravshan Customs Post

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

1,095

1

9,000

15/2

Havotag

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

Final Release

76218

76219

76220

Private & Confidential

3

3

3

Page 209 of 245

TA4451-TAJ

Ref

Post

Final Report

Code

Type

For

LAN

December 2006

Router

Switch

Firewall

IPS

Comms Mobile

VPN

Comms/ Stationary

Comms Totals (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

Cost (US$)

#

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

Cost (US$)

16/1

Kanibadam Customs Dept

16/2

Kanibadam

Post

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

16/3

Patar

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

16/4

Ravat

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

17/1

Isfara Customs Dept

Clearance

Rd+Rl

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

1,095

1

9,000

1

9,000

1

9,000

1,095

1

9,000

0

1

9,000

1,095

1

9,000

0

1

9,000

76221

76222

Clearance

Rd+Rl

3

9,000

17/2

Isfara-3

Post

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

17/3

Dahana

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

17/4

Batkent

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

17/5

Jakka Uruk

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

18/1

Pendjakent Customs Dept

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

18/2

Sarazm

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

Clearance

Rd+Rl

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

Clearance

Rd+Rl

9,000

0

0

0

0

0

0

0

0

0

0

0

0

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

324,305

12

4,800

12

6,000

12

12,000

12

0

0

0

0

0

37

13,505

32

288,000

400,605

13

8,800

13

20,000

14

19,000

13

11,000

1

12,000

1

3,000

57

20,805

34

306,000

19/1 19/2 19/3 20

Khudjant Customs Dept Customs Legal Group

76223

76225

Auchi Kalacha Terminal

76226

Posts Comms Totals KHUDJANT REGIONAL COMMS TOTALS

Final Release

Private & Confidential

0

0 3

3

0

Page 210 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Khatlon) - TELECOMMUNICATIONS COSTS

Ref

Post

Code

Type

For

Comms Totals (US$)

LAN #

Router

Cost (US$)

#

Switch

Cost (US$)

#

Firewall

Cost (US$)

#

IPS

Cost (US$)

#

Comms Mobile

VPN

Cost (US$)

#

Cost (US$)

#

Comms/ Stationary

Cost (US$)

#

Cost (US$)

KHATLON REGION Unit Costs→

Regional Office 21

Dept of Control

Customs

76230

Regional Office Regional Office Comms Totals

14,000

3,500

11,000

12,000

3,000

365

9,000

73,380

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

12

4,380

2

18,000

73,380

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

12

4,380

2

18,000

Unit Costs→

Posts 22

4,000

400

500

1,000

0

12,000

3,000

365

9,000

Kurgan Tube

76233

Clearance

Rd+Rl

12,725

1

400

1

500

1

1,000

1

0

0

0

0

0

5

1,825

1

9,000

23/1

Shartuze Customs Dept

76234

Clearance

Road

11,265

1

400

1

500

1

1,000

1

0

0

0

0

0

1

365

1

9,000

23/2

Ajvadj

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

23/3

Hoshadi

Post

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

23/4

Iskra

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

23/5

Strategic Group NajzaBulok

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

24/1

Kulab Customs Dept

76235

Rd/Rl/A

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

24/2

Airport Customs Post Kulab

76282

24/3

Kokul

25/1

Nijni Piange Customs Dept

25/2 25/3

Clearance

Air

11,630

1

400

1

500

1

1,000

1

0

0

0

0

0

2

730

1

9,000

Post

River

9,730

0

0

0

0

0

0

0

0

0

0

0

0

2

730

1

9,000

76270

Clearance

River

12,725

1

400

1

500

1

1,000

1

0

0

0

0

0

5

1,825

1

9,000

Kolhozobad

76237

Clearance

Rail

10,825

0

0

0

0

0

0

0

0

0

0

0

0

5

1,825

1

9,000

Javan

76238

Clearance

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

25/4

Vahsh

76239

Clearance

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

25/5

Sargazan

76271

Clearance

Rail

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

1

9,000

137,890

6

2,400

6

3,000

6

6,000

6

0

0

0

0

0

26

9,490

13

117,000

211,270

7

6,400

7

17,000

8

13,000

7

11,000

1

12,000

1

3,000

38

13,870

15

135,000

Terminal

Clearance

Clearance

Posts Comms Totals KHATLON REGIONAL COMMS TOTALS

Final Release

Private & Confidential

Page 211 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Badakhshon) - TELECOMMUNICATIONS COSTS

Ref

Post

Code

Type

For

Comms Totals (US$)

LAN #

Router

Cost (US$)

#

Switch

Cost (US$)

#

Firewall

Cost (US$)

#

IPS

Cost (US$)

#

Comms Mobile

VPN

Cost (US$)

#

Cost (US$)

#

Cost (US$)

Comms/ Stationary #

Cost (US$)

BADAKHSHON REGION Unit Costs→

Regional Office 26/1

Dept of Control

Customs

76240

Regional Office Regional Office Comms Totals

Tem

Post

Road

14,000

3,500

11,000

12,000

3,000

365

9,000

61,460

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

4

1,460

1

9,000

61,460

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

4

1,460

1

9,000

0

0

1

9,000

Unit Costs→

Posts 26/2

4,000

9,000

400 0

0

500 0

0

1,000 0

0

0

12,000 0

0

0

3,000

365

0

0

9,000

27

Darvaz

76241

Clearance

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

28

Ishkashim

76242

Clearance

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

29/1

Murgab Customs Dept

76243

Clearance

Road

11,995

1

400

1

500

1

1,000

1

0

0

0

0

0

1,095

1

9,000

29/2

Dept of Customs Control Terminal

Clearance

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

29/3

Kizil-Art

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

29/4

Kulma

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

65,995

1

400

1

500

1

1,000

1

0

0

0

0

0

3

1,095

7

63,000

127,455

2

4,400

2

14,500

3

8,000

2

11,000

1

12,000

1

3,000

7

2,555

8

72,000

Posts Comms Totals BADAKHSHON REGIONAL COMMS TOTALS

Final Release

Private & Confidential

3

Page 212 of 245

TA4451-TAJ

Final Report

December 2006

REGIONS & POSTS (Tursunzade) - TELECOMMUNICATIONS COSTS

Ref

Post

Code

Type

For

Comms Totals (US$)

LAN #

Router

Cost (US$)

#

Switch

Cost (US$)

#

Firewall

Cost (US$)

#

IPS

Cost (US$)

#

Comms Mobile

VPN

Cost (US$)

#

Cost (US$)

Comms/ Stationary

Cost (US$)

#

#

Cost (US$)

TURSUNZADE REGION Unit Costs→

Regional Office 30

Dept of Control

Customs

76250

Regional Office Regional Office Comms Totals

4,000

3,500

11,000

12,000

3,000

365

9,000

78,730

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

2

730

3

27,000

78,730

1

4,000

1

14,000

2

7,000

1

11,000

1

12,000

1

3,000

2

730

3

27,000

Unit Costs→

Posts

14,000

400

500

1,000

0

12,000

3,000

365

9,000

Tajik Aluminium Factory

76252

Clearance

Rail

9,365

0

0

0

0

0

0

0

0

0

0

0

0

1

365

1

9,000

32/1

Regar

76253

Clearance

Rail

10,900

1

400

1

500

1

1,000

1

0

0

0

0

0

0

0

1

9,000

32/2

Pahtaobad

Post

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

Clearance

Rail

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

31

33

Shahrinav (Cheptura Station)

34/1

Gizar Customs Dept

76255

Clearance

Rail

11,265

1

400

1

500

1

1,000

1

0

0

0

0

0

1

365

1

9,000

34/2

Customs Terminal

76256

Clearance

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

Post

Road

11,265

1

400

1

500

1

1,000

1

0

0

0

0

0

1

365

1

9,000

Post

Road

9,365

0

0

0

0

0

0

0

0

0

0

0

0

1

365

1

9,000

Post

Road

9,000

0

0

0

0

0

0

0

0

0

0

0

0

0

0

1

9,000

Post

Road

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

88,160

3

1,200

3

1,500

3

3,000

3

0

0

0

0

0

4

1,460

9

81,000

166,890

4

5,200

4

15,500

5

10,000

4

11,000

1

12,000

1

3,000

6

2,190

12

108,000

362,520

5

20,000

5

70,000

10

35,000

5

55,000

5

60,000

5

15,000

48

17,520

10

90,000

712,160

28

11,200

28

14,000

28

28,000

28

0

0

0

0

0

104

37,960

69

621,000

1,074,680

33

31,200

33

84,000

38

63,000

33

55,000

5

60,000

5

15,000

152

55,480

79

711,000

35/1 35/2 35/3 35/4

Customs Post # 1 Bratstvo Customs Post # 3 Pravda Customs Post # 4 Mikojan Customs Post # 6 Komsomol /Namuna (Seasonal)

76254

Posts Comms Totals TURSUNZADE REGIONAL COMMS TOTALS REGIONAL OFFICE COMMS TOTALS POSTS COMMS TOTALS REGIONS & POSTS COMMS TOTALS

Final Release

Private & Confidential

Page 213 of 245

TA4451-TAJ

F.

Final Report

December 2006

Training Equipment Cost Estimates

Training Equipment Cost Estimates (US$) Place Dushanbe Training Institute

Type Equipment

Furniture

Training Material

Total Equipment Total Furniture Total Training Material Total

Final Release

Items Servers PCs Laptops Security (anti-virus) UPS Printers Scanners Various / Copiers LAN white-Board Bookcase Rostrum Desk Safe Projector/Screen Camera recorder TV Videotape

Unit Cost 15,000 800 1,800 70 100 350 100 700 350 100 250 60 135 230 2,000 800 300 300

Quantity 1 23 1 25 24 5 1 1 2 4 6 1 30 4 2 1 2 2

Overall Costs 15,000 18,400 1,800

Foreign Exchange 15,000 18,400 1,800 1,750

Local Currency 0 0 0 0

2,400 1,750 100 700 700 0 0 0 0 0 4,000 800 600 600 42,600 0

0 0 0 0 0 400 1,500 60 4,050 920 0 0 0 0 0 6,930

6,000

6,000

0

55,530

48,600

6,930

1,750 2,400 1,750 100 700 700 400 1,500 60 4,050 920 4,000 800 600 600 42,600 6,930

Private & Confidential

FC=1;LC=2 1 1 1 1 1 1 1 1 1 2 2 2 2 2 1 1 1 1

Page 214 of 245

TA4451-TAJ

G.

Final Report

December 2006

Summary of ICT Cost Estimate

Summary of ICT Costs Data Centre Disaster Recovery Centre Customs Div - System Customs Div - Telecommunications Regional Office and Border Posts - System Regional Office and Border PostsTelecommunications Training Eqpt Costs Total

Final Release

(US$) 1,733,495 711,000 151,965 4,380 389,740 1,074,680 55,530 4,120,790

Private & Confidential

Page 215 of 245

TA4451-TAJ

H.

Final Report

December 2006

Border Posts Civil Works Infrastructure Cost Estimate

Border Posts Civil Works Infrastructure Costs



Customs border posts and department Items

State of Customs Border Posts and Customs Offices and Necessary Arrangements

Reconstruction Priority

Start and Completion Date of Reconstruction

Reconstruc tion Cost in thousand Somoni

Reconstruc tion Cost in USD

The First

2006-2007

800,000

242,424

The First

III quarter of 20062007

500,000

151,515

The Second

2006

350,000

106,061

The Second

III quarter of 20062007

800,000

242,424

The Second

2006-2007

800,000

242,424

The Second

IY quarter of 20062007

150,000

45,455

The First and the Third

2006-2007

400,000

121,212

Sub-total

3,800,000

1,151,515

Sughd region 1

Customs Border Posts (CBP) “Sarazm” of Penjikent district

The Border Post was moved and Customs Border Post is inactive, so the reconstruction of new Customs Border post is needed

2

CBP “Patar ” of Konibodom district

The building is in normal condition, the construction of shelter, trench and scaffold bridge are needed

3

Office building of Customs Management (CM)

The Rehabilitation of building and extension have been implemented, the building extension is needed

4

CBP “Plotina” Spitamen district

In view of Border Post movement the reconstruction is needed

5

CBP “Batkent” Isfara district

The construction of new building for CBP is needed because Customs officers are working in a wagon

6

CBP in railway station “Nau” of Spitamen district

The construction of new building is needed

7

Final Release

CDs in Isfara, Mastchoh, Khujand, Penjikent, konibodom, Spitamen, Istaravshan, Zafarabad districts

Complete Office Renovation is needed

Private & Confidential

Page 216 of 245

TA4451-TAJ

Final Report

December 2006

Khatlon region 10 11

CBP “Nizhniy Pyandj” of Kumsangir district CBP “Kokul” of Farkhor district

The construction of new building is needed

12

Office building of MSRD RT Khatlon Customs Management

The building was rehabilitated, but dining and utility rooms need to be rehabilitated

13

Office building of Shaartuz Customs Departmnet

Rehabilitation and reconstruction are needed

The First

III quarter of 20072008

500,000

151,515

The First

IY quarter of 20072008

80,000

24,242

The Second

II quarter of 2006

160,000

48,485

The Second

IY quarter of 20062007

40,000

12,121

Sub-total

780,000

236,364

The First

2006

250,000

75,758

The First

2007

450,000

136,364

The First

2006

0

0

The Second

2006-2007

650,000

196,970

The Second

2006

250,000

75,758

Sub-total

1,600,000

484,848

Gorno-Badakhshan Autonomus region 15

Office building of Customs Management

In accordance with Government Regulation of RT it should be moved to new CM building “Badakhshonagroservice”

16

CBP “Kulma” of Murgab district

Should be constructed metallic structure for enlargement (4 items of gates and precast metallic structure were ordered

17

CBP “Kizil-Art” of Murgab district

The object was put into operation and should be constructed retaining walls

18

CBP “Langar” of Ishkashim district

In accordance with Government Regulation of RT the construction of new CBP is needed in border line between Tajikistan and Afghanistan structured a new CM building

19

Murgab Customs Border Post office

Rehabilitation and enlargement are needed

Dushanbe Customs Management

Final Release

Private & Confidential

Page 217 of 245

TA4451-TAJ

Final Report

20

CBP “Ainy”

In accordance with the letter of Customs Management the CBP should be moved to the building with the storage facilities near the railway station

21

CBP “Dushanbe-1”

The rehabilitation and enlargement were completed

22

CBP “Dushanbe-2”

The rehabilitation and enlargement were completed

December 2006

The First

2004

250,000

75,758

250,000

75,758

250,000

75,758

Sub-total

750,000

227,273

2006-2008

0

0

Sub-total

0

0

Tursunzade region 23

CBP of Pahtaabad railway station

There was chosen the new Site near the border for the construction. The new construction is needed.

The Second

Data Centre & Disaster Recovery Centre 24

Data Centre in Customs HQ

There was chosen the new Site near the border for the construction. The new construction is needed.

The Second

2006-2008

0

0

25

Disaster Recovery Centre in Dushanbe Regions

There was chosen the new Site near the border for the construction. The new construction is needed.

The Second

2006-2008

0

0

Sub-total TOTAL

Final Release

Private & Confidential

0 6,930,000

0 2,100,000

Page 218 of 245

TA4451-TAJ

I.

Final Report

December 2006

Border Post Customs Equipment Cost Estimate S/N

Customs Equipments

Unit Costs (US$)

Qty

Estimated Costs (US$)

7,500

4

30,000

REGION 1 : SUGHD

1

Generators

2

Control

120,000

1

120,000

3

Inspection

46,000

1

46,000

7,500

16

120,000

REGION 2 : KHATLON

1

Generators

2

Control

120,000

1

120,000

3

Inspection

46,000

1

46,000

7,500

7

52,500

REGION 3 : Gorno-Badakhshan

1

Generators

2

Control

120,000

1

120,000

3

Inspection

46,000

1

46,000

7,500

4

30,000

REGION 4 : Dushanbe

1

Generators

2

Control

120,000

1

120,000

3

Inspection

46,000

1

46,000

7,500

5

37,500

REGION 5 : Tursunzade

1

Generators

2

Control

120,000

1

120,000

3

Inspection

46,000

1

46,000

Total

Final Release

1,100,000

Private & Confidential

Page 219 of 245

TA4451-TAJ

J.

Final Report

December 2006

Total Border Post Rehabilitation and Civil Works Cost Estimate

Summary of Border Post Infrastructure Costs Category

Regions / Location

Border Post Physical Infrastructure Upgrading

Sughd Khatlon Gorno-Badakhshan Dushanbe Tursunzade

Site Preparation for Data Centre Site Preparation for Disaster Recovery Centre

Customs HQ

Customs Equipment

Sughd Khatlon Gorno-Badakhshan Dushanbe Tursunzade

1,151,515 236,364 484,848 227,273 0 0 0

Total Estimated Cost

Final Release

Estimated Costings (US$)

196,000 286,000 218,500 196,000 203,500 3,200,000

Private & Confidential

Page 220 of 245

TA4451-TAJ

K.

Final Report

December 2006

Change Management Cost Estimates

Provision of Change Management Costs

1

Change Readiness Survey

CDRT

1

-

No. of Participants per session 1000

2

Workshops and Seminars

CDRT / Ministries & Controlling Agencies / Trade & Logistics Community

10

2

50

50

25000

3

Observation and Study Tours Study Mission 1 (Singapore) Study Mission 2 (Philippines) Study Mission 3 (Thailand) Study Mission 3 (Korea) Study Mission 4 (Kazakhstan) Study Mission 5 (Kyrgyzstan) Study Mission 6 (Others)

1 1 1 1 1 1 1

5 5 5 5 5 5 5

5 5 5 5 5 5 5

4000 4000 4000 4000 2000 1500 1500

20000 20000 20000 20000 10000 7500 7500

Ad-hoc Ad-hoc

-

-

Lump-sum Lump-sum

0 10000

Ad-hoc Ad-hoc 5

-

-

5

-

Lump-sum Lump-sum 450

0 10000 11250

Total

171,250

S/N

4

Activity

Newsletters and Publications

Articles in Customs Newsletter CD RT Website Improvement & Updating Notices and Bulletins Brochures Exhibitions

Final Release

Participants

No. of Sessions

Duration (Days)

Unit Cost (US$)

Estimated Total Cost (US$)

10

10000

Selected CD Staff

CDRT / Ministries & Controlling Agencies / Trade & Logistics Community

Private & Confidential

Page 221 of 245

TA4451-TAJ

L.

Final Report

December 2006

Training Cost Estimate

S/N

1

2

Category

User Training

Technical Training

Activity

Types of Trainees

External Trainers

1.2 UAIS User Modules

Application Developers / Suppliers

2.1 System Administration

2.3 Database Management

2.4 Application Development

Trainee Size

Provision of ICT Training Costs All CD RT Staff 1000

1.1 Basic Computer Course

2.2 Network Management

Final Release

Provision by

Class Size

Number of Classes

Duration per Class (Days)

Cost per Student (US$)

Estimated Total Cost (US$)

20

50

5

50

50000

CD RT

500

20

25

5

200

100000

100

20

5

5

200

20000

300

20

15

3

200

60000

PMO

Ministries & Controlling Agencies Trade & Logistic Community CD RT

500

20

25

5

0

0

Suppliers

ICT Staff

12

6

2

10

500

6000

PMO

ICT Staff

12

6

2

5

0

0

External Trainers

ICT Staff

-

-

-

-

-

-

Vendor Attachment

ICT Staff

2

2

1

5

4000

8000

Suppliers

ICT Staff

12

6

2

10

500

6000

PMO

ICT Staff

12

6

2

5

0

0

External Trainers

ICT Staff

-

-

-

-

-

0

Suppliers

ICT Staff

5

5

1

5

500

2500

PMO

ICT Staff

-

-

-

-

-

-

External Trainers

ICT Staff

5

5

1

5

800

4000

Suppliers

ICT Development Staff

5

5

15

500

Private & Confidential

1

2500

Page 222 of 245

TA4451-TAJ

Final Report

PMO External Trainers

2.5 Quality Assurance & Security

External Trainers

ICT Development Staff ICT Development Staff ICT Quality Assurance Staff

December 2006

-

-

-

-

-

-

-

-

-

-

-

-

2

2

10

1000

1

2000

Provision of Customs Training Costs

3

Customs Management

Final Release

3.1 Risk Management Trainer Course

External Trainers (Train the Trainers Program)

CD RT

3.2 Risk Management Concept

Internal RM Trainers

CD RT

3.3 Post Clearance Audit Trainer Course

External Trainers (Train the Trainers Program)

CD RT

3.4 Post Clearance Audit

Internal PCA Trainers

CD RT

Private & Confidential

20

10

2

5

500

10000

1000

20

50

2

50

50000

20

10

2

5

500

10000

300

20

15

2

50

15000

Total

346,000

Page 223 of 245

TA4451-TAJ

M.

Final Report

December 2006

Summary of Cost for CM and Training

Summary of Change Management & Training Costs Category

Activities

Estimated Cost (US$)

Change Management

Change Readiness Survey Workshops and Seminars Observation and Study Tours Newsletters and Publications Sub-total

10000 25000 105000 31250 171250

Training Programs

User Training Technical Training Customs Management Training Sub-total

230000 31000 85000 346000

Total Estimated Cost

517,250

Final Release

Private & Confidential

Page 224 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX K IMPLEMENTATION PLAN OF UAIS

Final Release

Private & Confidential

Page 225 of 245

TA4451-TAJ

Final Report

APPENDIX K.

December 2006

IMPLEMENTATION PLAN OF UAIS

1

Year 1 (2007) 2 3

4

1

Year 2 (2008) 2 3

4

1

Year 3 (2009) 2 3

Component 1: Development of Information and Communication Technology (ICT) 1.1 Tender Process 1.1.1 Prepare Tender Specifications For Development of UAIS 1.1.2 Invite Tenders 1.1.3 Tender Evaluation and Award 1.2 Develop UAIS & Interface With Single Electronic Window (SEW) / Implementaion Plan/Hardware & Software Network Strategies 1.2.1 Finalize Systems Requirements With Selected Vendor 1.2.2 Prepare Preliminary Systems Design, Define Architecture 1.2.3 Produce Final Functional And Technical Specifications 1.2.4 Develop Core Components 1.2.5 Procure System Components And Hardware 1.2.6 User Acceptance Testing 1.2.7 Pilot Test 1.2.8 Systems Migration 1.2.9 Phase Implementation 1.2.10 Systems Warranty Period 1.2.11 Systems Maintenance 1.3 Development of Communication Infrastructure 1.3.1 Review Existing Communication Infrastructure/ Local Area Network (LAN) Wide Area Network (WAN) /Virtual Private Network (VPN) 1.3.2 Design Network 1.3.3 Implement Network and install Communication Hardware and Software for HQ, Regional Office and Priority Border Post 1.3.4 Implement Network and Install Communication Hardware & Software for non-Priority Border Post 1.3.5 Interface Inter-Agency and External Agency Network 1.3.6 Maintenance And Operations Of Communication Infrastructure Final Release

Private & Confidential

Page 226 of 245

TA4451-TAJ

Final Report

December 2006

Private & Confidential

Page 227 of 245

Component 2: Infrastructure Development 2.1 Site Preparation of Data Centre (DC) & Disaster Recover Centre (DRC) 2.1.1 Review Infrastructure Requirements for DC 2.1.2 Review Infrastructure Requirements for DRC 2.1.3 Prepare of Technical Specifications for Tender 2.1.4 Prepare Bidding Documents for Tender 2.1.5 Invite Tender 2.1.6 Tender Evaluation and Award 2.1.7 Finalize Infrastructure Requirements With Selected Vendor 2.1.8 Conduct Renovation and Construction of DC 2.1.9 Conduct Renovation and Construction of DRC 2.1.10 Equip DC and DRC with ICT Equipments 2.1.11 Acceptance and Sign-off 2.2 Improvement of Customs Border-Posts and Facilities 2.2.1 Review of Priority Border Posts 2.2.2 Review Infrastructure Needs and Requirements for Border Posts 2.2.3 Prepare Technical Specifications for Tender 2.2.4 Prepare Bidding Documents for Tender 2.2.5 Invite Tender 2.2.6 Tender Evaluation and Award 2.2.7 Finalize Infrastructure Requirements With Selected Vendor 2.2.8 Conduct Renovation and Construction of Priority Border Posts 2.2.9 Conduct Renovation and Construction of non-Priority Border Posts 2.2.10 Equip renovated border posts with ICT Equipments 2.2.11 Acceptance and Sign-off 2.3 Provisions of Customs Operations and Anti-smuggling Equipment 2.3.1 Review of Priority Border Posts 2.3.2 Prepare of Technical Specifications for Tender 2.3.3 Prepare Bidding Documents for Tender 2.3.4 Invite Tender Final Release

TA4451-TAJ

2.3.5 2.3.6 Vendor 2.3.7 2.3.8

Final Report

December 2006

Tender Evaluation and Award Finalize Customs Equipment Requirements With Selected Equip renovated border posts with Customs Equipments Acceptance and Sign-off

Component 3 : Change Mangement and Training 3.1 Prepare and finalize Change Management Plan 3.2 Implement Change Management Programs 3.2.1 Change Readiness Survey 3.2.2 Workshops and Seminars 3.2.3 Observation and Study Tours 3.2.4 Visitor Programs 3.2.5 Newletters and Publications 3.3 Implement User Training Programs 3.3.1 Basic Computer Course 3.3.2 UAIS User Modules Training 3.4 Implement Technical Training Programs 3.4.1 System Administration Training 3.4.2 Network Management Training 3.4.3 Database Management Training 3.4.4 Application Development Training 3.4.5 Quality Assurance & Security Training 3.5 Implement Customs Management Training Programs

1

Year 4 (2010) 2 3

Year 5 4

1

2

Component 1: Development of Information and Communication Technology (ICT) 1.1 Tender Process 1.1.1 Prepare Tender Specifications For Development of UAIS 1.1.2 Invite Tenders 1.1.3 Tender Evaluation and Award 1.2 Develop UAIS & Interface With Single Electronic Window (SEW) /

Final Release

Private & Confidential

Page 228 of 245

TA4451-TAJ

Final Report

December 2006

Implementaion Plan/Hardware & Software Network Strategies 1.2.1 Finalize Systems Requirements With Selected Vendor 1.2.2 Prepare Preliminary Systems Design, Define Architecture 1.2.3 Produce Final Functional And Technical Specifications 1.2.4 Develop Core Components 1.2.5 Procure System Components And Hardware 1.2.6 User Acceptance Testing 1.2.7 Pilot Test 1.2.8 Systems Migration 1.2.9 Phase Implementation 1.2.10 Systems Warranty Period 1.2.11 Systems Maintenance 1.3 Development of Communication Infrastructure 1.3.1 Review Existing Communication Infrastructure/ Local Area Network (LAN) Wide Area Network (WAN) /Virtual Private Network (VPN) 1.3.2 Design Network 1.3.3 Implement Network and install Communication Hardware and Software for HQ, Regional Office and Priority Border Post 1.3.4 Implement Network and Install Communication Hardware & Software for non-Priority Border Post 1.3.5 1.3.6

Interface Inter-Agency and External Agency Network Maintenance And Operations Of Communication Infrastructure

Component 2: Infrastructure Development 2.1 Site Preparation of Data Centre (DC) & Disaster Recover Centre (DRC) 2.1.1 Review Infrastructure Requirements for DC 2.1.2 Review Infrastructure Requirements for DRC 2.1.3 Prepare of Technical Specifications for Tender 2.1.4 Prepare Bidding Documents for Tender 2.1.5 Invite Tender 2.1.6 Tender Evaluation and Award 2.1.7 Finalize Infrastructure Requirements With Selected Vendor 2.1.8 Conduct Renovation and Construction of DC

Final Release

Private & Confidential

Page 229 of 245

TA4451-TAJ

Final Report

December 2006

Private & Confidential

Page 230 of 245

2.1.9 Conduct Renovation and Construction of DRC 2.1.10 Equip DC and DRC with ICT Equipments 2.1.11 Acceptance and Sign-off 2.2 Improvement of Customs Border-Posts and Facilities 2.2.1 Review of Priority Border Posts 2.2.2 Review Infrastructure Needs and Requirements for Border Posts 2.2.3 Prepare Technical Specifications for Tender 2.2.4 Prepare Bidding Documents for Tender 2.2.5 Invite Tender 2.2.6 Tender Evaluation and Award 2.2.7 Finalize Infrastructure Requirements With Selected Vendor 2.2.8 Conduct Renovation and Construction of Priority Border Posts 2.2.9 Conduct Renovation and Construction of non-Priority Border Posts 2.2.10 Equip renovated border posts with ICT Equipments 2.2.11 Acceptance and Sign-off 2.3 Provisions of Customs Operations and Anti-smuggling Equipment 2.3.1 Review of Priority Border Posts 2.3.2 Prepare of Technical Specifications for Tender 2.3.3 Prepare Bidding Documents for Tender 2.3.4 Invite Tender 2.3.5 Tender Evaluation and Award 2.3.6 Finalize Customs Equipment Requirements With Selected Vendor 2.3.7 Equip renovated border posts with Customs Equipments 2.3.8 Acceptance and Sign-off Component 3 : Change Mangement and Training 3.1 Prepare and finalize Change Management Plan 3.2 Implement Change Management Programs 3.2.1 Change Readiness Survey 3.2.2 Workshops and Seminars 3.2.3 Observation and Study Tours 3.2.4 Visitor Programs 3.2.5 Newletters and Publications 3.3 Implement User Training Programs Final Release

TA4451-TAJ

Final Report

December 2006

Private & Confidential

Page 231 of 245

3.3.1 Basic Computer Course 3.3.2 UAIS User Modules Training 3.4 Implement Technical Training Programs 3.4.1 System Administration Training 3.4.2 Network Management Training 3.4.3 Database Management Training 3.4.4 Application Development Training 3.4.5 Quality Assurance & Security Training 3.5 Implement Customs Management Training Programs

Final Release

TA4451-TAJ

Final Report

December 2006

APPENDIX L CUSTOMS TRADE STATISTICS (2005)

Final Release

Private & Confidential

Page 232 of 245

TA4451-TAJ

Final Report

APPENDIX L.

December 2006

CUSTOMS TRADE STATISTICS (2005)

TAJIKISTAN IMPORT AND EXPORT STATISTICS (2005)

EXPORT DECLARATIONS

LOCATION Customs

Name of Post

Code 200 201 202 203

206 207 260 280

No. of

% of Total

No. of

% of Total

Total No of

% of Total

Declarations

Declarations

Declarations

Declarations

Trade

Import/Export

At Post

Declarations

Declarations

Location

Dushanbe

Regional Office

425

14.44%

2,519

85.56%

2,944

5.53%

98.13

Dushanbe

Regional Office Airport

2

7.69%

24

92.31%

26

0.05%

0.87

114

7.00%

1,515

93.00%

1,629

3.06%

54.30

33

2.01%

1,609

97.99%

1,642

3.08%

54.73

Dushanbe Dushanbe

Dushanbe-1

Dushanbe Dushanbe

Dushanbe-2 Terminal

Dushanbe

Ainy

Dushanbe

Kafarnigan

Dushanbe

Jirgital SUB-TOTAL FOR DUSHANBE

Final Release

At Post

No of Declarations per day

Regional Office

204 205

IMPORT DECLARATIONS

36

7.53%

442

92.47%

478

0.90%

15.93

52

1.19%

4,313

98.81%

4,365

8.20%

145.50

75

4.21%

1,707

95.79%

1,782

3.35%

59.40

2

0.20%

984

99.80%

986

1.85%

32.87

21

3.87%

521

96.13%

542

1.02%

18.07

2

0.27%

728

99.73%

730

1.37%

24.33

15,124

28.39%

504.13

762

14,362

Private & Confidential

Page 233 of 245

TA4451-TAJ

Final Report

EXPORT DECLARATIONS

LOCATION Customs

Name of Post

Code 212 215 216

Regional Office Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd)

217

218 219 220 221 222 223 225 226

Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd) Leninabad (Sughd)

IMPORT DECLARATIONS

No. of

% of Total

No. of

% of Total

Total No of

% of Total

Declarations

Declarations

Declarations

Declarations

Trade

Import/Export

At Post

Declarations

Declarations

Location

At Post

No of Declarations per day

55

20.52%

213

79.48%

268

0.50%

8.93

Jabor Rasulov / Madaniyat

807

59.38%

552

40.62%

1,359

2.55%

45.30

Asht District/Navbunyod/Uzbek-Okjar Nau district/«Platina/Hashtyak/FarmonKurgan Matcho district/Kuruksai» /Fatehabad» in Zafarabad /DEU – 58/Zoamin/Comsomol

166

43.92%

212

56.08%

378

0.71%

12.60

160

6.66%

2,243

93.34%

2,403

4.51%

80.10

12

0.33%

3,622

99.67%

3,634

6.82%

121.13

-

0.00%

18

100.00%

18

0.03%

0.60

2

0.87%

229

99.13%

231

0.43%

7.70

446

56.10%

349

43.90%

795

1.49%

26.50

613

33.37%

1,224

66.63%

1,837

3.45%

61.23

47

21.86%

168

78.14%

215

0.40%

7.17

1,250

30.03%

2,912

69.97%

4,162

7.81%

138.73

Khujand airport

in Istraushan district/«Havotag Kanibadam district/Kanibadam/«Patar/Ravat» Isfara district/«Isfara3/Dahana»/Batkent»/Yaka-Uruk Penjikent district/Yaka-Uruk Khojent district/Auchy- Kalacha Terminal

227 SUB-TOTAL FOR LENINABAD (SUGD)

Final Release

December 2006

7

0.86%

804

99.14%

811

1.52%

27.03

6

0.08%

7,955

99.92%

7,961

14.95%

265.37

24,072

45.19%

802.40

3,571

20,501

Private & Confidential

Page 234 of 245

TA4451-TAJ

Final Report

EXPORT DECLARATIONS

LOCATION Customs

Name of Post

Code Regional Office 230

Khatlon

Location Regional office

232 233

Khatlon Khatlon

in Kurgantube Shaartuz district /«Aivaj/«Hoshadi/Iskra» /Naiza-Bulok

Khatlon

in Kulyab/Kulyab airport

234 235 236 237 238 239 270 271 282

241 242 243

IMPORT DECLARATIONS

No. of

% of Total

No. of

% of Total

Total No of

% of Total

Declarations

Declarations

Declarations

Declarations

Trade

Import/Export

At Post

Declarations

Declarations

At Post

No of Declarations per day

71

31.56%

154

68.44%

225

0.42%

7.50

40

27.40%

106

72.60%

146

0.27%

4.87

484

44.32%

608

55.68%

1,092

2.05%

36.40

59

100.00%

-

0.00%

59

0.11%

1.97

31

52.54%

28

47.46%

59

0.11%

1.97

57

51.82%

53

48.18%

110

0.21%

3.67

Khatlon

Kolhozabad

83

31.56%

180

68.44%

263

0.49%

8.77

Khatlon

Yavan

72

38.50%

115

61.50%

187

0.35%

6.23

Khatlon

Vahsh

69

34.50%

131

65.50%

200

0.38%

6.67

Khatlon

Pyanj

367

45.48%

440

54.52%

807

1.52%

26.90

Khatlon

Sargazon

64

25.20%

190

74.80%

254

0.48%

8.47

Khatlon

Kokul

31

23.48%

101

76.52%

132

0.25%

4.40

3,534

6.63%

117.80

SUB-TOTAL FOR KHATLON 240

December 2006

GornoBadakshan GornoBadakshan Gorno Badakshan Gorno Badakshan

2,106

Tem 140

29.29%

338

70.71%

478

0.90%

15.93

Darvaz

20

100.00%

-

0.00%

20

0.04%

0.67

Ishkashim

-

0.00%

1

100.00%

1

0.00%

0.03

Murgab district/Kisil-Art/Kulma

17

14.41%

101

85.59%

118

0.22%

3.93

-

0.00%

90

100.00%

90

0.17%

3.00

707

1.33%

23.57

244 SUB-TOTAL FOR GORNOBADAKHSHAN

Final Release

1,428

177

530

Private & Confidential

Page 235 of 245

TA4451-TAJ

Final Report

EXPORT DECLARATIONS

LOCATION Customs

Name of Post

Code Regional Office 250

Tursunzade

Location Regional Office

251 252 253 254 255

IMPORT DECLARATIONS

No. of

% of Total

No. of

% of Total

Total No of

% of Total

Declarations

Declarations

Declarations

Declarations

Trade

Import/Export

At Post

Declarations

Declarations

At Post

No of Declarations per day

57

16.67%

285

83.33%

342

0.64%

11.40

-

0.00%

1,491

100.00%

1,491

2.80%

49.70

Tursunzade

TADAZ

843

37.19%

1,424

62.81%

2,267

4.26%

75.57

Tursunzade

Regar

39

5.03%

736

94.97%

775

1.46%

25.83

Tursunzade

Shahrinau

7

1.37%

505

98.63%

512

0.96%

17.07

Tursunzade

Gissar

111

3.97%

2,685

96.03%

2,796

5.25%

93.20

11

0.72%

1,519

99.28%

1,530

2.87%

51.00

9,713

18.24%

323.77

256 SUB-TOTAL FOR TURZUNZADE 283 290

December 2006

Independent

Total

Final Release

Energy Customs

1,068

8,645

6

10.00%

54

90.00%

60

0.11%

2.00

20

37.04%

34

62.96%

54

0.10%

1.80

7,032

46,232

Private & Confidential

53,264

Page 236 of 245

TA4451-TAJ

Final Report

December 2006

APPENDIX M PILOT TESTING

Final Release

Private & Confidential

Page 237 of 245

TA4451-TAJ

Final Report

APPENDIX M.

December 2006

PILOT TEST

A.

Introduction

1

Despite being called a “test”, a pilot is not a functionality test of the system, but it is a carefully planned small scale deployment and rollout of the UAIS.

2

The pilot test of the UAIS is a very important process that requires careful planning and good execution. The main purpose of a pilot is to demonstrate that the UAIS software, hardware, and the network infrastructure work as expected, and that they meet CD RT’s work requirements. A successful pilot reduces the risk during full-scale deployment.

3

The pilot test is also to make sure that the telecommunications and Border Post infrastructure of Tajikistan can support the UAIS operation between the Border Posts, Regional Offices, and the Customs HQ.

4

The pilot test is proposed to last at least 3 months, involving Dushanbe Region (10 border posts) and Sughd Region (15 border posts). According to latest Customs Statistics gathered for 2005 and 2006 (over 6 months), Dushanbe and Sughd regions account for around 70 percent of Customs declarations. During the test, live data will be used in the transactions and it is expected that only if the pilot testing is deemed successful, will the phased implementation to other regions be carried out. The system warranty period will only begin after the pilot testing is successful.

B.

Objectives

5

The main objectives of the pilot test is as follows: a. b. c. d. e. f. g.

Final Release

To minimize the risk of encountering problems in later full-scale deployment of UAIS. To rehearse and refine the UAIS roll-out and deployment process on a smaller scale. To ensure that the UAIS software is able to scale upwards. To ensure that the UAIS hardware and infrastructure can support CD RT under normal working condition. To determine whether there is a need to make last minute changes to the system. To determine the readiness of CD RT in UAIS implementation. To seek out any pit-falls or weakness in the System.

Private & Confidential

Page 238 of 245

TA4451-TAJ

Final Report

December 2006

C.

Pilot Testing Process

6

The diagram below shows the process that pilot testing will follow:

7

Three teams need to be formed for the pilot: the Pilot Design Team, the Pilot Deployment Team and the Pilot Users.

Final Release

Private & Confidential

Page 239 of 245

TA4451-TAJ

Final Report

December 2006

8

The Pilot Design Team is a working group formed by the UAIS vendor, CD RT, and perhaps includes a public sector organization like the Tajikistan Brokers Association. The team has to be formed at the start of the Customs Modernization exercise. The main task of the team is to define the pilot scope, test scenarios, and the detail pilot plan.

9

The Pilot Deployment Team consists of personnel from the UAIS vendor. The main task of the team is to setup and deploy the UAIS software and hardware according to the project scope and plan.

10

The Pilot Users are the CD RT officers across all the pilot test sites. The main task of these users is to use the UAIS in their daily work.

11

Pilot releases generally happen in succession. For example, the test UAIS deployment is limited to a few pilot test sites and users. Feedback from these users is then used to evaluate the results and resolve issues that arise. The vendor then deploy an updated release of the pilot, and repeat this process until the release team decides that CD RT is ready for a full deployment.

12

During the pilot testing period, the UAIS would be running in parallel with the CD RT existing system. The existing system is stopped only when the pilot is deemed successful.

13

The UAIS will eventually be deployed throughout the country. Because of the wide geographical distance between the Border Posts, Regional Offices, and Customs HQ, it is necessary that the pilot testing includes telecommunications equipment and network.

14

The pilot will be conducted after the User Acceptance Testing, using live data. There will be three months period of parallel run of new UAIS system and the current manual system before the cutover to the new system.

D.

Pre-requisite for Pilot

15

Prepare the pilot sites: The detail of all proposed pilot sites has to be identified and the pilot users trained.

16

Infrastructure setup: The infrastructure of border posts involved in the pilot testing (Dushanbe and Sughd) regions should be completed before pilot testing begins. All the necessary IT, telecommunication equipment and network are installed in the 2 regions and border posts before pilot testing can commence. The vendor shall prepare a rollout plan for deploying the servers and preparing systems for the pilot test.

17

UAIS setup: All components of the UAIS software will be delivered to Customs prior to the commencement of pilot testing. Subsequently, any changes to this delivered software will be subjected to the change control management as defined in the Quality Plan.

18

Bug defect tracking tool setup: The pilot testing involve users in HQ, regional offices and border posts, spread across wide geographical area. It is essential to provide a mechanism, for allowing users to provide a central repository for constant feedback on the defects encountered during testing to the pilot testing committee. The vendor shall provide a web-based bug defect tracking tool.

Final Release

Private & Confidential

Page 240 of 245

TA4451-TAJ

Final Report

December 2006

19

Data migration and setup of code tables: As the pilot testing involves live data, it is necessary to ensure all the necessary data such as code tables, for example the harmonized codes, are migrated or entered in the UAIS. The vendor shall prepare a data migration plan.

20

Installation test: The vendor will undertake to certify that the Installation Tests prior to pilot test commencement conforms to the manufacturer's specifications and the specifications stated in the contract.

21

Required documents: The following set of documents is recommended for a successful pilot -

22



A Training Plan that describes what the pilot users need to know before they begin the pilot. To include details on training for the support and operations teams in addition to the pilot participants.



A Support Plan that describes how problems that arise for users during the pilot will be resolved. The support plan identifies who will provide support for pilot participants and states the level of service that the support team needs to provide during the pilot. Finally, the support plan should describe how users can report problems to the team.



A Communication Plan that explains how pilot users will be informed about what is happening in the project.



An Evaluation Plan that describes how the Pilot Design Team will obtain feedback from the Pilot Deployment Team and the Pilot Users. The plan should define the process the Design Team plan to use to solicit feedback from participants and the team, the types of questions the evaluation will ask, and the review process. Finally, it has to state who is responsible for making the decision about whether to proceed with the pilot.



A Risk and Contingency Plan that describes potential risk factors and the plan to assess and diffuse them. These are risk factors that could prevent the pilot from being deployed successfully. For example, risks might include required hardware or software being unavailable or pilot users not being available, or needing additional training. By properly addressing risk factors, the likelihood of encountering those same problems when UAIS is deployed into production environment is reduced.



A Backup and Recovery Plan that establishes guidelines and procedures to prevent problems that might cause data loss or interruptions to CD RT’s operations, and to allow recovery as quickly as possible if such events do occur.



A Schedule that includes milestones at which the Pilot Design Team can evaluate and make necessary changes to the pilot. This is one of the earliest pilot planning activities, and it’s often included in the master project schedule. It includes schedules for planning the pilot, training, upgrading hardware, deploying the pilot, testing by pilot participants, and evaluating the pilot.

Prepare the Pilot Users: The following table shows the system and the corresponding people involve in the pilot test.

Final Release

Private & Confidential

Page 241 of 245

TA4451-TAJ

Final Report

Core Systems

December 2006

CD RT Division

Users

1

Manifest Control



Customs Declaration & Security Deposit Sub Division at HQ and Regional Offices

• • •

Terminal operators Freight forwarders Carriers

2

Declaration Control

• •

Border Post Officers Customs Declaration & Security Deposit Sub Division at HQ and Regional Offices

• • •

Customs brokers Specialists Banks

3

Warehouse Control



Customs Warehousing Sub Division at HQ and Regional Offices



Private warehouse operators

Subsystems

CD RT Division

Users

1

Registration





2

Administration





3

Tariff Nomenclature •

4

Valuation



Goods Classification and Non-tariff Regulation Sub Division Valuation Regulations Sub Division





Customs Conditions 6 Post-Clearance 7 Customs Offence 8 Duty Payment 9 Fees and Billing 10 Security Deposit 11 Currency Control





• • • • • •

• • • • • •

12 Excise Control 13 Risk Management And Intelligence 14 Customs Statistics

• •

5

Final Release



Goods Classification and Non-tariff Regulation Sub Division Anti-Smuggling Division Statistics Division at Customs HQ

Private & Confidential

External UAIS users Customs UAIS users

• • • •

CD RT Ministry of Finance Page 242 of 245

TA4451-TAJ

Final Report

December 2006



Other Ministries

E.

Recommended Pilot scenarios

23

Pilot rollout scenarios have to be part of the overall deployment plan to the pilot sites. The sequence of rollout is recommended as follows: h.

Customs HQ pilot deployment and rollout The UAIS will be released to the Customs HQ users. This means that the UAIS Subsystems will go “live”. All CD RT Divisions will begin to use all the Subsystems in their daily job.

i.

Regional Office pilot deployment and rollout The UAIS will be released to the Dushanbe and Sughd Regional Offices. The pilot users at Regional Offices will begin to use the Subsystems in their daily job.

j.

Border Post pilot deployment and rollout The UAIS will be released to the major border posts in the Dushanbe and Sughd region. The pilot users at these border posts will begin to use the Core Systems in their daily job.

k.

End-user pilot deployment and rollout The UAIS will be released to the participating Customs Brokers, Carriers, and Warehouse Operators in the Dushanbe and Sughd region. These pilot users will begin to use the Core Systems in their daily job.

24

Once the above rollout is achieved, major pilot scenarios can be conducted by the pilot users, and the result observed.

25

Two examples of a pilot scenarios are: l.

Import of cargo by air a) b) c) d) e) f) g) h) i) j) k) l)

m. Final Release

Airline operator submits manifest to UAIS using Manifest clientsoftware Manifest Control System receives the manifest at Customs HQ Manifest Control System validates and check for risk Manifest Control System clears the manifest Importer submits Customs declaration using Declaration Control client-software Declaration Control System receives declaration and performs validity checks Declaration Control System approves the declaration Importer prints hard-copy of Customs declaration with bar-code Importer presents Customs permit with supporting trade documents Border Post officer reads bar-code Border Post officer receives examination alert if needed Cargo released

Movement of cargo to a Warehouse Private & Confidential

Page 243 of 245

TA4451-TAJ

Final Report

a) b) c) d) e) f) g) h) i) j) k)

December 2006

Importer selects warehouse regime through Customs Control clientsoftware Importer presents Customs permit at point of release Customs seals consignment Consignment is moved to warehouse –point of receipt Warehouse Operator receives consignment Warehouse Operator enters details to Warehouse Control clientsoftware Warehouse Operator requests for Customs service Customs inspects consignment Consignment moved into allocated lot position Warehouse Operator enters details to Warehouse Control clientsoftware when goods are released Warehouse Operator submit monthly report on inventory kept at warehouse

F.

Deployment and Evaluating the Pilot

26

The deployment of the UAIS to the pilot sites has to be done by the Pilot Deployment Team.

27

The problems uncovered by Pilot Users and the Deployment Team are reviewed, prioritized, and fixed according to procedures outlined in the pilot plan. Problems can be resolved by further development, by documenting resolutions and workarounds for the installation teams and support staff, or by incorporating the resolution or workaround as supplemental material in training courses. As the Pilot Design Team receives feedback, they will need to assess problems that pose a risk to the overall project. Specifically, they should look for situations that might result in scope changes, cost increases, interoperability problems, and unanticipated downtime.

28

When the pilot is completed, data collected, and participant feedback evaluated, the Pilot Design Team must next decide how to proceed based on whether the pilot meets the success criteria previously defined. After evaluating the success of the pilot, one of the following options has to be chosen: •

Roll back the pilot. When the pilot is not completely successful, there might be a need to roll back the pilot to the configuration used before the pilot began, clean up the data, and redeploy the pilot so that the pilot users can continue with their work. A rollback might be required for a number of reasons, such as when the production environment contains invalid data or when production configurations and settings cause problems with the real deployment.



Suspend the pilot. If the pilot is not successful and issues cannot be resolved easily, suspend the entire pilot, halting all pilot testing until the issues have been resolved and the pilot can be redeployed. This requires rolling the pilot back to the configuration used before the pilot began.



Patch the pilot and continue. If the pilot is partially successful, with a few problem raised that are easily fixed, issue the same pilot user a "patch" to fix existing problem.



Proceed to the production deployment phase. If the pilot is deemed successful and ready for production, plans for full deployment should proceed.

Final Release

Private & Confidential

Page 244 of 245

TA4451-TAJ

Final Release

Final Report

Private & Confidential

December 2006

Page 245 of 245

Smile Life

When life gives you a hundred reasons to cry, show life that you have a thousand reasons to smile

Get in touch

© Copyright 2015 - 2024 PDFFOX.COM - All rights reserved.