A3 ICT Infrastructure for Paperless Trade

A3.1 Is network service available at all border posts, including ports, airports and cargo clearance houses, in your country?

Background

A good and secure information and communication technology (ICT) infrastructure is one of the essential elements for an efficient paperless trade system. Unavailability of network services could be one of the obstacles in full implementation of a trade facilitation system when the business process is incomplete due to missing parties in the network connectivity.

Expected Answers
  • Yes - Secure network services with adequate bandwidth are available at all Customs stations, including ports, airports and cargo clearance houses in the country.
  • Partially Yes - Network services are available only at some but not all Customs stations in the country especially in the remote Customs stations. Moreover, the scenario where all stations are covered but the bandwidth is not adequate, should be recorded here.
  • No - Network services are not available for all Customs stations, including ports, airports and cargo clearance houses in the country.
Good Practices

Telecommunication infrastructure and network services should be available at all Customs stations, including ports, airports and cargo clearance houses in the country. Technological innovation and the decreasing costs of wireless and other telecommunication technologies, combined with progressive policy and regulatory environments, could result in the provision of telecommunication services in all areas including remote areas in the country.

If the network services are not available to all border ports yet, the country should consider establishing the future plan and targeted timeline to develop such infrastructure and services to connect all stakeholders including controlling agencies. Different network infrastructure options that are financially and technologically appropriate for different areas could be deployed, e.g. using fiber optics, wireless devices, and satellites. Next-generation high-speed network (NGN) could be considered since it refers to the worldwide move from circuit-switched to packet-based network. The migration to NGNs has reduced service providers’ investment costs and operation costs and enabled the rollout of a rich variety of services.

In the above writeup of section A3.1, much emphasis is given on availability of adequate network at all stations indicated above. It is important to emphasize that all stakeholders in the country including importers, exporters, agents, service providers etc. should also have access to such robust networks for effective electronic interactions otherwise the systems may face constraints.

References and Case Studies

A3.2 Are any of the systems mentioned in A2.1 “Electronic systems” connected via a common or single network?

Background

It is not uncommon that different stakeholders have different levels of automation and systems using different platforms. To ease interfacing and interoperability between these systems, a common or a single network may be adopted to provide connectivity and integration with several heterogeneous systems.

Good Practices

In many countries, a common or single network of interconnectivity among different regulatory agencies are established with a dedicated and secure network infrastructure. The network supported by cables/fiber optics and network equipment is developed and used only for connecting among government agencies, and they are not open to the public.

Other secure hardware and software technologies should be deployed to ensure the security and integrity of the system, e.g. using Virtual Private Network (VPN) software, HTTPS/SSL, and other encryption software/hardware equipment.

References and Case Studies

 

The following questions are relevant if the answer to question A3.2 is yes.

A3.2.1 (If A3.2 is yes) Is it integrated and secure?

Background

The systems of several agencies, e.g. e-Customs, e-Ports, e-Licenses, e-Certificates and e-Permits, should be integrated via this common or single network. The primary function of this network is to serve also as a secure channel for information exchange between the participating parties.

Expected Answers
  • Yes - The systems mentioned in section A2.1 “Electronic systems” are integrated via a common or single network. The communication channel in this network is secure.
  • No - The systems mentioned in section A2.1 “Electronic systems” are not integrated via a common or single network, or if they are integrated but the communication is not secure, e.g. using the open Internet network without secure channels to connect among different government agencies.
Good Practices

In many countries, a common or single network of interconnectivity among different regulatory agencies are established with a dedicated or secure network infrastructure. The network supported by cables/fiber optics and network equipment can be developed and used only for connecting government agencies, and they are not open to the public.

Other secure hardware and software technologies should be deployed to ensure the security and integrity of the system, e.g. using Virtual Private Network (VPN) software, HTTPS/SSL, and other encryption software/hardware equipment.

References and Case Studies

A3.2.2 (If A3.2 is yes) Is it able to provide a high availability rate of minimum 99.9 percent in terms of service level agreement for trade data exchange in paperless environment?

Background

The availability and reliability of paperless systems including the network infrastructure is very important for the continuity of trade transactions. High availability should be the key characteristic of these systems, which aims to ensure an agreed service level. A high availability of minimum 99.9 percent of service level agreement is normally recommended which ensures the percent of uptime or the amount of time that the services are available and operational. A 99.9% uptime equates to 43 minutes and 50 seconds of downtime per month.

Expected Answers
  • Yes - The network infrastructure and the paperless trade system can provide a high availability of minimum 99.9 percent in terms of SLA for trade data exchange in paperless environment.
  • Partially Yes - The network infrastructure and the paperless trade systems cannot provide a high availability of minimum 99.9 percent in terms of SLA. It includes the scenario where the SLA conditions are maintained but for some systems but not all.
  • No - The network infrastructure and the paperless trade system can offer an availability less than 99.9 percent in terms of SLA for trade data exchange.
Good Practices

High availability is a characteristic of a system which aims to ensure an agreed level of operational performance. It is usually measured by uptime or an amount of time that a system and its network remain operational even if one or more components fail.

There are several tactics to achieve high availability, e.g. using high quality hardware and backups, increasing fault tolerance with redundant equipment (e.g. two power supplies in the server, multiple internet connection, two firewalls, and two servers) and keeping spare parts available.

References and Case Studies

A3.2.3 (If A3.2 is yes) Is it able to support various communication protocols?

Background

There are various options of communication and network protocols used by different systems, such as multi-protocol label switching (MLPS), Internet protocol (IP), virtual private network (VPN), and secure hypertext transfer protocol (HTTPS). The network infrastructure for paperless environment should support those various communication protocols to enable connectivity and interoperability between heterogeneous platforms.

Expected Answers
  • Yes - The network infrastructure can support various communication protocols.
  • Partially Yes - The network infrastructure can support only some communication protocols.
  • No - The network infrastructure cannot support only one or two communication protocols.
Good Practices

In order to streamlining international trade supply chain operations among different stakeholders, the paperless trade systems need the capability to connect and interoperate with diverse ICT platforms of public and private stakeholders. Therefore, the network infrastructure and associated equipment must support multiple communication protocols in order to accommodate some specific protocols already used by the existing stakeholders' ICT platforms.

The multiple communication protocols should also cover several abstraction layers (e.g. transport layer or presentation layer). At least, international well-known and open protocols based upon the needs and requirements of the relevant agencies are normally included, for example, TCP/IP, HTTP, FTP, SSL, ebXML Messaging Services, SOAP, JSON, etc.

References and Case Studies

A3.2.4 (If A3.2 is yes) Is it able to provide secure information exchanges that ensure confidentiality and data integrity?

Background

When a document or information is exchanged between users using electronic systems, or between any two electronic systems, the system must ensure confidentiality (i.e. the information is private only for two parties of communications) and data integrity (i.e. the accuracy and consistency of data is maintained and assured over its entire life cycle).

Good Practices

Confidentiality and data integrity of the electronic information exchange between and among public and private stakeholders are very crucial for reliable and trust-worthy cross-border trade transactions.

The ICT infrastructure of the paperless trade system must ensure the confidentiality or privacy of data exchange only with the two intended parties. The communication infrastructure must also have the ability to ensure the exchanged data will not be tampered or un-intendedly changed during the communication.

It is also expected that the network be robust enough to safeguard from hacking.

Several measures to ensure secure information change normally include:

  • Dedicated network infrastructure separating from the open-public network for some sensitive connectivity, e.g. government-to-government network connection.
  • Virtual Private Networks, or other software measures to ensure security of communication channels for information exchange.
  • Using encryption protocols, e.g. SSL, and also special hardwares and specific software to keep users' digital identities, to provide additional encryptions and authentication services.
  • The ICT infrastructure should be designed with the defense-in-depth strategy, e.g. multiple ring-based zoning design, to increase the security level of the system.
References and Case Studies

A3.2.5 (If A3.2 is yes) Is it designed to take into account future requirements such as device and technology upgrades?

Background

The current ICT infrastructure must be designed by talking into account future requirements such as mobile devices and technology upgrades as much as possible.

Expected Answers
  • Yes - The ICT infrastructure especially its network equipment is designed with the ability of future device and technology upgrades and extension.
  • No - The ICT infrastructure especially its network equipment is not designed with the ability of future device and technology upgrades.
Good Practices

The ICT infrastructure including its servers and supporting network equipment is normally designed with the possible future device and technology upgrades to a certain point. Scalability should be the property of the system to handle a growing amount of work by adding resources to the system. The potential of future expansion that should be considered, for example, increased number of users of the systems, increased number of ICT nodes of connectivity, future requirements of higher performances and throughput of electronic services.

It is also suggested that the network and equipment be free from vendor locking.

References and Case Studies

 

A3.3 If a single window system has been implemented,

Background

A single window (SW) system is generally defined as “a facility that allows parties involved in trade and transport to lodge standardized information and documents with a single-entry point to fulfill all import, export, and transit-related regulatory requirements. If information is electronic, then individual data elements should only be submitted once.” The World Trade Organization (WTO) Trade Facilitation Agreement, which entered into force in February 2017, has dedicated provisions on single window. This digital trade facilitation measure aims at reducing the regulatory burden for traders when completing import, export and transit-related procedures. It has emerged more than a decade ago and has become a core component of trade facilitation reforms. A single window system is considered as an important component of Cross border paperless trade initiative.

Expected Answers
  • Yes - A single window system has been implemented to electronically connect eCustoms of Customs Authority, and e-Licenses, eCertificates and ePermit services of other regulatory agencies together. This SW enables cross-border traders to electronically submit regulatory documents at a single facility. Such documents are typically customs declarations, applications for import/export permits, and other supporting documents such as certificates of origin and trading invoices.
  • Partially Yes - A single window system has been partially implemented to electronically. It connects only to some relevant government agencies, e.g. with e-Customs of Customs Authority, and some other regulatory agencies.
  • No - A Single Window system has not been implemented to electronically connect e-Customs, e-Licenses, e-Certificates or e-Permits services.
Good Practices

The main value proposition for having a single window for a country is to increase the efficiency through time and cost savings for traders in their dealings electronically instead of physically with government authorities for obtaining the relevant clearance and permit(s) for moving cargoes across national borders.

The single window facility aims to deliver specific benefits to the main communities and stakeholders in cross-border trade, e.g. government (customs, permit-issuing agencies, Ministries and other trade monitoring bodies), shipping and forwarding community, shippers and traders, banking and insurance community.

In a cross-border environment, SW can facilitate single point authenticated data sharing with counterparts in other jurisdictions in trusted environment.

References and Case Studies

 

A3.4 Does your country have a strategic plan to address ICT infrastructure issues for paperless trade?

Background

A country should put in place a strategic plan to address information and communication technology (ICT) infrastructure issues to support paperless trade.

Good Practices

The lack of an ICT infrastructure policy and strategic plan at the national level has caused the country to suffer huge financial and opportunity losses. This is due to haphazard planning of ICT systems resulting in poorly designed and implemented ICT systems that hardly meet the need and requirements of government, business and citizens. A number of countries have geared their national ICT policies towards accelerated national development by incorporating their national ICT policies into the national development plan.

Trade facilitation is commonly considered as a key contributor to sustainable development. The simplification and automation of trade facilitation could further assist traders, logistics-related service providers and regulatory agencies with paperless trade systems. Therefore, the strategic ICT infrastructure development at the national level should incorporate the paperless trade requirements of network connectivity among trading partners all over the country, especially in the remote customs posts and areas.

National paperless trade systems, along with other economic development engines and supporting electronic platforms, need high-speed always-on access to services, applications and content, depends on ubiquitous, affordable, modern, and resilient ICT infrastructure.

References and Case Studies

 

A3.5 Disaster recovery

A3.5.1 Is there a policy for the establishment of a disaster recovery plan at the agency level?

Background

A disaster recovery plan (DRP) of any electronic systems, including for example a data center that houses ICT infrastructure and paperless trade systems, is a business plan that describes how work can be resumed quickly and effectively after a disaster. When the paperless trade systems are in operations, a DPR is essential to ensure that the effects of operating disruptions are properly mitigated. A policy for a disaster recovery plan must be established at the agency level for its electronic system.

Expected Answers
  • Yes - There is a disaster recovery plan for all ICT systems supporting paperless trade at the agency level, e.g. at the Customs Authority, and at other regulatory agencies.
  • Partially Yes - There is a disaster recovery plan for some ICT systems supporting paperless trade at the agency level.
  • No - There is no policy and no mitigation plan for disaster recovery at the agency level.
Good Practices

Disaster recovery focuses on the ICT or electronic systems supporting critical business functions of the organization, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events. Disaster recovery can therefore be considered as a subset of business continuity.

Disaster Recovery involves a set of policies, tools and procedures to enable the recovery or continuation of the vital ICT infrastructure and systems following a natural or human-induced disaster. The tools and procedures include, for example, routine backups, having spare parts and redundancies, and also having a disaster recovery data center at a different seismic zone along with a primary data center.

References and Case Studies

A3.5.1.1 Please indicate level of implementation for the disaster recovery plan (please specify % of agencies).

Background

It is important that a disaster recovery plan established at the agency level has been tested and practices to ensure successful recovery when really facing the actual disaster.

Expected Answers
  • Yes - all agencies having trade-related electronic systems have established and implemented the agencies' disaster recovery plan, e.g. developing and testing/practicing the DRP of each individual agency.
  • Partially Yes - Some agencies have implemented, conducted and tested their own DRP, but some agencies have not so yet.
    • Description expected - please specify % of agencies which have implemented and tested their DRPs.
  • No - No agency has implemented nor tested its own DRP yet.
Good Practices

Disaster recovery policies, procedures and plans must be carried out routinely, e.g. backups. It is important to test and practice those disaster recovery plans at specified frequencies, e.g. testing/practicing shutting down the primary data center (PDC) and operating on the disaster recovery center (DRC), and then switching back to PDC. This is to ensure that the system could be recovered successfully whenever any actual disaster occurs.

References and Case Studies
  • ISO 22301:2012 Societal security - Business continuity management systems - Requirements.

  • ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity.

A3.5.2 Is there a policy for the establishment of a disaster recovery plan at the national level?

Background

A national policy must be put in place for the establishment of a disaster recovery plan for any critical electronic systems in the country. It is essential to ensure the effects of operating disruptions on any of those electronic systems are properly mitigated.

Expected Answers
  • Yes - There is an established disaster recovery plan at the national level for coordinating among different government and business stakeholders of the national paperless trade platform.
  • No - There is no disaster recovery plan for the paperless trade system at the national level.
Good Practices

A disaster recovery plan (DRP) for the paperless trade systems of a country is a business plan that describes how work can be resumed quickly and effectively after a disaster.

Disaster recovery policies, procedures and plans at the national level should be established. Normal steps for building disaster recovery plan include: perform a risk assessment, define criticality of applications and data, define recovery objectives, evaluate and update your plan, determine the right tools and techniques, get stakeholder buy-in, document and communicate the plan, test and practice the DR plan, and evaluate and update the plan regularly.

References and Case Studies

A3.5.2.1 Please indicate whether the disaster recovery plan is implemented at the national level.

Background

It is important that a disaster recovery plan established at the national level has been tested and practices to ensure successful recovery when really facing the actual disaster.

Good Practices

Disaster recovery policies, procedures and plans established at the national level must be the mandate for all government agencies having critical electronic systems. Those agencies should conduct testing and practicing of these disaster recovery plans in a regular basis.

References and Case Studies
  • ISO 22301:2012 Societal security - Business continuity management systems - Requirements.

  • ISO IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity.

 

A3.6 Does your country have a business continuity plan for paperless trade systems?

Background

Business continuity planning (BCP) is the process of creating systems of prevention and recovery to deal with potential threats to the normal operations. In addition to prevention, the goal is to enable ongoing operations of government and business users before and during execution of disaster recovery. The country should establish a business continuity plan for paperless trade systems since the systems are very important for the continuity of operations of traders and controlling agencies.

Good Practices

A Business Continuity Plan outlines a range of disaster scenarios and the steps the government and business stakeholders will take in any particular scenario to return to regular trade and regulatory operations. BCP's are written ahead of time and can also include precautions to be put in place. Usually created with the input of key staff as well as stakeholders, a BCP is a set of contingencies to minimize potential harm to businesses during adverse scenarios.

Business continuity is the intended goal of proper execution of Business continuity planning and Disaster recovery before and during the real disaster incidents, therefore it is very important that the BCP plan should be tested and practiced before the real incidents’ occurrence.

References and Case Studies

A3.6.1 (If A3.6 is yes) Is it regularly tested at defined frequency?

Expected Answers
  • Yes - The business continuity plan for paperless trade systems has been established, and regularly tested and practiced.
  • No - The business continuity plan has been established but never been nor regularly tested.

 

Glossary
  1. Paperless trade refers to the digitization of these information flows, including making available and enabling the exchange of trade-related data and documents electronically. Less formally, one can think of this as cross-border trade transactions using electronic data in lieu of paper-based documents. More...

  2. “Interoperability” means the ability of two or more systems or components to exchange information and to use the information that has been exchanged. Framework Agreement on Facilitating of Cross-Border Paperless Trade in Asia and the Pacific (Article 3: Definitions).

  3. Heterogeneous platforms refer to a distributed computing system(s) which contains many different kinds of hardware and soft-ware working together in cooperative fashion. More...

  4. “A virtual private network (VPN)” extends a private net-work across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

    Reference: ISO/IEC 18028-5:2006 - Information technology — Security techniques — IT network security — Part 5: Securing communications across networks using virtual private networks.

  5. “Hypertext transfer protocol secure (HTTPS)” is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet.

    In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS,[3] or HTTP over SSL. More...

  6. Electronic Customs System (e-Customs)” is an automated Customs administration system with several electronic supporting functions to efficiently facilitate and effectively regulate Customs-related procedures.

    More specifically, key functions of the e-Customs system include: electronic lodgement of Customs declarations using online connections, the use of risk management software application to reduce Customs clearance times and less physical examination of shipments, the automated calculation and e-payment to facilitate collection of duties and taxes, and services to ensure the uniform application of laws and regulations. More...

  7. An Electronic Port System (e-Port), or a Port Community System (PCS)” is a neutral and open electronic platform enabling intelligent and secure exchange of information between public and private stakeholders in order to improve the competitive position of the sea and air ports’ communities.

    ePort optimises, manages and automates port and logistics processes through a single submission of data and connecting transport and logistics chains.

    e-Port handles electronic communication in ports between the private transport operators (shipping lines, agents, freight forwarders, stevedores, terminals, depots), the private hinterland (pre- and on-carriage by road, rail and inland waterways), the importers and exporters, the port authorities, Customs and other authorities. More...

  8. An Electronic License System (e-Licenses)” is a government department’s software application for issuing import or export related licenses. Some of its key features and automation include electronic lodgment of applications, validation of submitted data, approval and licenses issuing services. More...

  9. “An Electronic Certificate System (e-Certificates)” for exports is a government department’s software application for issuing export certificates, e.g. certificate of origin (CO), phytosanitary and sanitary of certificates. Some of its key features and automation include electronic lodgment of applications, validation of submitted data, approval and certificate issuing services.

    Some certain certificates need physical or laboratory testing processes prior to issuing the certificates. The e-Certificate System could electronic services to support the physical coordination and laboratory testing reports in conjunctions with other certificate issuing functions. More...

    “An Electronic Certificate System (e-Certificates)” for imports is an electronic system that enables an authority in the country of import to receive overseas government certificates in a digital format. This includes, for example, phytosanitary and sanitary certificates for food and agricultural imports. More...

  10. An Electronic Permit System (e-Permits)” is a system that improves and automates all business processes related to import/export permit issuance, exchange, control and reporting. More...