Glossary of Terms (GLT)

Size: px
Start display at page:

Download "Glossary of Terms (GLT)"

Transcription

1 OWNER: DG TAXUD ISSUE DATE: 28/03/2011 VERSION: 2.04 COMPUTERISATION PROJECT SYSTEM SPECIFICATIONS (ESS), COMMUNICATION AND INFORMATION PROGRAMME SUBJECT: Glossary of Terms (GLT) ECP1-ESS-GLT

2 [Blank for duplex printing]

3 TABLE OF CONTENTS Document History Edi. Rev. Date Description Action (*) Sections /08/2004 Creation. I All /08/2004 Updated after internal review. U All /08/2004 Updated after internal review. U /09/2004 Updated after feedback DG TAXUD. U 1, 2.1, 3.2, 4, 5 I /09/2004 Updated after SEVE quality review, SfR. U All /10/2004 Updated after review meeting at DG TAXUD. U /10/2004 Translated in FR and DE. U 1.2, 1.3, 4, /10/2004 Updated after SEVE quality review, SfA. U All /11/2004 Updated according to DG TAXUD comments, SfA (2) /05/2010 Updated according to latest reference documents and regulations. Submit for Internal QC U 3.2, 4, 5 U All D /06/2010 Implementing internal review comments. Submit for Review /07/2010 Updated according to DG TAXUD comments, SfA. R U All All /07/2010 Updated after verification by DG TAXUD, re-sfa. U 3.2, 4, /09/2010 Updated by DG TAXUD. U 4, 5 ECP1-ESS-GLT-2 04 Page iii of 70

4 TABLE OF CONTENTS /03/2011 Implementing DE and AT comments. Submit for Review /03/2011 Updated according to DG TAXUD comments, SfA. U 3.2, 4, 5 U 5 (*) Action: I = Insert, R = Replace, U = Update, D = Delete ECP1-ESS-GLT-2 04 Page iv of 70

5 TABLE OF CONTENTS Table of Contents 1. Management Summary English Deutsch Français Introduction Intended Readership Purpose of the Document Changes to this Document References Definition of Terms used in the Computerisation Project Typology of Contexts Definitions Administrative Reference Code (ARC) Acceptance Test Application Architecture Overview Asset Audit Trail Authentication Authorisation Authorised Warehousekeeper Availability Business Area Business Process Business Process Model Business Rule Central Help Desk (CHD) Central Project Team (CPT) Central Service Desk (CSD) Central Services/Management Information System (CS/MIS) Central Services/Reference Data (CS/RD) Centrally Developed Application (CDEA) Change of destination Committee on Excise Duty Combined Nomenclature Code (CN Code) 19 ECP1-ESS-GLT-2 04 Page v of 70

6 TABLE OF CONTENTS Common Communications Network/Common Systems Interface (CCN/CSI) Common Domain (CD) Confidentiality Conformance Testing (CT) Conformance Testing Organisation Document (CTOD) Conformance Testing Protocol (CTP) Customs Office List (COL) Design Document for National Excise Application (DDNEA) Direct Delivery Duty Suspension Arrangement Economic Operator (EcOp) EDI EDIFACT Electronic Administrative Document (e-ad) Electronic Credentials Elementary Business Process (EBP) Computerisation Project (ECP) Encryption End-User Escalation Excise Application Computerisation Working Party (ECWP) Excise Contact Group (ECG) Excise Duty Excise Liaison Office (ELO) Excise Movement and Control System () Exempted Consignee External Domain (ED) Fallback and Recovery Specifications (FRS) Follow-up Trail Functional Excise System Specification (FESS) Functional Message Structure Gateway Guarantor Integrity Integrity Check Journey Time Local Reference Number (LRN) Member State Administration (MSA) Member State of Destination Member State of Dispatch Movement Guarantee National Help Desk (NHD) National Domain (ND) National Excise Application (NEA) National Service Desk (NSD) 28 ECP1-ESS-GLT-2 04 Page vi of 70

7 TABLE OF CONTENTS Nationally Developed Application (NDEA) Network and Gateway Infrastructure Phase and Scope Specifications (PSS) Pre-Conformance Testing (Pre-CT) Process Flow Diagram Process Thread Quality Assurance Quality Control Reference Data Registered Consignee Registered Consignor Report of Receipt Security Excise System Specifications (SESS) Security Measures Security Policy Document (SEP) Security Requirements Security Risk Security Risk Assessment Service Level Agreement (SLA) Splitting State Transition Diagram (STD) Stress Test Tax Warehouse Technical Excise System Specifications (TESS) Temporary Registered Consignee Terms of Collaboration (TOC) Test Application Test Campaign Test Case Test Log Test Plan Test Scenario Test Scripts Test Specification Test Summary Report (TSR) Time Sequence Diagram (TSD) Threat Token Trans-European System (TES) Transporter Use Case Vulnerability 36 ECP1-ESS-GLT-2 04 Page vii of 70

8 TABLE OF CONTENTS 4. English - German - French Glossary of Terms English - German - French Glossary of Acronyms 54 ECP1-ESS-GLT-2 04 Page viii of 70

9 MANAGEMENT SUMMARY 1. Management Summary 1.1. English Goal This document provides a Glossary of Terms for the Computerisation Project aiming at: Ensuring a common understanding of project reports, which may use terms that might assume a different meaning in relation to the reading countries; Enabling new readers of project documentation to understand the terminology used; Defining the meanings of expressions that are used repeatedly, so that even knowledgeable readers can achieve a common understanding of the sense in which the terminology is used; Providing an aid to translators and interpreters; Not including terms and definitions of the Rollout Strategy. These terms are part of the PSS and Migration Plan. This document focuses on business and technical terminology. Document Summary The structure reflects the above objectives. Section 2... Is an introduction to the present document in terms of intended readership, purpose and change management; Section 3... Contains the definitions of some of the acronyms, abbreviations and technical terminology, which originate from both the user and IT environments; Section 4... Is an English / German / French glossary of terms, which is intended to ensure accurate and consistent translations; Section 5... Is an English / German / French glossary of all acronyms encountered in the project documentation; ECP1-ESS-GLT-2 04 Page 9 of 70

10 MANAGEMENT SUMMARY 1.2. Deutsch Zielsetzung Dieses Dokument enthält ein Terminologieglossar für das -DV-Projekt, mit dem folgende Zielsetzungen verfolgt werden: Es soll ein einheitliches Verständnis der Projektberichte gewährleisten, in denen möglicherweise Begriffe verwendet werden, die in den verschiedenen Ländern, in denen die Berichte gelesen werden, eine unterschiedliche Bedeutung haben können. Neue Leser der Projektdokumentation sollen in die Lage versetzt werden, die verwendete Terminologie zu verstehen. Die Bedeutung wiederholt verwendeter Ausdrücke soll definiert werden, damit auch sachkundige Leser ein einheitliches Verständnis des Sinnes, in dem die Terminologie verwendet wird, erreichen können. Das Glossar soll Übersetzern und Dolmetschern eine Hilfe sein. Enthält keine Begriffe und Definitionen des Rollout-Strategie. Diese Begriffe sind Teil der PSS und Migration Plan. Dieses Dokument konzentriert sich auf die geschäftliche und technische Terminologie. Zusammenfassung des Dokuments Die Struktur spiegelt die vorstehend aufgeführten Zielsetzungen wider. Abschnitt 2... Stellt eine Einführung in dieses Dokument dar, der die angestrebte Leserschaft, die Zielsetzung des Dokuments und die Verwaltung von Änderungen zu entnehmen sind. Abschnitt 3... Enthält die Definitionen einiger Akronyme, Abkürzungen und Fachausdrücke, die sowohl vom Anwender als auch von den IT-Umgebungen stammen. Abschnitt 4... Ist ein Englisch / Deutsches / Französisch Terminologieglossar, das genaue und einheitliche Übersetzungen gewährleisten soll. Abschnitt 5... Ist ein Englisch / Deutsches / Französisch Glossar aller Akronyme, die in der Projektdokumentation zu finden sind. ECP1-ESS-GLT-2 04 Page 10 of 70

11 MANAGEMENT SUMMARY 1.3. Français Objectif Ce document fournit un glossaire terminologique pour le projet d informatisation visant à : Assurer une compréhension commune des rapports du projet dans lesquels peuvent figurer des termes qui pourraient supposer une signification différente en fonction des pays qui lisent les rapports; Permettre aux nouveaux lecteurs de la documentation du projet de comprendre la terminologie utilisée; Définir la signification d expressions qui sont utilisées de manière répétitive, de sorte que même des lecteurs cultivés/avisés puisse acquérir une compréhension commune du sens dans lequel la terminologie est utilisée; Fournir une aide aux traducteurs et interprètes ; Pas comprendre les termes et définitions de la stratégie de déploiement. Ces termes font partie du PSS et de Plan de Migration. Ce document se concentre sur les entreprises et la terminologie technique. Résumé du document La structure du document reflète les objectifs cités plus haut. Section 2... Est une introduction au présent document dans laquelle sont spécifiés les lecteurs visés, l objectif du document et la gestion des changements Section 3... Contient les définitions de certains acronymes, abréviations et termes techniques qui proviennent de l utilisateur ainsi que des environnements IT Section 4... Est un glossaire terminologique anglais / allemand / français qui a pour but de garantir des traductions précises et cohérentes Section 5... Est un glossaire anglais / allemand / français de tous les acronymes rencontrés dans la documentation du projet. ECP1-ESS-GLT-2 04 Page 11 of 70

12 INTRODUCTION 2. Introduction 2.1. Intended Readership The intended readership for this document includes: Any person responsible for the functional and technical specification or implementation of the ; Any person responsible for the definition of tests for ; Any other authorized body concerned with the including: Committee on Excise Duties, Computerisation Working Party (ECWP), Computerisation Project (ECP) steering committee, external contractors, professional organisations of economic operators Purpose of the Document This document has been compiled for four main purposes: To ensure a common understanding of project reports, which may use terms that might assume a different meaning in relation to the reading countries; To enable new readers of project documentation to understand the terminology used; To define the meanings of expressions that are used repeatedly, so that even knowledgeable readers can achieve a common understanding of the sense in which the terminology is used; To provide an aid to translators and interpreters Changes to this Document According to the TEMPO methodology [R1], the elaboration of the Glossary of Terms is an on-going process during the project lifecycle resulting in frequent reviews. During this process, changes to the present document shall follow the Change Management Procedures described in [R2]. ECP1-ESS-GLT-2 04 Page 12 of 70

13 INTRODUCTION 2.4. References Ref. Identifier Title Version Issued/Ap proved by MSAs [R1] [R2] ITS-ITOC-001- Excise DG TAXUD TEMPO Quality Methodology Terms of Collaboration between the Central Project and the National Projects [R3] 2008/118/EC COUNCIL DIRECTIVE 2008/118/EC of 16 December 2008 on the general arrangements for products subject to excise duty and repealing Directive 92/12/EEC RELEASE MAR /07/ /01/ /01/2009 erv.do?uri=oj:l:2009:009:0012:00 30:EN:PDF [R4] 1152/2003/EC DECISION n 1152/2003/EC of the EUROPEAN PARLIAMENT and of the COUNCIL of 16 June 2003 of computerising the movement and surveillance of excisable products. erv.do?uri=oj:l:2003:162:0005:00 08:EN:PDF [R5] ECP1-ESS-FESS Computerisation Project - Functional Excise System Specifications (FESS) 16/06/ /08/2010 [R6] ECP1-ESS-PSS Phasing and Scope Specification /06/2010 [R7] EXC-IPLN-MAP- CED563rev4 Master plan /06/2010 [R9] ECP1-ESS-SEP Security Policy /12/2009 [R10] EXC-ISLA-COS-001 Excise System SLA between DG TAXUD and Member States Service Level Agreement [R11] ECP1-ESS-SESS Security Excise System Specifications [R12] ECP1-ESS-TESS Technical Excise System Specifications /01/ /12/ /01/2007 [R13] ECP2-DEV- Migration Plan for Phase /04/2007 ECP1-ESS-GLT-2 04 Page 13 of 70

14 INTRODUCTION Ref. Identifier Title Version Issued/Ap proved by MSAs [R14] [R15] [R16] [R17] [R19] [R20] [R21] [R20] [R21] SC01-MP ECP2-DEV- SC02-SD ECP2-FITSDEV2- DDNEA ECP2-FITSDEV2- SC03-CTP SED-IRPT-CTD-019- CTO ECP3-DEV- SC02-SD ECP3-FITSDEV2- SC03-DDNEA_P3 ECP3-DEV- SC03-CTP CSMIS_-UMN- User Manual 2009/684/EC Scope Document for Phase /04/2008 DDNEA for Phase /08/2009 Conformance Test Protocol for Phase 2 Phase 2 Conformance Test Organisation Document Scope Document for Phase /02/ /08/ /02/2009 DDNEA for Phase /08/2010 Conformance Test Protocol for Phase /01/2009 CS/MIS for User Manual /02/2010 COMMISSION REGULATION (EC) No 684/2009 of 24 July 2009 Implementing Council Directive 2008/118/EC as regards the computerised procedures for the movement of excise goods under suspension of excise duty iserv.do?uri=oj:l:2009:197:00 24:0064:EN:PDF Table 1: Reference Documents. 29/07/2009 ECP1-ESS-GLT-2 04 Page 14 of 70

15 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT 3. Definition of Terms used in the Computerisation Project 3.1. Typology of Contexts Figure 1 presents the typology of applicable contexts that is followed by the definitions listed in section 3.2. The background principle is that a definition applicable to a specific item is also applicable to its sub-items (if any). As an example, a definition applicable to the "General IT" context is also applicable to "IT Design", "IT Development", and "IT Support and Maintenance" contexts. Therefore, a definition applicable to the "General" context is applicable to all contexts of the proposed typology. Figure 1: Typology of Contexts. ECP1-ESS-GLT-2 04 Page 15 of 70

16 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT 3.2. Definitions Administrative Reference Code (ARC) Is the unique identifier of an electronic Administrative Document assigned by the competent authorities of the Member State of dispatch. The ARC of an electronic AAD (e-ad) always begins with the last two digits of the year of formal acceptance of the movement Acceptance Test A series of tests applied by the users of a new (or newly modified) computer application before the users accept that it meets their requirements. General IT Application Architecture Overview Application architecture overview is a high level description of the characteristics of the application systems that will be built to satisfy business requirements. General IT Asset An asset is a component or part of a total system to which the organisation directly assigns a value and therefore, requires protection. Assets encompass all of those items that contribute to the provision of information that an organisation requires in conducting its business. General Audit Trail A record of events, such as system access, network load, unsuccessful log-on attempts, and so on, that might have some relevance when investigating a security breach. Security Authentication Authentication defines the level of trust or trustworthiness of the parties involved in a transaction - it is the process of establishing the validity of a claimed identity. Security ECP1-ESS-GLT-2 04 Page 16 of 70

17 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT Authorisation In the security context, authorisation focuses on the actions permitted for an identity after authentication has taken place. Decisions concerning authorisation are and should remain the purview of the business process owner. Security Authorised Warehousekeeper A natural or legal person authorised by the competent authorities of a Member State, in the course of his business, to produce, process, hold, receive or dispatch excise goods under a duty suspension arrangement in a tax warehouse Availability Ability of a component or service to perform its required function at a stated instant or over a stated period of time. It is usually expressed as the availability ratio (%), i.e. the proportion of time that the service is actually available for use by the Customers within the agreed service hours Business Area A business area represents a subset of the business singled out for development or change activity. It is defined in terms of processes (group of activities), IT functions and organisations. Excise business is decomposed into several business areas including: Core business; Management of SEED and reference data; Follow-up and collaboration; System administration Business Process At its most generic, any set of activities performed by a business that is initiated by an event, transforms information, materials or business commitments, and produces an output. Value chains and large-scale business processes produce outputs that are valued by end-users (e.g. Economic Operator, MSA officers). Some other processes generate outputs that are valued by other processes. General IT Security General IT Business Process Model The business process model provides a breakdown (process decomposition) of all levels of business processes within the scope of General IT ECP1-ESS-GLT-2 04 Page 17 of 70

18 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT a business area. It also shows process dynamics, lower-level process interrelationships, etc. In summary it includes all diagrams related to a process definition that allows for understanding what the business process is doing (and not how it is doing it) Business Rule A Business Rule is a condition under which data items are created, related, and maintained Central Help Desk (CHD) The Central Help Desk (CHD) is a function of the Central Service Desk. The CHD provides a single point of contact for every National Help Desk (NHD). Issues are documented and resolved by CHD staff, referring to other project parties if necessary. General IT Central Project Team (CPT) The team, led by DG TAXUD, working together on the realisation of the central project, and taking overall responsibility for the Computerisation Project Central Service Desk (CSD) The Central Service Desk provides a single point of contact for NSDs. Incidents, Problems or Requests are documented, resolved or dispatched by CSD staff, referring to the level of support (first/second/third level support) needed Central Services/Management Information System (CS/MIS) A central web-based application operated by the Central Service Desk, which aims at collecting and processing statistics files (produced by the CCN/CSI Technical Centre (CCN/TC)) related to exchange of messages over the CCN/CSI network. Also referred to as Central Services/Management Information System for (CS/MISE) Central Services/Reference Data (CS/RD) A central operations office in the Common Domain where all shared information, such as the Excise Office List, are produced or consolidated and that is responsible for the consistent distribution of ECP1-ESS-GLT-2 04 Page 18 of 70

19 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT that information. Member State Administrations are responsible for ensuring that the Excise Office List in the CS/RD database is regularly updated with current data Centrally Developed Application (CDEA) A set of applications developed in common under the control of DG TAXUD and covering: Test applications for the validation of the Nationally Developed Applications (NDEA); and The applications developed for the Central Services Change of destination An action where the contents of the Destination fields of an e-ad are updated following a change of place of delivery (Art. 21(8) of Directive 2008/118/EC). Change of destination may change the journey time Committee on Excise Duty The Commission shall be assisted by a committee referred to as the Committee on Excise Duty. The Committee on Excise Duty shall, examine the matters raised by its chairman, either on his own initiative or at the request of the representative of a Member State, concerning the application of Community provisions on excise duty. (Ref art. 43 of the Directive 2008/118/EC [R3]) Combined Nomenclature Code (CN Code) The Combined Nomenclature Code is a unique reference value that is put into correspondence with the Excise Code, when an excise movement is also bound to a customs movement (import, export, or placement under any other customs procedure) Common Communications Network/Common Systems Interface (CCN/CSI) The CCN (Common Communications Network) is a private, Pan- European telecommunications network procured by DG TAXUD. It interconnects the national Taxation and Customs administrations through General COM ECP1-ESS-GLT-2 04 Page 19 of 70

20 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT the means of communication platforms (called CCN Gateways) installed in the national administrations and offering both synchronous (request/response) and asynchronous (message queuing) services. The CSI (Common System Interface) is a set of Application Programme Interfaces (APIs) and protocols allowing access to the CCN; it takes care of the inter-operability between the national platforms running European applications (e.g. AFIS, NCTS) and the CCN Gateway. The two sets of components have been bundled together to form the CCN/CSI network Common Domain (CD) The part of the, which consists of the CCN/CSI common components and services (including the physical gateways, the software linking them to the private Pan-European IP network) and every component that is under the responsibility of DG TAXUD (e.g. CS/RD, CS/MIS, etc.) Confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. General COM General IT Security Conformance Testing (CT) A series of centrally run tests using a test application, which must be undergone by every National Excise Application before beginning operation (initial or live) in the Conformance Testing Organisation Document (CTOD) The procedural and the organisational manual that is used for Conformance Testing Conformance Testing Protocol (CTP) The documented procedures for performing CT, which comprises the Conformance Test Organisation Document and the database of test cases Customs Office List (COL) A list containing details of all the customs offices within the customs ECP1-ESS-GLT-2 04 Page 20 of 70

21 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT territory covered by the Common Transit Convention, which are authorised to deal with transit movements. (A distributed database containing these details is a key component of the NCTS). The COL also mentions the customs offices authorised to deal with importation and exportation Design Document for National Excise Application (DDNEA) This document specifies the design requirements to which any Nationally Developed Application (NDEA) and Centrally Developed Application (CDEA) needs to conform. The purpose of this document is two-fold: To state unambiguously what needs to be developed. This will be achieved by specifying the sequences of Information Exchanges to be supported as a number of message exchange protocols and the detailed structure and building rules of these Information Exchanges. To define how the Information Exchanges need to be performed. Basically, every Information Exchange needs to be formatted (or represented) in XML representation and this formatted message needs to be transported between Excise Applications Direct Delivery The Member State of Destination may, under the conditions which it lays down, allow excise goods to be moved under a duty suspension arrangement to a place of direct delivery situated on its territory, where that place has been designated by the authorised warehousekeeper in the Member State of Destination or by the registered consignee (Art. 17(2) of Directive 2008/118/EC). That Authorised Warehousekeeper or that Registered Consignee shall remain responsible for submitting the Report of Receipt Duty Suspension Arrangement A tax arrangement applied to the production, processing, holding or movement of excise goods not covered by a customs suspensive procedure or arrangement, excise duty being suspended (Art. 4(7) of Directive 2008/118/EC) Economic Operator (EcOp) Economic Operator (EcOp) is a generic term that includes all stakeholders of the external domain, i.e.: Authorised Warehousekeeper; ECP1-ESS-GLT-2 04 Page 21 of 70

22 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT Reference Data; Registered Consignee; Registered Consginor Temporary Registered Consignee; Trans-European System (TES); Transporter; Guarantor; Exempted Consignee EDI EDI (Electronic Data Interchange) means, the transmission of data structured according to agreed message standards, between one computer system and another, by electronic means. The term standard message means a predefined structure recognised for the electronic transmission of data EDIFACT EDIFACT (EDI for Administration, Commerce and Transport) is an international standard developed under the auspices of the United Nations, which defines syntax rules and standard messages for the operation of EDI in the Administration, Commerce and Transport areas Electronic Administrative Document (e-ad) The administrative document is defined in Article 21(2) of Directive 2008/118/EC and in Article 3(1) of Regulation (EC) 684/2009. In the context of, the AAD is embodied by the electronic AD (e-ad). General IT General IT Electronic Credentials Electronic Credentials bind an identity (and perhaps other attributes) to a token. Electronic credentials may be general-purpose credentials or targeted to a particular verifier. Some common types of credentials are: X.509 public key identity certificates bind an identity to a public key; X.509 attribute certificates that bind an identity or a public key with some attribute; Kerberos tickets that are encrypted messages binding the holder with some attribute or privilege; Trusted directory entries. Applicable Contexts Security ECP1-ESS-GLT-2 04 Page 22 of 70

23 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT Elementary Business Process (EBP) An elementary business process (EBP) represents the lowest level of process decomposition from a business perspective. An EBP may be manual, automated, or some combination of the two. An EBP is performed by one person or one process, at one location and one time. General IT Computerisation Project (ECP) The overall project launched to realise the Excise Movement Control System (). It consists of a Central Project co-ordinated closely with National Projects in all the MSA Encryption Encryption is the conversion of data into a form, called a ciphertext, which cannot be easily understood by unauthorized people. Security End-User A person who makes direct use of the application, e.g. Economic Operator or Excise Officer Escalation In a project, decisions are taken at the appropriate authorisation level. However, when a decision cannot be taken at a certain level (because the individuals at that level cannot reach a decision or do not have the mandate to take such decision), the task of taking this decision is brought (escalated) to the next / higher level Excise Application The totality of the applications, procedures etc. required for a Member State to implement (possibly in several steps) the functionality defined by the Functional Excise System Specifications. May include subsystems to manage excise movements, Guarantees, Excise Office List, etc Computerisation Working Party (ECWP) Working party set up by the Committee on Excise Duty to fulfil its duties in creating, setting up and running of. ECP1-ESS-GLT-2 04 Page 23 of 70

24 DEFINITION OF TERMS USED IN THE COMPUTERISATION PROJECT The ECWP is chaired by both R4 and C2 units of DG TAXUD and composed of the national IT representatives and national Excise experts of the Member States. It consists of a forum for discussion on the detailed business, IT and operational aspects of the ECP ( Computerisation Project) Excise Contact Group (ECG) Contact point with the European Federations of Economic Operators in the excise duties area. It consists in a working party as well as an information meeting Excise Duty Excise duty represents taxes on products, which are subject to the Community legislation in the field of excise (i.e. alcoholic products, energy products, and tobacco products). General Excise Liaison Office (ELO) The central liaison office designated by each MSA for contacts with other MSA in the field of administrative cooperation, management and surveillance of the procedures and systems for the movement of excisable products provided for Community legislation, etc Excise Movement and Control System () The decision n 1152/2003/EC of the European Parliament and of the Council of 16 June 2003 of computerising the movement and surveillance of excisable products [R4] provides the legal basis for the implementation of an Excise Movement and Control System (). The objectives of this system are both to eliminate the weaknesses of the current paperbased system (in the scope of the reduction of fraud) and to provide all partners with complementary services, in particular to bring real-time information during the excise movement to all actors of the project community Exempted Consignee A consignee that is authorised to receive excise goods under duty suspension arrangement and may enjoy exemption from payment of excise duties; it may be: ECP1-ESS-GLT-2 04 Page 24 of 70

SECTION II: EMCS COMMON DOMAIN ARCHITECTURE

SECTION II: EMCS COMMON DOMAIN ARCHITECTURE SECTION II: EMCS COMMON DOMAIN ARCHITECTURE ECP1-ESS-TESS-02-SECTION-II-EMCS-COMMON-DOMAIN-ARCHITECTURE-v3.00.doc Page 1 of 91 TABLE OF CONTENTS Table of Contents 1 Introduction... 9 1.1 Scope... 9 1.2

More information

SUBJECT: APPENDIX A2: MESSAGES PER BUSINESS DOMAIN DDNEA FOR EMCS PHASE 3 (ECP3-FITSDEV3-SC01-DDNEA_P3_APP_A2)

SUBJECT: APPENDIX A2: MESSAGES PER BUSINESS DOMAIN DDNEA FOR EMCS PHASE 3 (ECP3-FITSDEV3-SC01-DDNEA_P3_APP_A2) OWNER: DG TAXUD ISSUE DATE: 06/03/2015 VERSION: 1.76-EN TAXATION AND CUSTOMS UNION DG EMCS COMPUTERISATION PROJECT PHASE 3 SUBJECT: APPENDIX A2: MESSAGES PER BUSINESS DOMAIN () FRAMEWORK CONTRACT TAXUD/2013/CC/121

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

Code of Practice on Electronic Invoicing in the EU

Code of Practice on Electronic Invoicing in the EU CEN/WS einvoicing Phase 3 Date: 2011-11 CEN Workshop AgreementTC WI Secretariat: NEN Code of Practice on Electronic Invoicing in the EU Status: for public review (23 November 2011-23 January 2012) ICS:

More information

Message exchange with. Finnish Customs

Message exchange with. Finnish Customs Message exchange with Finnish Customs Introduction to message exchange with Finnish Customs Finnish Customs 3.6.2015 Message Exchange Support Contents Introduction... 3 1 Electronic services of Finnish

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

ANNEX II. Inventory of existing electronic systems/documents and initiatives on electronic exchange of information, under DG TAXUD s competence

ANNEX II. Inventory of existing electronic systems/documents and initiatives on electronic exchange of information, under DG TAXUD s competence 17-11-05 ANNEX II Inventory of existing electronic systems/documents and initiatives on electronic exchange of information, under DG TAXUD s competence Further information: Working Document TAXUD/472/2004/Rev.

More information

Directive 2001/16 - Interoperability of the trans- European conventional rail system

Directive 2001/16 - Interoperability of the trans- European conventional rail system 01/16-ST02 part 2 version EN07 TSI-TAF origin EN Status NA Directive 2001/16 - Interoperability of the trans- European conventional rail system Draft Technical Specification for Interoperability "Telematic

More information

This interpretation of the revised Annex

This interpretation of the revised Annex Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation

More information

Polish Financial Supervision Authority. Guidelines

Polish Financial Supervision Authority. Guidelines Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

EDI Agreement EDI AGREEMENT. Article 1: Object and scope. Article 2: Definitions

EDI Agreement EDI AGREEMENT. Article 1: Object and scope. Article 2: Definitions EDI AGREEMENT This Electronic Data Interchange (EDI) Agreement is concluded by and between: And hereinafter referred to as 'the parties', Article 1: Object and scope 1.1. The 'EDI Agreement', hereinafter

More information

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER

More information

Security Audit VIS Central System. Summary Report

Security Audit VIS Central System. Summary Report Security Audit VIS Central System Summary Report 1 June 2012 1 1. INTRODUCTION 1.1 Visa information system The Visa Information System (VIS) is a system for the exchange of data on short-stay visas among

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic

More information

SMDG-Interchange EDI - Understanding

SMDG-Interchange EDI - Understanding 1 SMDG-Interchange EDI - Understanding This draft is the result of work carried out by a SMDG-Subgroup. It was set up mainly on TEDIS drafts (May 1991/January 1994) but ideas and comments of EDI Council

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

STATUTORY INSTRUMENTS SUPPLEMENT No. 1 11th May, 2012.

STATUTORY INSTRUMENTS SUPPLEMENT No. 1 11th May, 2012. THE EAST AFRICAN COMMUNITY STATUTORY INSTRUMENTS SUPPLEMENT No. 1 11th May, 2012. to the East African Community Gazette No. 7 of 11th May, 2012. Printed by the Uganda Printing and Publishing Corporation,

More information

BUDGET HEADING 04.03.03.03 INFORMATION, CONSULTATION AND PARTICIPATION OF REPRESENTATIVES OF UNDERTAKINGS CALL FOR PROPOSALS

BUDGET HEADING 04.03.03.03 INFORMATION, CONSULTATION AND PARTICIPATION OF REPRESENTATIVES OF UNDERTAKINGS CALL FOR PROPOSALS EUROPEAN COMMISSION Employment, Social Affairs and Inclusion DG Employment and Social Legislation, Social Dialogue Labour Law BUDGET HEADING 04.03.03.03 INFORMATION, CONSULTATION AND PARTICIPATION OF REPRESENTATIVES

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof, 28.8.2014 Official Journal of the European Union L 257/73 REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Basic Rules of Issuing Invoices and Receipts 2014

Basic Rules of Issuing Invoices and Receipts 2014 Basic Rules of Issuing Invoices and Receipts 2014 Most requirements pertaining to invoicing are contained in Act CXXVII of 2007 on Value Added Tax (hereinafter: VAT Act) and the decrees issued on the basis

More information

FOR THE ICS/NCTS/ECS/AEO/EORI APPLICATIONS TO BE APPLIED AS FROM 1 JULY 2009

FOR THE ICS/NCTS/ECS/AEO/EORI APPLICATIONS TO BE APPLIED AS FROM 1 JULY 2009 EUROPEAN COMMISSION DIRECTORATE-GENERAL TAXATION AND CUSTOMS UNION Customs Policy Customs policy and Electronic customs Brussels, 13 May 2009 TAXUD/1609/2008 EN - FINAL Working Document ELECTRONIC CUSTOMS

More information

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL: Module Db Technical Solution Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL: Cost is reduced through greater economies of scale, removal of duplication

More information

Explanatory notes VAT invoicing rules

Explanatory notes VAT invoicing rules Explanatory notes VAT invoicing rules (Council Directive 2010/45/EU) Why explanatory notes? Explanatory notes aim at providing a better understanding of legislation adopted at EU level and in this case

More information

Administrer les solutions Citrix XenApp et XenDesktop 7.6 CXD-203

Administrer les solutions Citrix XenApp et XenDesktop 7.6 CXD-203 Administrer les solutions Citrix XenApp XenDesktop 7.6 CXD-203 MIEL Centre Agréé : N 11 91 03 54 591 Pour contacter le service formation : 01 60 19 16 27 Pour consulter le planning des formations : www.miel.fr/formation

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Regulations on Information Systems Security. I. General Provisions

Regulations on Information Systems Security. I. General Provisions Riga, 7 July 2015 Regulations No 112 (Meeting of the Board of the Financial and Capital Market Commission Min. No 25; paragraph 2) Regulations on Information Systems Security Issued in accordance with

More information

Summary Project Fiche

Summary Project Fiche Summary Project Fiche 1. Basic Information 1.1. Désirée Number: BG 0203.13 1.2. Title: Development and Implementation of VIES requirements and EU interoperability standards in the field of VAT within the

More information

RS Official Gazette, No 23/2013 and 113/2013

RS Official Gazette, No 23/2013 and 113/2013 RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005

More information

Electronic Documents Law

Electronic Documents Law Disclaimer: The English language text below is provided by the Translation and Terminology Centre for information only; it confers no rights and imposes no obligations separate from those conferred or

More information

SECTION III: EMCS CENTRAL SERVICES ARCHITECTURE

SECTION III: EMCS CENTRAL SERVICES ARCHITECTURE SECTION III: EMCS CENTRAL SERVICES ARCHITECTURE ECP1-ESS-TESS-03-SECTION-III-EMCS-CENTRAL-SERVICES-ARCHITECTURE-v3.00.doc Page 1 of 33 TABLE OF CONTENTS Table of Contents 1 Introduction... 4 1.1 Scope...

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

COMMISSION OF THE EUROPEAN COMMUNITIES

COMMISSION OF THE EUROPEAN COMMUNITIES EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 28.11.2008 COM(2008) 798 final COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE

More information

SECTION III: EMCS CENTRAL SERVICES ARCHITECTURE

SECTION III: EMCS CENTRAL SERVICES ARCHITECTURE SECTION III: EMCS CENTRAL SERVICES ARCHITECTURE ECP1-ESS-TESS-03-SECTION-III-EMCS-CENTRAL-SERVICES-ARCHITECTURE-v3.02.doc Page 1 of 32 TABLE OF CONTENTS Table of Contents 1 Introduction... 3 1.1 Scope...

More information

Certification Report

Certification Report Certification Report EAL 3+ Evaluation of RSA envision platform v4.0 SP 1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification

More information

Practical Overview on responsibilities of Data Protection Officers. Security measures

Practical Overview on responsibilities of Data Protection Officers. Security measures Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF THE ENTERPRISE DATA WAREHOUSE DEPARTMENT OF TECHNOLOGY, MANAGEMENT, AND BUDGET August 2014 Doug A. Ringler, C.P.A., C.I.A. AUDITOR

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

ETSI EN 319 401 V1.1.1 (2013-01)

ETSI EN 319 401 V1.1.1 (2013-01) EN 319 401 V1.1.1 (2013-01) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 EN 319 401 V1.1.1

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

TENDER SPECIFICATIONS

TENDER SPECIFICATIONS EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR EDUCATION AND CULTURE Youth and sport; Erasmus+ Traineeships Office INTERINSTITUTIONAL CALL FOR TENDERS OPEN PROCEDURE N EAC/05/2014 COLLECTIVE HEALTH INSURANCE

More information

Change Management Procedures Re: The Peoplesoft Application at Mona

Change Management Procedures Re: The Peoplesoft Application at Mona Change Management Procedures Re: The Peoplesoft Application at Mona (The original Peoplesoft document was modified to relate more closely to UWI Mona) See also.. MITS Project Management Methodology & MITS

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

INTERNATIONAL STANDARD

INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO/IEC 14662 First edition Information Technologies - Open-edi reference model Technologie de l'information - Modèle de référence EDI-ouvert Reference number Page 2 Contents Foreword...

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued

More information

PROJECT AUDIT METHODOLOGY

PROJECT AUDIT METHODOLOGY PROJECT AUDIT METHODOLOGY 1 "Your career as a project manager begins here!" Content Introduction... 3 1. Definition of the project audit... 3 2. Objectives of the project audit... 3 3. Benefit of the audit

More information

Software Test Plan (STP) Template

Software Test Plan (STP) Template (STP) Template Items that are intended to stay in as part of your document are in bold; explanatory comments are in italic text. Plain text is used where you might insert wording about your project. This

More information

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

C015 Certification Report

C015 Certification Report C015 Certification Report NexCode National Security Suite Release 3 File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please

More information

NATO GUIDANCE ON THE USE OF THE AQAP 2000 SERIES

NATO GUIDANCE ON THE USE OF THE AQAP 2000 SERIES NATO GUIDANCE ON THE USE OF THE AQAP 2000 SERIES (June 2003) I ORIGINAL Page blank II ORIGINAL NORTH ATLANTIC TREATY ORGANIZATION NATO STANDARDISATION AGENCY (NSA) NATO LETTER OF PROMULGATION June 2003

More information

Development, Acquisition, Implementation, and Maintenance of Application Systems

Development, Acquisition, Implementation, and Maintenance of Application Systems Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of

More information

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document

More information

Adopt the following: Section A

Adopt the following: Section A Grand-Ducal Regulation of 9 July 2013 determining the requirements for the professional qualification of Réviseur d Entreprises pursuant to the Law of 18 December 2009 on the audit profession We Henri,

More information

System Requirements Specification (SRS) (Subsystem and Version #)

System Requirements Specification (SRS) (Subsystem and Version #) of the (Subsystem and Version #) () (Document Revision Number) Contract (No.) Task (No.) GSA Contract (No.) Prepared for: The United States Department of Agriculture Food & Nutrition Service (FNS)/ Information

More information

Electronic Payment Schemes Guidelines

Electronic Payment Schemes Guidelines BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es

More information

Pursuant to Convention No. 108 of the Council of Europe for the protection of persons with regard to the automated processing of personal data;

Pursuant to Convention No. 108 of the Council of Europe for the protection of persons with regard to the automated processing of personal data; Decision No. 2011-316 dated 6 October 2011 adopting a standard for delivering privacy seals in audit procedures covering the protection of persons with regard to the processing of personal data The French

More information

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid. Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment

More information

Federal law on certification services in the area of the electronic signature

Federal law on certification services in the area of the electronic signature Law on the electronic signature 94.0 Notice This English translation has no official character. The only authentic texts are the German, French and Italian versions published in the Official Compendium

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60

COUNCIL OF THE EUROPEAN UNION. Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60 COUNCIL OF THE EUROPEAN UNION Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: COUNCIL DIRECTIVE amending Directive

More information

ExtremeWorks Remote Monitoring Service

ExtremeWorks Remote Monitoring Service SERVICE DESCRIPTION DOCUMENT (SDD) ExtremeWorks Remote Monitoring Service Service: ExtremeWorks Managed Service Remote Monitoring Service Version: 1.0 Date: November 2015 Availability: Global Order Code:

More information

Joint Interpretation Library

Joint Interpretation Library for smart cards and similar devices Document purpose: provide requirements to developers and guidance to evaluators to fulfill the Security Architecture requirements of CC V3 ADV_ARC family. Version 2.0

More information

1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed.

1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed. Service Definition Technical Security Review Overview of Service Considering the increasing importance of security, the number of organisations that allow for contingency in their Information Security

More information

COMMISSION REGULATION. of 5.5.2011

COMMISSION REGULATION. of 5.5.2011 EN EN EN EUROPEAN COMMISSION Brussels, 5.5.2011 C(2011) 2962 final COMMISSION REGULATION of 5.5.2011 on the technical specification for interoperability relating to the subsystem 'telematics applications

More information

DRAFT. Guidance for Member States and Programme Authorities Designation Procedure

DRAFT. Guidance for Member States and Programme Authorities Designation Procedure 23/05/2014 EUROPEAN COMMISSION EGESIF_14-0013 DRAFT European Structural and Investment Funds Guidance for Member States and Programme Authorities Designation Procedure (under Articles 123 and 124 of Regulation

More information

EU CUSTOMS BUSINESS PROCESS MODELLING POLICY

EU CUSTOMS BUSINESS PROCESS MODELLING POLICY EUROPEAN COMMISSION MASP Revision 2014 v1.1 ANNEX 4 DIRECTORATE-GENERAL TAXATION AND CUSTOMS UNION Customs Policy, Legislation, Tariff Customs Processes and Project Management Brussels, 03.11.2014 TAXUD.a3

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

An organization properly establishes and operates its control over risks regarding the information system to fulfill the following objectives:

An organization properly establishes and operates its control over risks regarding the information system to fulfill the following objectives: p. 1 System Management Standards Proposed on October 8, 2004 Preface Today, the information system of an organization works as an important infrastructure of the organization to implement its management

More information

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft- Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page

More information

Music Recording Studio Security Program Security Assessment Version 1.1

Music Recording Studio Security Program Security Assessment Version 1.1 Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND

More information

Information Security Guideline for NSW Government Part 1 Information Security Risk Management

Information Security Guideline for NSW Government Part 1 Information Security Risk Management Department of Commerce Guidelines Information Security Guideline for NSW Government Part 1 Information Security Risk Management Issue No: 3.2 First Published: Sept 1997 Current Version: Jun 2003 Table

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

GCP INSPECTORS WORKING GROUP REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS

GCP INSPECTORS WORKING GROUP <DRAFT> REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS European Medicines Agency London, 17 October 2007 Doc. Ref. EMEA/505620/2007 GCP INSPECTORS WORKING GROUP REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS

More information

Regulation on the implementation of the European Economic Area (EEA) Financial Mechanism 2009-2014

Regulation on the implementation of the European Economic Area (EEA) Financial Mechanism 2009-2014 the European Economic Area (EEA) Financial Mechanism 2009-2014 adopted by the EEA Financial Mechanism Committee pursuant to Article 8.8 of Protocol 38b to the EEA Agreement on 13 January 2011 and confirmed

More information

Information Technology Security Evaluation Criteria. ITSEC Joint Interpretation Library (ITSEC JIL)

Information Technology Security Evaluation Criteria. ITSEC Joint Interpretation Library (ITSEC JIL) S Information Technology Security Evaluation Criteria ITSEC Joint Interpretation Library (ITSEC JIL) Version 2.0 November 1998 This document is paginated from i to vi and from 1 to 65 ITSEC Joint Interpretation

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,

More information

Regulation on the implementation of the Norwegian Financial Mechanism 2009-2014

Regulation on the implementation of the Norwegian Financial Mechanism 2009-2014 Regulation on the implementation of the Norwegian Financial Mechanism 2009-2014 adopted by the Norwegian Ministry of Foreign Affairs pursuant to Article 8.8 of the Agreement between the Kingdom of Norway

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

COMMISSION DECISION of 16 August 2006 C( 2006 ) 3602. concerning the security of information systems used by the European Commission

COMMISSION DECISION of 16 August 2006 C( 2006 ) 3602. concerning the security of information systems used by the European Commission COMMISSION DECISION of 16 August 2006 C( 2006 ) 3602 concerning the security of information systems used by the European Commission THE COMMISSION OF THE EUROPEAN COMMUNITIES, Having regard to the Treaty

More information

Official Journal of the European Union

Official Journal of the European Union L 132/32 COMMISSION IMPLEMTING REGULATION (EU) No 447/2014 of 2 May 2014 on the specific rules for implementing Regulation (EU) No 231/2014 of the European Parliament and of the Council establishing an

More information

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL Public Health and Risk Assessment Pharmaceuticals Brussels, SANCO/C8/AM/sl/ares(2010)1064599 EudraLex The Rules Governing Medicinal Products

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Draft ETSI EN 319 401 V1.1.1 (2012-03)

Draft ETSI EN 319 401 V1.1.1 (2012-03) Draft EN 319 401 V1.1.1 (2012-03) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 Draft EN

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

COMMISSION REGULATION (EU)

COMMISSION REGULATION (EU) L 122/22 Official Journal of the European Union 11.5.2011 COMMISSION REGULATION (EU) No 445/2011 of 10 May 2011 on a system of certification of entities in charge of maintenance for freight wagons and

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information