IT Strategy (Draft)

Dashamir Hoxha

2010-12-17

Contents

1 Introduction 11.1 Why is Needed an IT Strategy . . . . . . . . . . . . . . . . . 11.2 The Structure of This Document . . . . . . . . . . . . . . . . 21.3 References Used . . . . . . . . . . . . . . . . . . . . . . . . . . 21.4 Acronyms and Abbreviations . . . . . . . . . . . . . . . . . . 2

2 Mission and Vision 42.1 IT Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.2 IT Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

3 Customs Blueprints � ICT 63.1 Aim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.2 Strategic objectives . . . . . . . . . . . . . . . . . . . . . . . . 73.3 Key Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.3.1 IT management policy . . . . . . . . . . . . . . . . . . 83.3.2 IT technical policy . . . . . . . . . . . . . . . . . . . . 93.3.3 IT application policy . . . . . . . . . . . . . . . . . . . 93.3.4 IT operational policy . . . . . . . . . . . . . . . . . . . 103.3.5 IT training . . . . . . . . . . . . . . . . . . . . . . . . 11

3.4 Future developments (electronic customs) important for can-didate countries . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3.5 Cross references . . . . . . . . . . . . . . . . . . . . . . . . . . 113.6 Other Blueprints Related to IT . . . . . . . . . . . . . . . . . 11

3.6.1 Trade Facilitation . . . . . . . . . . . . . . . . . . . . . 123.6.2 Cooperation . . . . . . . . . . . . . . . . . . . . . . . . 123.6.3 Revenue Collection . . . . . . . . . . . . . . . . . . . . 123.6.4 Risk Management . . . . . . . . . . . . . . . . . . . . 13

1

3.6.5 Border And Inland Control . . . . . . . . . . . . . . . 133.6.6 Post-Clearance And Audit . . . . . . . . . . . . . . . . 143.6.7 Investigation And Enforcement . . . . . . . . . . . . . 143.6.8 IPR . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143.6.9 Supply Chain Security . . . . . . . . . . . . . . . . . . 143.6.10 Infrastructure And Equipment . . . . . . . . . . . . . 153.6.11 Laboratory . . . . . . . . . . . . . . . . . . . . . . . . 15

4 EU Customs Systems 154.1 Customs Operational Systems . . . . . . . . . . . . . . . . . . 15

4.1.1 Automated Import System (AIS) . . . . . . . . . . . . 15Import Control System (ICS) � Safety and Security

Aspects . . . . . . . . . . . . . . . . . . . . . 16Automated Import System � Centralised Clearance

and Simpli�cations . . . . . . . . . . . . . . . 164.1.2 New Computerized Transit System (NCTS) . . . . . . 16

NCTS � Safety and Security Aspects (including ATIS) 17NCTS - TIR . . . . . . . . . . . . . . . . . . . . . . . 17NCTS � Enquiry/Recovery . . . . . . . . . . . . . . . 17

4.1.3 Automated Export System (AES) . . . . . . . . . . . 17Export Control System Phase 1 (ECS1) . . . . . . . . 18Export Control System Phase 2 (ECS2) . . . . . . . . 18Automated Export System � Centralised Clearance

and Simpli�cations . . . . . . . . . . . . . . . 184.2 Trade Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

4.2.1 EU Customs Information Portal (ECIP) . . . . . . . . 194.2.2 Data Dissemination System (DDS) . . . . . . . . . . . 194.2.3 Single Electronic Access Points (SEAP) . . . . . . . . 19

4.3 Customs Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 204.3.1 Customs Risk Management System (CRMS) . . . . . . 204.3.2 Integrated Tari� Environment (ITE) . . . . . . . . . . 21

TARIC 3 . . . . . . . . . . . . . . . . . . . . . . . . . 22ECICS 2 . . . . . . . . . . . . . . . . . . . . . . . . . . 22Quota 2 . . . . . . . . . . . . . . . . . . . . . . . . . . 22Surveillance 2 . . . . . . . . . . . . . . . . . . . . . . . 22EBTI 3 . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4.4 Economic Operators' Systems . . . . . . . . . . . . . . . . . . 234.4.1 Economic Operators' Registration and Identi�cation

System (EORI) . . . . . . . . . . . . . . . . . . . . . . 234.4.2 Authorized Economic Operator (AEO) . . . . . . . . . 23

2

AEO Phase 1 . . . . . . . . . . . . . . . . . . . . . . . 24AEO Full System . . . . . . . . . . . . . . . . . . . . . 24

4.4.3 Single Authorization for Simpli�ed Procedures (SASP) 244.4.4 Registered Exporters (REX) . . . . . . . . . . . . . . . 25

4.5 Longer Term Projects . . . . . . . . . . . . . . . . . . . . . . 264.5.1 Single Window (SW) . . . . . . . . . . . . . . . . . . . 26

4.6 Automated Information Exchange with 3rd Countries . . . . . 264.6.1 Single Portal for Entry or Exit of Data (SPEED) . . . 264.6.2 EU-Russia exchange of TIR movement data (Pilot project) 27

5 Requirements and Needs for Developments 275.1 Integrating With EU IT Systems . . . . . . . . . . . . . . . . 28

5.1.1 EMCS (Excise Movement and Control System) . . . . 295.1.2 NCTS (New Computerized Transit System) . . . . . . 295.1.3 EORI (Economic Operators Registration and Identi�-

cation) . . . . . . . . . . . . . . . . . . . . . . . . . . . 295.2 Interoperability on The National Level . . . . . . . . . . . . . 29

5.2.1 Integrated Border Management (IBM) . . . . . . . . . 305.2.2 Electronic data exchange with the banking system . . 305.2.3 Interagency data exchange (Single Window) . . . . . . 30

5.3 Other Needs for Tools and Software . . . . . . . . . . . . . . . 315.3.1 A Web CMS (Drupal) . . . . . . . . . . . . . . . . . . 315.3.2 A Tool for planning, tracking and reporting IT expen-

ditures . . . . . . . . . . . . . . . . . . . . . . . . . . . 315.3.3 Software for monitoring the functionality of the exist-

ing systems . . . . . . . . . . . . . . . . . . . . . . . . 315.3.4 Any tool/software for facilitating feedback from users . 325.3.5 HelpDesk system for reporting the problems. . . . . . 325.3.6 Knowledge Database . . . . . . . . . . . . . . . . . . . 325.3.7 Tools for internal communication and collaboration . . 325.3.8 Document Management System . . . . . . . . . . . . . 325.3.9 Business Intelligence Tool . . . . . . . . . . . . . . . . 325.3.10 Tools for Human Resource Management . . . . . . . . 335.3.11 Directory Server for Single Sign-on . . . . . . . . . . . 335.3.12 An Inventory/Asset Management System . . . . . . . 33

5.4 IT Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . 335.4.1 IT HR Policy . . . . . . . . . . . . . . . . . . . . . . . 335.4.2 IT Business Processes . . . . . . . . . . . . . . . . . . 345.4.3 System Security Policy . . . . . . . . . . . . . . . . . . 355.4.4 IT Budget and Procurement Policy . . . . . . . . . . . 35

3

5.4.5 IT Risk Management Strategy . . . . . . . . . . . . . 355.4.6 IT Training Requirements and Strategy . . . . . . . . 365.4.7 IT Documentation Standards and Procedures . . . . . 375.4.8 IT Telecommunications Policy . . . . . . . . . . . . . . 375.4.9 Policy on Freedom of Information, Security and Data

Protection . . . . . . . . . . . . . . . . . . . . . . . . . 37

6 General Guiding Principles 386.1 Kosto dhe �eksibiliteti . . . . . . . . . . . . . . . . . . . . . . 38

6.1.1 Riperdorim perpara Blerjes dhe perpara Ndertimit . . 386.1.2 Nderto �llimisht per qeverine . . . . . . . . . . . . . . 386.1.3 Reduktimi total i kostove te pronesise . . . . . . . . . 38

6.2 Mundesite e dhenies se sherbimit . . . . . . . . . . . . . . . . 386.2.1 Ndiqet partneriteti ne lidhje me dhenien e sherbimeve 386.2.2 Produktet dhe Planet behet qe te permbushin objek-

tivat e biznesit doganor . . . . . . . . . . . . . . . . . 386.3 Balancimi i Reputacionit kundrejt rreziqeve per dhenien e

sherbimit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396.3.1 Perdorimi I teknologjive te Provuara . . . . . . . . . . 39

6.4 Risite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396.4.1 Zgjidhjet behen duke implemntuar produktet e pran-

uara ne politiken per teknologjine e informacionit . . . 396.4.2 Promovimi I avantazheve per biznesin nepermjet per-

dorimit te teknologjive inovative . . . . . . . . . . . . 396.5 Kontrolli I aseteve te informacionit . . . . . . . . . . . . . . . 40

6.5.1 Versioni I se vertetes . . . . . . . . . . . . . . . . . . . 406.5.2 Nderto besim nepermjet menaxhimit efektiv te infor-

macionit nga klienti . . . . . . . . . . . . . . . . . . . 406.6 Rritja e E�ciences . . . . . . . . . . . . . . . . . . . . . . . . 40

6.6.1 Nderto ne levishmeri . . . . . . . . . . . . . . . . . . . 406.6.2 Maksimizo Automatizimin e Proceseve . . . . . . . . . 406.6.3 Pergjigja sa me ne kohe reale per kerkesat e klientit . 40

4

1 Introduction

1.1 Why is Needed an IT Strategy

Having a strategy is important. It is like a map and a compass. Without itone can spend much time, energy and resources, however will not be able togo on the right direction, therefore will fail to reach the desired destination.As they say, having a bad plan is better than having no plan at all.

IT is very important nowadays, since it is the means that facilitates busi-nesses and keeps them running. Keeping the information in electronic formatand managing business processes through IT systems has indisputable ad-vantages. Every e�ort for improving business processes is immediately trans-lated into requests for improving the IT systems, and the success of the re-form depends directly on the success of the IT part. If a business/organizationis compared to the human body, then the IT systems and infrastructure ofit are like the nervous system.

The Albanian Customs Administration makes no exception from the prin-ciples mentioned above. Because the IT is so important and is the key ofsuccess for each improvement or reform, a separate strategic document isneeded for it, besides the Overall Business Strategy of the Customs. Thisdocument should help as a guidance for making strategic decisions about theissues that are related to IT.

1.2 The Structure of This Document

This strategic document de�nes the `mission': the purpose of IT in Customs,why it is used, what it should support, how it should do it, etc. In general,this is the function of IT and the reason for its existence.

Then it also de�nes the `vision', which is the goal that IT should reachon the following years. The main strategic goal is to ful�ll the standardsthat are needed for the acceptance of Albania in EU. So, the span of thisstrategic document are the following years, up to the acceptance of Albaniain EU.

The strategy elaborates the goal/vision by describing what are the stan-dards that should be ful�lled, identifying also concrete targets and objectives(the so-called Strategic Objectives).

Then it also tries to set priorities to them, to de�ne dependencies andmilestones, to elaborate about the steps that are needed to accomplish them,and to identify any general prerequisites and resources that are needed fortheir completion.

5

However this document does not go into deep details about how to im-plement each step. More details about planning and managing the necessarytasks are provided in the annexes that are attached to this document.

This document is not �nal, it should be revised and modi�ed wheneverneeded, as future steps become clearer and experience provides guidance forbest practices.

1.3 References Used

The strategic documents where this document is based are:

• The Customs Blueprints (especially the section about ICT)

• Electronic Customs Multi-Annual Strategic Plan (MASP)

• ACA Business Strategy

• National Strategy for e-Government and ICT

1.4 Acronyms and Abbreviations

Table 1: Acronyms and Abbreviations:

Acronym Description

AEO Authorized Economic Operators systemAES Automated Export SystemAIS Automated Import SystemATIS Anti-Fraud Transit Information SystemBPM Business Process ModelBTI Binding Tari� InformationCC Centralized ClearanceCCN Common Communication NetworkCCN/CSI Common Communications Network / Common Systems InterfaceCRMS Customs Risk Management SystemCN Combined NomenclatureCOM European CommissionDDS Data Dissemination SystemDG AGRI Directorate General for Agriculture and Rural DevelopmentDG TAXUD Directorate General for Taxation and Customs UnionDG TRADE Directorate General for Trade

Continued on next page

6

Table 1: Acronyms and Abbreviations:

Acronym Description

OLAF European Anti-Fraud O�ceEBTI European Binding Tari� InformationEC European Commission/European CommunitiesECICS European Customs Inventory of Chemical SubstancesECIP EU Customs Information PortalECG Electronic Customs GroupECS Export Control SystemEFTA European Free Trade AssociationEMCS Excise Movement and Control SystemEP European ParliamentEPA Economic Partnership AgreementEO Economic OperatorEORI Economic Operators Registration and Identi�cation systemFTA Free Trade AgreementFTSS Functional (Transit) System Speci�cationsGSP Generalised System of PreferencesICS Import Control SystemIRU International Road Transport UnionI(C)T Information (Communications) TechnologyMASP Multi-Annual Strategic PlanMCC Modernised Customs CodeMRN Movement Reference NumberMS Member State(s)NA National AdministrationNCTS New Computerised Transit SystemREX Registered ExportersRIF Risk Information FormSEAP Single Electronic Access PointSPEED Single Portal for Entry or Exit of DataSW Single WindowTARIC Tarif Intégré des Communautés européennesTIR Transports Internationaux RoutiersUNECE United Nations Economic Commission for EuropeUSA United States of AmericaVAT Value Added Tax

7

2 Mission and Vision

2.1 IT Mission

The everyday operation of the Albanian Customs Administration relaysheavily on IT. Also, the future improvements on its work are closely re-lated to the support and further improvement of the IT services, and evendepend on them. The aim of the IT Strategy is to support the AlbanianCustoms in ful�lling its strategic objectives, which are described and de�nedin the Customs Business Strategy.

Some of the �elds where IT can improve the work of the customs andsome of the objectives that require the IT support are these:

• Preparing Albania for the integration with the EU.

• Facilitating the inter-agency and international data exchange, commu-nication and cooperation.

• Facilitating customs procedures for the traders and increasing theirsatisfaction.

• Fighting the illicit activities across the borders and protecting the so-ciety.

• Improving and facilitating the work of the customs administration itself(modernization).

• Reducing the possibilities of corruption inside the customs administra-tion.

• Increasing the e�ciency of the customs administration and loweringits operational costs.

• Improving the revenue collection for the government.

In order to full�ll these objectives, we try to:

• apply the IT international standards related to the electronic trade andcustoms

• integrate our IT systems with the ones used in the EU

• make use of the latest developments in the �eld of IT

• improve the IT skills and abilities of our IT sta�

8

• improve our existing IT systems and implement new ones

• improve IT e�ciency and lower IT costs

2.2 IT Vision

The main goal (target) of IT is very clear and closely related to the visionof ACA and of the Albanian Government in general: we want to make surethat Albania is ready for joining EU before 2020.

This requires that the level of IT is improved to reach the level of theother EU contries. Not only that, but further more it requires that the ITlevel improves to match the EU standards about customs (which other EUcustoms administrations are required to match as well).

These standards are described and elaborated in the Customs Blueprints,which also have a special section about IT.

Another practical requirement for joining EU, is that our IT systems canbe integrated with the customs systems used in EU, like: NCTS, EORI,EMCS, etc. We should take care to integrate not only with the systemsthat are currently working, but also with the systems on which there is workgoing on, and which are expected to be operational on the EU level on thefollowing years. So, we should take into account not only the current levelof the EU systems, but we should consider also the strategic EU documentsabout IT, the plans and the work in progress, etc.

The best document that describes the current state and future devel-opments on the IT �eld is the �Electronic Customs Multi-Annual StrategicPlan (MASP)�, which is created and maintained by DG TAXUD.

By tying to comply with the EU standards, we also achieve compliancewith other international standards about customs and trade (for exampleUN standards), since those standards are, in general, harmonized and inagreement with each-other.

Besides the European and international standards, we should also tryto ful�ll our national standards about IT, which require a modern, paper-less, electronic administration, inter-agency data exchange and communi-cation, etc. These standards are described on the �National Strategy fore-Government and IT� and on other related documents. Again, there is acoherence and harmonization between the national IT standards and theinternational ones.

To summarise, in order to reach the main goal of being ready to join EU,we have to make sure that our IT systems:

9

1. Can be integrated with the EU customs systems, like: NCTS, EORI,EMCS, and the other systems described in MASP.

2. Full�ll the standards of the EU customs as de�ned and elaborated inthe Customs Blueprints.

3. Are able to interoperate and exchange data with other systems in na-tional and international level.

4. Provide a modern paperless environment, fully electronic and auto-mated, for the bene�t of both the customs administration and thetraders.

3 Customs Blueprints � ICT

3.1 Aim

To develop an information and communication technology (IT) service andintegrated IT system environment which fully supports the business strategyof the customs administration, in accordance with international standards(e.g. WCO Framework of Standards to Secure and Facilitate Global Trade),facilitates trade, provides risk management, ensures that customs businessis conducted to the highest level of e�ciency and provides the best possiblevalue for money

3.2 Strategic objectives

• Strong political commitment and de�nition of mandates and leadingroles.

• Development, implementation, update and regular publication of:

� an IT strategy for the customs administration which supports theachievement of its business objectives,

� customs IT systems (hard and software) which meet the user re-quirements of the customs administration, the trade, governmentdepartments and other relevant institutions,

• Ensuring that:

� IT systems take advantage of the latest technology to achieve thecustoms administration's goals;

10

� the value of the administration's IT data resources is maximisedby delivering consistently high quality and value-for- money ser-vices and systems;

� technical solutions (including computer architecture, operatingsystems, application software, communication methods and databasemanagement systems) for each project are selected on the basisof value for money, suitability for the task and compliance withdocumented IT policies;

� there is a balance between facilitation and control in a paperlesscustoms and trade environment;

� the time for the clearing process and the number of manual oper-ations are reduced as much as possible;

� data exchange systems with neighbouring countries are in placewherever possible;

� the quali�ed human resources needed are available to implementthe strategic objectives.

3.3 Key Indicators

3.3.1 IT management policy

• (22.1) A top-level manager responsible for the IT function in the cus-toms administration is appointed.

• (22.2) IT strategy is developed, published and regularly reviewed, in-cluding the idea of a paperless environment.

• (22.3) An IT human resources policy is developed, published and reg-ularly reviewed.

• (22.4) The IT function is clearly identi�ed throughout the organisa-tional structure and its roles and responsibilities are de�ned and pub-lished.

• (22.5) Systems development priorities and related dependencies arede�ned.

• (22.6) Provision is made for the �nancing of IT projects and proceduresare in place for estimating and reviewing associated budgets, includingthe future maintenance of the requisite systems and infrastructure.

11

• (22.7) Project management methodologies are agreed and documented,including multi-project and portfolio management.

• (22.8) An IT procurement policy is de�ned and published.

• (22.9) Disaster recovery and business continuity (e.g. security, contin-gency, fallback and recovery) policies are de�ned and documented.

• (22.10) Training requirements for users and technical IT experts areidenti�ed, implemented and documented.

• (22.11) Procedures for monitoring the functionality of existing systemsare documented and applied.

• (22.12) Feedback, monitoring, evaluation and control standards aredeveloped and operational.

• (22.13) A knowledge database strategy is developed and distributionof information is accessible by Internet/intranet.

3.3.2 IT technical policy

• (22.14) Standard system design methodologies and procedures are doc-umented and applied throughout the systems development life cycle.

• (22.15) Documentation standards are developed, documented and ap-plied.

• (22.16) An IT telecommunications policy is de�ned and published withappropriate IT infrastructure (including a high-speed network) in placeto support it.

• (22.17) A quality assurance methodology is documented and appliedfor all new applications.

• (22.18) Appropriate IT systems capable of accepting electronic datainterchange (EDI) messages and exchanging data electronically withthe trade are in place; this should include the implementation of asingle electronic access point for trade.

• (22.19) Authenticity of the messages is guaranteed (e.g. digital signa-ture.

• (22.20) Appropriate payment systems, including electronic data ex-change with the banking system, are in place.

12

• (22.21) Appropriate IT systems capable of interfacing with EU systems(e.g. integrated tari� management system (ITMS), Transit) are inplace.

• (22.22) Appropriate IT systems capable of accepting electronic datainterchange (EDI) messages and exchanging data electronically withother agencies are in place.

3.3.3 IT application policy

• (22.23) A computerised customs declaration processing system is im-plemented.

• (22.24) A computerised revenue collection and accounting system, in-cluding bookkeeping, is implemented.

• (22.25) A computerised transit control system is implemented and inte-grated with the customs declaration processing system. An electronicclient management and administration system must be available.

• (22.26) A computerised selectivity system and tools for analysis ofdata generated by customs control activity are in use and in line withinternational standards (e.g. risk management).

• (22.27) Computerised information, intelligence and documentation sys-tem(s) are implemented.

• (22.28) External trade data for statistics are delivered to agreed sched-ules.

• (22.29) Policy on freedom of information, security, data protection andhealth and safety is implemented (in line with guidelines from the UN,EU etc.).

• (22.30) International trade data element codes, HS tari�, UN Edifactmessage standards are used in all applicable IT systems.

• (22.31) Customs IT systems are capable of delivering electronic datafor a computerised trade statistics system.

13

3.3.4 IT operational policy

• (22.32) IT business processes are established and documented (userrequirements, functional and technical speci�cations).

• (22.33) Implementation procedures and user acceptance testing proce-dures are applied when new systems are implemented.

• (22.34) A change of management plan, including impact assessment,must be operational.

• (22.35) Roles and responsibilities are clearly de�ned and documented,including ownership and responsibility for new systems.

• (22.36) The functions needed for access to applications are de�ned anddocumented.

• (22.37) User manuals (preferably electronic) are produced when newsystems are implemented.

• (22.38) The information needed for management is de�ned and a man-agement information system is developed.

• (22.39) Appropriate systems are capable of di�erent kind of auditsat national and international level. Procedures for the maintenanceof systems and the provision of central and local o�ce support for ITsystems and their associated components are in place and documented.

• (22.40) A system for feedback (e.g. through the operation of help desks,hotlines, customs and trade user groups) is in place.

3.3.5 IT training

• (22.41) Training rooms for IT training with the relevant equipment,database and Internet are available.

• (22.42) A training strategy especially for IT sta� is developed.

3.4 Future developments (electronic customs) important forcandidate countries

Candidate countries have to be aware that there are ongoing IT developmentsin the EU within the �eld of electronic customs which have to be consideredfor accession.

14

In addition, candidate countries have to keep in mind during the accessionprocess that:

• appropriate IT systems capable of using the EU CCN and CSI trans-mission standards/system and the relevant IT applications are in place;

• interoperability between the national and the EU IT systems exists;

• other data codes adopted by the Commission are used in all applicableIT systems;

• customs IT system are capable of delivering electronic data for anIntrastat statistics system.

3.5 Cross references

Blueprints on Infrastructure and Equipment, and Trade Facilitation andRelations with Business.

3.6 Other Blueprints Related to IT

These are key indicators from sections of Blueprints other than Area22-ICT,which are related somehow to IT or depend on it.

3.6.1 Trade Facilitation

• (7.6) Where possible and appropriate, the required documents andinformation from trade are submitted to customs electronically.

• (7.21) Cooperation between customs and other relevant governmen-tal authorities is promoted, for example through enabling the tradingcommunity to submit information data to various authorities througha single access point and enhancing practical cooperation models.

• (7.23) Mechanisms are in place to ensure that customs working meth-ods and IT systems are, where appropriate, developed in cooperationbetween customs and trade.

• (7.27) The development of customs declaration processing systemsmakes provision for traders to submit declarations and other requireddocuments electronically.

15

• (7.28) Electronic data systems that are used ensure that information isto be submitted only once and is stored and used for customs purposesin line with relevant data protection standards and regulations.

• (7.29) Up-to-date and clear information on customs tari�s, proceduresand requirements is provided to trade through appropriate means ofcommunication (Internet, brochures, lea�ets, etc.).

• (7.30) Consultation on customs procedures and technical support oncustoms IT systems are made available to trade by means of e-mail,telephone or personal contact, such as a contact center

3.6.2 Cooperation

• (9.30) IT systems are in place allowing exchange of information be-tween customs, other customs administrations and all the relevant au-thorities.

• (9.31) Data exchange through IT systems is based on internationalstandards, such as the WCO data model, and in accordance with theregulations on data protection.

3.6.3 Revenue Collection

• (10.1) Adequate information on current regulations and applied tari�sis available to trade.

• (10.2) Support information is available to trade on their obligations andprocedures for assessing, declaring and paying their customs liabilities.

• (10.4) A system is in place for e�cient centralized accounting of rev-enue.

• (10.5) A system is in place to register traders' liabilities for customsrevenue.

• (10.6) Accounting systems for all types of payment are in place andlinked to the register of customs liabilities.

• (10.8) The accounting system uses codes to identify revenue items bytari� headings, by types of liabilities, by methods of payment, by cus-toms regimes and by liable persons to make for e�ective compilationof data.

16

• (10.20) Management controls are in place to protect and ensure theintegrity of the revenue and personnel.

• (10.22) Registration, processing, accounting and allocation of revenueliabilities are separate modules of an integrated customs informationsystem.

3.6.4 Risk Management

• (11.26) High-quality IT systems and programs are in place (insteadof acquired) to exchange the information needed e�ectively, e�cientlyand safely.

3.6.5 Border And Inland Control

• (13.3) Intelligence and information systems are established, systemat-ically developed, utilized and regularly reviewed, as are risk pro�les,which take account in particular of the economic situation of the regionconcerned, for each location at which customs controls are exercised.

• (13.22) A strategy to implement a single-window concept that allows alldata relating to an import or export transaction required by di�erentauthorities and agencies to be submitted (where possible electronically)to the same access point is de�ned at national level, with the aim ofavoiding duplication and facilitating trade.

• (13.32) Customs control systems and procedures are automated wher-ever there are clear bene�ts for both customs and the public (includingthe trading public).

3.6.6 Post-Clearance And Audit

• (16.16) The facilities, tools, IT systems and access to information sys-tems needed for audit units and auditors to implement their duties areprovided.

• (16.25) The national risk management system is established.

3.6.7 Investigation And Enforcement

• (17.15) Facilities (e.g. Internet, e-mail, online access to relevant databasesand information systems) for the receipt of information and intelligenceare in place and working.

17

• (17.19) Investigation and enforcement systems and procedures are com-puterized wherever necessary and appropriate.

3.6.8 IPR

• (18.10) An IPR IT database should be established to provide tools forcustoms risk management to help exchange information on counter-feiting risks, with the possibility of accessing lists of companies, keyproducts and contacts electronically via the intranet/Internet. Thiswould enable real-time risk information to be exchanged between ex-perts.

3.6.9 Supply Chain Security

• (19.6) A trader identi�cation system based on international standardsis developed.

• (19.7) IT support for the electronic submission of pre-arrival/pre-departureinformation, for risk assessment and for the issuing of AEO certi�catesshould be in place.

• (19.12) The risk management system takes account of pre-arrival/pre-departure information.

3.6.10 Infrastructure And Equipment

• (20.9) An inventory/asset management system is used to monitor thelocation, use and state of repair of the customs administration's infras-tructure and equipment.

• (20.15) Suitable facilities, equipment and information and communi-cation technology are provided to the nationally agreed standard.

3.6.11 Laboratory

• (21.7) The customs laboratory is su�ciently equipped with all test-ing and auxiliary equipment, computing technology, software, refer-ence materials, standards, chemicals and other consumable materialsto cover the speci�c needs and priorities of the country.

18

4 EU Customs Systems

4.1 Customs Operational Systems

These are some of the Customs related systems in EU that either are opera-tional, or are expected to be operational in a few years (according to MASP).Sooner or later, we will have to integrate our system(s) with them. So thissection provides an overview and a brief description of them (just to createan idea of the work that has to be done on this direction).

4.1.1 Automated Import System (AIS)

The objective of the AIS is to ensure that import operations starting inone MS can be completed in another MS without re-submission of the sameinformation. This includes the exchange of electronic messages related tothe di�erent stages of the operations amongst the various actors (customs,traders and other governmental administrations).

The development of this project has been divided into 2 phases:

1. Import Control System (ICS) � Safety and Security Aspects

2. Automated Import System � Centralised Clearance and Simpli�cations

Import Control System (ICS) � Safety and Security Aspects Theobjective of this phase is to provide for the handling of entry summary dec-larations and the link of the information with risk analysis on the data sub-mitted.

• Full operation on: July 2009

• Depends on: National risk analysis application, CRMS

• Prerequisite for: AIS

• Related to: AEO, EORI, SPEED

Automated Import System � Centralised Clearance and Simpli�-cations The objective is to allow the full computerisation, based on thenational IT systems, of the import procedure in cases where the customsauthorities of more than one MS are involved, enabling electronic exchangeof information between customs o�ces and traders. It will keep and expandthe functions of ICS, and in particular it will add the noti�cation of arrivaland the presentation of goods, and the centralised clearance approach.

19

• Full operation on: May 2013

• Depends on: ICS, AEO, EORI, CRMS

• Prerequisite for: SW

• Related to: ECIP, REX, AES, SEAP, EBTI, SASP

4.1.2 New Computerized Transit System (NCTS)

The objective of the NCTS is to enable full control of the �core� transit pro-cedure including the guarantee management and enquiry procedures, withthe support of IT facilities. An additional feature will be the incorporationof the data elements required by the security amendment to the CommunityCustoms Code.

An electronic system � NCTS, covering Community/common transit, wasfully implemented on and is available from 31 December 2005. The otherparts of the NCTS project are:

1. NCTS � Safety and Security Aspects (including ATIS)

2. NCTS - TIR

3. NCTS � Enquiry/Recovery

NCTS � Safety and Security Aspects (including ATIS) NCTS willincorporate the additional features arising from the security amendment ofthe Customs Code, as well as those resulting from the implementing provi-sions. The ATIS amendment will enable the system to forward a copy oftransit movements to DG OLAF for movements including sensitive goods.

• Full operation on: July 2009

• Depends on: National risk analysis application, CRMS

• Related to: EORI, AEO, SPEED

NCTS - TIR The objective of this application is to provide full control ofthe European leg of TIR movements and to facilitate the termination /dis-charge of TIR operations within the Community by replacing the physicalreturn of Voucher No. 2 with the electronic transmission of NCTS messages.

• Full operation on: January 2009

20

• Depends on: NCTS

• Related to: CRMS, EORI, NCTS Enquiry/Recovery

NCTS � Enquiry/Recovery Upgrade of NCTS enquiry module and in-troducing the electronic recovery procedure to optimise the use of electronicsystems.

• Full operation: July 2009

• Depends on: NCTS

• Related to: CRMS, AEO, NCTS-TIR, EORI

4.1.3 Automated Export System (AES)

The objective of the AES is to ensure that operations started in one MS canbe �nalised in another MS. This includes the exchange of electronic messagesrelated to the di�erent stages of the operations amongst the various actors(customs, traders and other governmental administrations).

The development of this project has been divided into 3 phases:

1. Export Control System Phase 1 (ECS1)

2. Export Control System Phase 2 (ECS2)

3. Automated Export System � Centralised Clearance and Simpli�cations

Export Control System Phase 1 (ECS1) ECS Phase 1, as the initialstep of the AES, is to provide for the full control of the conclusion of ex-port operations through the electronic exchange of export/exit informationbetween customs o�ces of export and customs o�ces of exit, in particularwhere di�erent MS are involved.

• Full operation on: July 2007

• Prerequisite for: ECS2, AES

• Related to: CRMS

21

Export Control System Phase 2 (ECS2) The objective of this phaseis to provide for the electronic handling of export declarations/exit summarydeclarations under the security amendment, and will, inter alia, require ad-ditional information to be included in export declarations, for safety andsecurity purposes.

This phase preserves and builds upon the functionalities delivered in ECSPhase 1, and will allow for a coherent transition period between the phases.It also o�ers the possibility to refer to the EMCS system.

• Full operation on: July 2009

• Depends on: ECS1, National risk analysis applications, CRMS

• Prerequisite for: AES

• Related to: AEO, EMCS, EORI, SPEED

Automated Export System � Centralised Clearance and Simpli�-cations The objective of this phase is to allow for full computerisation,based on the national IT systems, of the export procedure, ensuring fullintegration of all export-related requirements (e.g. T 5, sanitary controls).It builds upon and includes the functionalities of ECS Phases 1 and 2. Inparticular, it will add the centralised clearance approach.

• Full operation on: May 2013

• Depends on: ECS, AEO, EORI, CRMS

• Prerequisite for: SW

• Related to: ECIP, AIS, SEAP, EBTI, REX, SASP

4.2 Trade Access

4.2.1 EU Customs Information Portal (ECIP)

To enable economic operators to access information related to import/exportrequirements, as well as information on the operational status of movementsthrough a customs information portal. Such a portal would mainly containall relevant information about rules on the movement of goods across borders,and also relevant information from domains other than pure customs (e.g.agricultural, environmental and other legislation). This approach is in linewith the e-Government roadmap.

22

Links will be provided to more detailed and/or national information fea-turing on the customs information portals of the national customs adminis-trations. Also national administrations will be provided with an opportunityto feed info to the EU customs information portal.

• Full operation: February 2011

• Depends on: DDS

• Related to: AIS, AES, SEAP, AEO, EORI, SASP, SW

4.2.2 Data Dissemination System (DDS)

The main purpose of the DDS is to provide up-to-date customs related in-formation applicable at Community level to both the business communityand Member State administrations. DDS will become an integral part of theECIP without losing its own distinctive character as a source of specialisedinformation.

• DDS: already operational

• DDS2 deadline: September 2009

• Prerequisite for: ECIP

4.2.3 Single Electronic Access Points (SEAP)

SEAPs will allow traders to lodge their electronic entry/exit summary dec-larations, summary and customs declarations via a single interface of theirchoice which connects their system with all Member States' customs systems.This data is automatically made available to any customs o�ce responsiblefor the location at which goods have been, or are to be, presented, irrespec-tive of the Member State concerned.

Such access points would either be provided by Member State's customsservices or by private companies authorised by the Member State's customsservice. The service of `access point' providers is, at least at �rst, limitedto `passing on' the customs declaration and other required electronic attach-ments (e.g. electronic certi�cates) to the competent customs administrationwhere the declaration will be accepted and further processed.

The single access point concept has no in�uence on the customs procedureas such. Processing of the declaration, any physical control of the goods, andpayment of any debt and release of the goods will be carried out solely at

23

the customs o�ce to which the customs declaration is presented. There isno task sharing between the customs o�ce at the place where the importeris established and the customs o�ce at which the goods are presented atimport.

Economic operators would only need one access point to lodge declara-tions, independently of the Member State of destination. From the perspec-tive of the customs authorities there would be `multiple access points' (=at least one per MS). With this approach, existing electronic connectionsbetween traders and customs administrations could be maintained and newelectronic connections with the customs administration of their choice couldbe established. Speci�cations would be based on formats which are acceptedby the MS.

• Full operation: June 2014

• Related to: AIS, AES, EORI, ECIP, SW

4.3 Customs Tools

4.3.1 Customs Risk Management System (CRMS)

The objective of the Community Customs Risk Management System is toprovide for the rapid, direct and secure exchange of risk information to sup-port targeting of consignments for customs controls, and for the Commissionto be able to disseminate information concerning Community-wide threats.

The �rst phase of the CRMS, the electronic Risk Information Form sys-tem, was launched in April 2005. The second phase involved an upgradeof the RIF system to include new user requirements arising from the prac-tical experience gained by the users of the system. This second phase waslaunched in April 2007.

The next phase involves the development of the Common Priority Con-trol Areas (CPCA) module to permit the secure electronic transmission andmanagement of Common Risk Criteria.

The RIF and CPCA constitute together the CRMS.

• Full operation of upgraded RIF: January 2008

• Start of operation of CPCA: January 2009

• Depends on: AEO

• Prerequisite for: Full functioning of AIS and AES, Full exploitation ofNCTS

24

• Related to: ICS, ECS1, ECS2, AEO, EORI, SASP, SW

4.3.2 Integrated Tari� Environment (ITE)

Improve interconnection between the already existing tari�-related IT sys-tems in order to achieve:

1. re-use of data and/or functionality from one system to another (e.g.descriptions of Combined Nomenclature (CN) codes, owned by the CNsystem, and re-used by the TARIC);

2. harmonise the interfaces of the di�erent inter-related tari� systems,with the Member States, without redundancy of data.

The concerned systems are CN, TARIC, European Binding Tari� Infor-mation (EBTI), Quota, Surveillance, the European Customs Inventory ofChemical Substances (ECICS), Suspensions.

The necessary steps to achieve the above-mentioned objectives are:

1. alignment to ensure consistency of data codi�cation between the sys-tems (e.g. codify geographical areas in the same way in all systems);

2. implementation of organisational procedures between the owners of thesystems so that work and data �ows run smoothly (ex: inform EBTIsector when closing a TARIC code).

The ITE is not a system in itself, but a collection of data �ows and proce-dures, most of which are to be implemented independently of each other asa continuing process.

Also, in order to minimise impact on resources and development costs,ITE developments are, when possible, merged with other development ac-tivities of the customs systems (ex: Quota 2, and TARIC3).

TARIC 3 The main purposes of the TARIC 3 are:

• to provide to the Member States the Community data needed (interpre-tation, integration and codi�cation) for automated customs clearanceand

• to provide the business community with the up-to-date tari� and com-mercial legislation applicable at Community level, mainly via the DDS

System to be operational in November 2009.

25

ECICS 2 Ensure a consistent and harmonised classi�cation of chemicalproducts in the EU and help customs authorities to identify chemical prod-ucts. With ECICS already functioning, the current initiative is an update ofthe system to improve its performance and add new tools according to theneeds expressed by di�erent types of users.

Quota 2 The main purposes of Quota 2 is to ensure the management of��rst come � �rst served� (FCFS) tari� quotas and to provide the businesscommunity with authoritative updates of the FCFS tari� quotas (via DDS).

• System in operation since: December 2008

• Depends on: TARIC

Surveillance 2 The main purpose of Surveillance 2 is to ensure the col-lection of data in the framework of import/export monitoring (surveillance).Automatic delivery of statistics required by several services of the Commis-sion (DG OLAF, DG TRADE, DG AGRI, etc.).

• System in operation since: January 2007

EBTI 3 Ensure the correct issuing of all BTIs and to have a database ofall applications and issued BTIs. A further evolution could result from theModernised Customs Code when the holder of a BTI will have the obligationto apply the BTI when declaring the covered goods.

• System to be operational by end 2010.

• Depends on: EBTI

• Related to: AES, AIS

4.4 Economic Operators' Systems

4.4.1 Economic Operators' Registration and Identi�cation Sys-tem (EORI)

The objective of the Economic Operators' Registration and Identi�cationSystem (EORI) is to establish a unique EU-wide system of identi�cation foreconomic operators. The system will also allow the recognition of all theauthorisations granted to the economic operators.

26

Thus, it was proposed to create an integrated Economic Operators' databasecovering all EORI and Authorised Economic Operator functions. This willo�er maximum integration of the processes and avoid data duplication at thecentral level. It is the intention to have the same IT interface for AuthorisedEconomic Operator, EORI and other future authorisation schemes such asSASP and REX.

• Full operation: July 2009

• Prerequisite for: AEO full, AIS, AES, SASP, REX

• Related to: NCTS, ICS, ECS, SEAP, CRMS, SW, ECIP

4.4.2 Authorized Economic Operator (AEO)

To give e�ect to the concept of AEO as set out in Regulation (EC) No648/2005. For planning purposes, the number of AEOs is estimated to be inthe hundreds of thousands.

The system is made available centrally for updates and download by MS,and in order to provide access to the `master �le' (trusted source of info). MSare expected to keep some info in their national systems, such as the AEOCerti�cate numbers, for use in the declaration processing system � a 24 hourinterval for updating the information from the master �le is expected. Noon-line queries will be launched for any veri�cation of an AEO (to be doneon national level). Connections and downloads from third countries withwhich mutual recognition exists might be available.

The AEO concept will be introduced in two steps. In the �rst stage,the basic functions will be provided while the second phase will extend thefunctionalities of the system to work�ow and/or collaborative functions. Itwas proposed to create an integrated Economic Operators' database coveringall AEO and EORI functions. This will o�er maximum integration of theprocesses and avoid data duplication at the central level. It is the intentionto have the same IT interface for AEO, EORI and other future simpli�cationsuch as the SASP system.

A phased approach has been agreed for establishing the IT system:

1. AEO Phase 1 will provide basic functions as of 1 January 2008;

2. AEO Full System will be extended to integrate work�ow and/or col-laborative functions as of 1 July 2009.

27

AEO Phase 1 To provide an operational tool at the initial stage of theAEO introduction. AEO phase 1 system will primarily enable:

• central management of the AEO applications and certi�cates

• downloading of the information on AEO into the national operationalsystems

• publishing the list of AEOs who gave their prior agreement on DDS/Internet

• Full operation: January 2008

• Related to: ICS, ECS, EORI, NCTS, TARIC, ECIP, CRMS

AEO Full System AEO Full System builds on AEO Phase 1 and addsthe work�ow and/or collaborative functions.

• Start of operation: July 2009

• Depends on: EORI

• Prerequisite for: Full functioning of AES, AIS and CRMS

• Related to: ICS, ECS, NCTS, TARIC, ECIP, SASP, REX

4.4.3 Single Authorization for Simpli�ed Procedures (SASP)

The objective is to create an IT system to manage the application and con-sultation procedures in respect of single authorisations for simpli�ed pro-cedures in cases where more than one customs administration is involved.The system will also enable decisions and information �ow related to themanagement of:

• Single Authorisations for simpli�ed procedures

• Single Authorisations for customs procedures with economic impactand end-use

This should be introduced as an extension of the AEO Full system, giventhe high degree of common functionality.

• Full operation: January 2011

• Depends on: EORI

• Related to: AEO, CRMS, AIS, AES, ECIP

28

4.4.4 Registered Exporters (REX)

The objective of the Registered Exporters system (REX) is to make avail-able up-to-date and complete information on registered exporters establishedin third countries concerned with the export of goods to the EU enjoyingpreferential tari� rates based upon compliance with the applicable rules oforigin. Registered Exporters are seen as known and trusted partners in aparticular set of rules of origin. The system will also include exporters tobe registered in the EU for the purpose of exporting to partner countrieswho enjoy preferential arrangements (based on reciprocal preferences underFTAs and/or cumulation of origin).

Only Registered Exporters will be entitled to make out statements onthe origin of the goods they export under preferential arrangements. TheCommission will set up a system to disseminate information concerning Reg-istered Exporters, which will be available throughout the EU and in thepartner countries for authorised users.

While the system at �rst will only cover some preferential arrangements(GSP and later on ACP-EPAs), it might be expected that a similar approachcould be taken for all preferential arrangements, whereby all informationwould be available in a single system.

• Start of operation: January 2013

• Depends on: EORI

• Related to: SW and (partially) AEO, AIS, AES

4.5 Longer Term Projects

4.5.1 Single Window (SW)

The objective of SW is to enable economic operators to lodge electronically,and once only, all the information required by customs and non-customs leg-islation for EU cross-border movements of goods. The initiative is currentlypresided over by DG TAXUD.

There will be (at least) one SW per Member State. These SW will besupported by the SEAP functions for lodging of declarations (if available).The handling of certi�cates and licences needed for the declaration will bebased on the Community tari� and supplementary information speci�c tothe MS concerned.

Certi�cates and licences from other MS will be transferred via the con-nection between the MS, the Commission and 3rd countries (SPEED plat-

29

form), as well as between Commission systems, where required. SW shallalso make information available on how to request certi�cates and licencesfrom competent bodies.

• Full operation: July 2014

• Depends on: AES, AIS

• Related to: CRMS, ECIP, SEAP, EORI, REX

4.6 Automated Information Exchange with 3rd Countries

4.6.1 Single Portal for Entry or Exit of Data (SPEED)

To provide for a technical solution which will enable automated data ex-change between MS electronic customs systems and third countries on thebasis of EU bilateral or multilateral agreements. This planned automatedexchange of information is envisaged only with countries outside the EU,such as e.g. China, Russian Federation and USA.

However, countries which are not an EU MS but are participating in oneor more electronic customs systems, such as EFTA countries, countries whichhave a customs union with the EU and candidate countries, will continue toexchange information via their own CCN/CSI gateway.

The exchange of the information will be organised via a secured portalconnected to the secured network CCN/CSI.

Data requirements, formats and protocols of the envisaged data ex-changes will be agreed to be as far as possible compatible with the existingEU customs IT systems such as NCTS, ICS and ECS.

The �rst implementation of the envisaged automated information ex-change with third countries is to be started as a pilot project with volun-teering EU MS and third countries.

• Depends on: CCN/CSI

• Related to: ECS, ICS, NCTS

4.6.2 EU-Russia exchange of TIR movement data (Pilot project)

Exchange TIR movement data with Russia via the secured portal connectedto CCN/CSI - SPEED.

• Exchange operational on January 2009.

• Depends on: SPEED

30

5 Requirements and Needs for Developments

Comparing the current status of the Albanian Customs with the level ofstandards that should be ful�lled in order to reach the �nal goal, we havetried to identify the systems that need to be developped or improved, andany other needs that are related to IT or that require the support of IT.

The IT standards that should be ful�lled are of course described by theCustoms Blueprints, the chapter about ICT and any other cross-referenciesthat require ICT support from the other chapters.

Besides the normal strategic objectives and key indicators, the ICT chap-ter of the blueprints contains also a special section for candidate countries,which requires that the IT systems of those countries should be able to in-tegrate and to exchange data with the customs systems of EU, not onlythose that are currently operational on EU level, but also those that are indevelopment and are expected to be fully operational on the following years.

These IT systems that work on the EU level are being developed on theframework of the the Electronic Customs project, which is initiated by theEuropean Commission and aims to replace paper format customs procedureswith EU wide electronic ones. They are creating a more e�cient and moderncustoms environment which is going to enhance security at the EU's externalborders and to facilitate trade, and therefore should bene�t both businessesand citizens.

Actually, if we manage to ful�ll the requirements of the Electronic Cus-toms project, we would have automatically ful�lled most of the standardsof the Customs Blueprints itself (about paperless environment, trade facil-itation, enhanced security, etc.). So, it is important to use the strategicdocuments of this project as a guidance for our IT strategy (and our busi-ness strategy as well). One of these strategic documents is the ElectronicCustoms Multi-Annual Strategic Plan (MASP).

However we should always keep in mind the standards of the CustomsBlueprints when de�ning the needs for IT improvements and developments,since they are broader and more generic than MASP.

Comparing the Customs Blueprints with the current state of the Alba-nian Customs has already been done during the year 2010, also with thehelp and assistance of EU international experts (mainly from the AustrianCustoms, through a twinning project). The gaps have been identi�ed andalso the needs for improvements have been suggested.

This section of the IT Strategy is built mainly as a summary, reorgani-zation and restructuring of the needs that are identi�ed during the study ofthe Customs Blueprints and the comparison with our current state of IT. A

31

special attention is payed to the need for matching the development of ITsystems on the EU level, as de�ned and described on MASP.

5.1 Integrating With EU IT Systems

The European/Global IT Systems that we need to integrate with, are thosethat described on the MASP of the EU Electronic Customs. Our system(ASYCUDA World) maybe supports some of the features that are required.However more development and integration needs to be done.

This section presents a list of all these IT systems, describing also thecurrent state in our AsyW and what needs to be done further, in order tobe fully compatible with the EU IT system.

An estimation of the required e�orts is done as well, and also a priorityor level of importance (urgency) is assigned. Some of the rules for assigningthe priorities are these:

1. The systems that are already operational on the EU should have higherpriority, compared to those that are expected to be operational on thefuture.

2. The systems that are prerequisites for the other systems should havehigher priorities than those that have no priorities.

3. The systems that need less e�orts to be implemented should havehigher priorities compared to the di�cult ones.

The estimation of implementation details: times, phases, steps, milestones,full operation deadlines, etc. will be described in another document (ITMulti-Annual Strategic Plan), so they are not included here.

(Note: The list has to be completed, including every project describedin MASP.)

5.1.1 EMCS (Excise Movement and Control System)

Currently there is no module in AW about excise. On the beginning of 2011AW will be upgraded and a new demo module about excise will be installed(UNCTAD has prepared this module for some other country). Based on thisdemo, and also keeping in mind that this module should be able to integratewith EMCS, the technical requirements will be described and detailed andthe full implementation will be done.

32

5.1.2 NCTS (New Computerized Transit System)

There is actually a Transit Module on AW, and it also supports some fea-tures related to NCTS, however it remains to be checked what else it shouldsupport, so that Albania can become a member of CTC, and so that it canbe fully integrated with the EU NCTS systems.

Note: Preparing Albania for NCTS is also one of the topics of the Twin-ning Project. Up to now a Draft (or Template) Action Plan has been pre-pared (which need to be �lled with details). According to the schedule of theTwinning Project, up to June 2011 the IT requirements for NCTSD shouldbe �nished.

5.1.3 EORI (Economic Operators Registration and Identi�cation)

AW should be integrated with the EORI central database of EU and maybealso with QRK. The technical requirements and details remain to be speci-�ed.

EORI is a prerequisite for many other systems, so it should have a highpriority.

5.2 Interoperability on The National Level

This includes the inter-agency data exchange and integration, the conceptof the single window, etc.

5.2.1 Integrated Border Management (IBM)

This is one of the objectives of the Twinning Project. There is also an ActionPlan about it, composed some years ago.

5.2.2 Electronic data exchange with the banking system

(BP: 22.20) Revenue collection should be able to integrate with the EUsystem as well.

5.2.3 Interagency data exchange (Single Window)

Albanian Customs needs to exchange data with other institutions as well.These institutions are:

• Ministria e Financave (DPT, Drejtoria e Përgjithshme e Thesarit, etj.)

• METE (QKR, QKL, etj.)

33

• Dhomat e Tregëtisë

• Ministria e Bujqësisë (Instituti i Sigurisë Ushqimore dhe Veterinarisë,etj.)

• Ministria e Shëndetësisë (Qëndra Kombëtare e Kontrollit të Barnave,etj.)

• Drejtoria e Përgjithshme e Standardizimit

• Ministria e Punëve Publike dhe Transportit (Drejtoria e PërgjithshmeRregullatore)

• Ministria e Inovacionit dhe Teknologjisë së Informacionit (AKSHI)

• Ministria e Brendshme

• Ministria e Mbrojtjes, etj.

The detailed needs and requirements for data exchange with these institu-tions remain to be de�ned and described. There is an action plan about thisand this work is expected to be done on the �rst half of 2011.

5.3 Other Needs for Tools and Software

Other software are needed by various sectors of the customs as well, in orderto provide them with a paperless environment and with the necessary toolsthat are needed for managing the information electronically.

We can develop these software/modules ourselves, or we can use softwaredeveloped by others. In the second case (which is more preferable) we shouldinstall, con�gure and maintain it, and also integrate it with the rest of oursystems.

5.3.1 A Web CMS (Drupal)

The web page of Albanian Customs is a bit old and not functional enoughfor satisfying all the requirements for document and data publishing, bothexternally and internally.

It is obvious that it should be replaced by a CMS, and Drupal wouldbe a good choice, since it is popular, open source, more professional andcustomizable than the other alternatives, etc.

34

5.3.2 A Tool for planning, tracking and reporting IT expenditures

(BP: 22.6)

• TaskJuggler could be a good choice. It has features for planning andtracking projects, and also for recording expenses, and generating re-ports as well. BP_22.6:

1. Financial working group or committee made responsible for es-timating future annual IT expenditure and agreeing proposedspending by individual IT areas

2. Users and managers aware of full cost of running, enhancing andmaintaining its IT systems

3. Long term IT expenditure planning in place

4. Accounting system or procedures in place to track IT expenditureand regularly report variances against planned spending

5.3.3 Software for monitoring the functionality of the existingsystems

(BP: 22.11)

• Zenoss could be a good choice for monitoring/managing network de-vices, resources and services.

5.3.4 Any tool/software for facilitating feedback from users

(BP: 22.12)

• Maybe any ticket system, for example Trac

5.3.5 HelpDesk system for reporting the problems.

(BP: 22.40)

• Maybe Trac can be used.

5.3.6 Knowledge Database

(BP: 22.13)

• A knowledge database strategy should be developed and the infor-mation should be accessible by Internet/intranet. (Maybe it can beMediaWiki, Drupal, or any other wiki or CMS).

35

5.3.7 Tools for internal communication and collaboration

• OpenFire for internal instant messages and collaboration

• Mailing lists (maybe mailman).

• Email addresses should be in the format Firstname.Lastname@dogana.gov.al,not F_Lastname@dogana.gov.al (in order to be compliant with the na-tional standards set by AKSHI).

5.3.8 Document Management System

(BP: 22.27)

• Alfresco can be used to handle elctronically the internal paperwork(between departments and divisions).

5.3.9 Business Intelligence Tool

(BP: 22.38)

• JasperSoft, Pentaho, etc. can be installed and tried.

5.3.10 Tools for Human Resource Management

• OrangeHRM can be installed, customized and tried.

5.3.11 Directory Server for Single Sign-on

Directory servers are also usefull, among others, for implementing single sign-on (employees login to di�erent applications using the same username andpassword, which are stored on the directory server).

This is very important because it makes simple the life of the users: theyhave to remember and maintain only one username+password, instead ofhaving one for email, one for AW, one for Alfresco, one for JasperReports,one for the CMS etc. It also simpli�es the task of the system administrators,because they have to keep and maintain only one list of users, instead ofmaintaining a separate list of users for each program/application.

Some directory servers that can be tried are these:

• Apache Directory Server

• 389 Directory Server

36

• Open Directory Server

• Open LDAP and phpLDAPadmin

5.3.12 An Inventory/Asset Management System

(BP: 20.9) Such a program/application can be used to monitor the location,use and state of repair of the administration's infrastructure and equipment.

5.4 IT Documents

Several IT related documents need to be developed, published, reviewedperiodically, maintained, and followed (applied/implemented). These docu-ments support the IT strategy and are mainly based on the requirements ofthe Blueprints. The supporting documents that need to be developed arelisted and described below.

5.4.1 IT HR Policy

(BP: 22.3)

1. There should be a special HR policy for IT, without con�icting theframework of the general/overall HR policy.

2. It should be published and reviewed periodically, and it should beapproved by top-level managers.

3. This HR policy should take into account the special needs and require-ments of the IT �eld.

4. The HR policy for IT can include for example:

• Medium & long term plans for sustaining IT management team,HQ IT development units, operational units and regional admin-istrators as well as use of IT contractors and consultants.

• Proposed IT sta�ng complement required showing numbers andgrades of IT sta� at all levels in HQ and regions

• Skills & experience required for each post

• Career path and options for advancement

• In-house and external training

• An overview of the sta� reporting and performance appraisal sys-tem in operation

37

• An overview of the communications policy and methods includingparticularly, the main procedures for communicating key decisionsand information and for receiving and processing feedback fromsta�

• Method of recruitment � external and internal

• Incentives and / or bonding schemes

• Terms of employment � working hours, holidays, conditions gov-erning shifts or overtime

5.4.2 IT Business Processes

(BP: 22.32, 22.4, 22.35, and 22.39)

1. IT business processes to be clearly identi�ed and listed.

2. Each business process should be described with activity diagrams (UML),manuals, etc.

3. IT Roles and responsibilities de�ned and published in line with HRmanagement.

4. Network and other con�guration diagrams and details should be doc-umented, both for the HQ and for the remote sites.

5. Maintenance and IT Support Procedures should be documented andpublished. Troubleshooting hints should be included as well.

5.4.3 System Security Policy

(BP: 22.36) Documents to be prepared that clearly describe the access rightsof each employee on AW and other systems, according to his position andfunctions.

5.4.4 IT Budget and Procurement Policy

(BP: 22.8)

1. Sta� in place to review procurement practices, ensure value for money,ensure speci�cations adheared to by suppliers and any EU rules onGovernment or international procurement followed

2. Sta� aware of and follow, the documented procurement procedures

38

3. IT procurement is in line with the IT strategy for hardware, softwareand communications installation and technical training

4. Centrally negotiated IT procurement contract(s) in place

5. Guidelines on contract management developed and published

5.4.5 IT Risk Management Strategy

(BP: 22.9) Risk Registry, including also Disaster Recovery, Backup and Re-store, IT Security, etc.

• Disaster recovery

1. Strategic plan for disaster recovery in place including �nancialneeds

• IT Security

1. Team in place responsible for IT Security - including assessmentof risks, security standards, user awareness and compliance mon-itoring

2. IT security policy and guidelines published eg. in System SecurityPolicy or System Security Operating Procedures documents

3. Security Team Roles and responsibilities published

4. Procedures and policies developed covering:

� Risk analysis

� Basic countermeasures

� Network security

� Communications security

� PC security

� Computer viruses

5. Disposal of computer hardware and storage media

6. Physical access controls in place and tested

7. Logical access controls in place and tested

8. Procedures in place to monitor and record breaches of securityeg. theft of equipment, unauthorised access to systems, misuse ofsystems, data or hardware, virus incidents

39

• Backup & Recovery

1. Network and workstation Backup and Recovery procedures testedand documented

2. Fallback procedures / Disaster recovery procedures tested anddocumented

3. Backup media stored remotely

4. Investment plan elaborated

5. Necessary equipment in place

5.4.6 IT Training Requirements and Strategy

(BP: 22.10 and 22.42) This document should assess the IT training needsboth for the IT experts and for the other sta�.

IT is a �eld that is improved very quickly and it is important to learnabout the latest developments in order to be able to apply them on the dailywork. So, training should not be considered as an activity that is done onlyfor the new employees, but it should be considered as an ongoing activitythat is part of the daily work.

Each IT sta� should have his own learning targets and objectives, andtheir performance should be evaluated not only based on their successfullcompletion of the daily routine work, but also on their progress related totraining targets. This is very important for having a successfull IT sta� thatis able to perform their duties e�ciently.

The training strategy should contain besides other things:

• The IT training needs for new employees (of departments other thanIT) and how this training is going to be performent.

• The non-IT training needs for new employees of the IT department(related to customs procedures etc.)

• The IT training needs for new employees of each sector of the IT de-partment, so that they can be able to perform the basic duties relatedto their position.

• A training plan for improving the skills of the current IT employees,so that they can be able to perform better their duties.

40

5.4.7 IT Documentation Standards and Procedures

(BP: 22.15) All the work that is done by the IT department, the problemsthat are solved, new things and new systems that are developed and im-plemented, con�gurations that are done, etc. should be documented andpublished, so that they become part of the knowledgebase. The knowledge-base is the �memory� the institution that helps to avoid the mistakes doneon the past (not to repeat them again), to solve repeated problems easier(if they were already solved by somebody on a previous case), to exchangeindividual experiences with the rest of the cooworkers, to draw conclusionsand to take decisions based on the past work and activity, etc.

This document should describe the standards and procedures, so that thedocumentation is done on the proper and most e�cient way (so that it canbe most usefull). This is closely related to the way that the knowledgebaseitself will be implemented.

5.4.8 IT Telecommunications Policy

(BP: 22.16)

5.4.9 Policy on Freedom of Information, Security and Data Pro-tection

(BP: 22.29)

6 General Guiding Principles

6.1 Kosto dhe �eksibiliteti

6.1.1 Riperdorim perpara Blerjes dhe perpara Ndertimit

ACA duhet të konsiderojë të gjitha zgjidhjet me kosto efektive, duke përf-shirë Open Source (burimet e hapura), për të përmbushur kërkesat e bizne-sit, duke operuar me një ripërdorimin para se të bleje, dhe/ose perpara setë ndërtojë strategji. Zgjidhjet qe ekzistojnë brenda ACA ose në Qeveri apoDepartamentet e tjera merren parasysh përpara se të vendoset për të blerëapo ndërtuar komponente të reja.

6.1.2 Nderto �llimisht per qeverine

Ri-përdorimi si zgjidhje dhe dizenjim ku nderthuren ACA, Qeveria dhe OpenSource. Kur ekzistojnë mundësi të identi�kuara në mënyrë të qartë, zgjid-

41

hjet dhe dizenjimet bëhen të gjitha shumerdorimshme per Adminitraten dheQeverinë. Megjithatë zgjidhjet nuk behen për gjera te panevojshme e kurnuk ekzistojnë kërkesat te qarta.

6.1.3 Reduktimi total i kostove te pronesise

Ne do të miratojmë një kosto te pergjithshme te modelit të pronësisë përdizenjim, zgjidhje dhe shpërndarje, duke balancuar koston e zhvillimit, mbështet-jen, ndryshimet e biznesit, fatkeqësite (natyrore apo forca madhore) dheamortizimit, kundrejt �eksibilitet, gatishmërinë, scalability, lehtësinë e për-dorimit dhe reduktimin e kompleksitetit

6.2 Mundesite e dhenies se sherbimit

6.2.1 Ndiqet partneriteti ne lidhje me dhenien e sherbimeve

Askush nuk mund t'I beje te gjitha gjerat vete. Na duhet të jemi ne partner-itet me qytetarët, sektorin vullnetar, etj. Ne inkurajojnë sjellje sipërmarrësenë komunitetin tone te partnereve .

6.2.2 Produktet dhe Planet behet qe te permbushin objektivat ebiznesit doganor

Projektet dhe programet duhet të kontribuojnë në realizimin e objektivavetona strategjike dhe qëllimet tona duhet të jetnë ne një linjë.

6.3 Balancimi i Reputacionit kundrejt rreziqeve per dheniene sherbimit

6.3.1 Perdorimi I teknologjive te Provuara

Sistemet e integruara dhe zgjidhjet e infrastrukturës teknike duhet të për-dorin produkte komerciale të vlefshme, dhe të qëndrueshme teknologjikishtdhe modele. Ato duhet të përputhen me sigurine, kon�dencialitetin dhepolitikat e privacise se te dhenave.

6.4 Risite

6.4.1 Zgjidhjet behen duke implemntuar produktet e pranuarane politiken per teknologjine e informacionit

Ne mbeshtesim zgjidhjet tona kryesore dhe sistemet mbi një platformë të për-bashkët, e cila realizohet me produktet e pranuara në politikën e teknologjisë

42

informacionit duke kërkuar që:

• te kemi zgjidhje të miratuara nga partnerët tanë strategjike

• Përdorimi i teknologjisë se provuar, duke miratuar kombinimet e pro-dukteve që janë provuar qe funksionojne së bashku. Në thelb, ne kërko-jmë më parë ri-përdorimin e teknologjisë që janë tashmë brenda ACAdhe do të shikojmë vetem zgjedhje të produkteve të reja ose zgjidhjevekur ato qe janë gjetur të jenë të pamjaftueshme.

6.4.2 Promovimi I avantazheve per biznesin nepermjet perdorimitte teknologjive inovative

Teknologjia e re

• Miratojmë vetëm bashkepunimin me partnere korrekte ku bilanci irrezikut perllogaritet minimal.

• Kërkojmë zgjidhje që do të vendosen dhe të jetojnë në një kontekst tëku�zuar, por për të paktën 12 muaj.

• Do të punojmë së bashku me partnerët tanë për të dhënë një risi nëbashkëpunim

6.5 Kontrolli I aseteve te informacionit

6.5.1 Versioni I se vertetes

Baza e te dhenave kryesore per informacion duhet te jete ne një version tëvetëm e të sakte. Kërkojmë të sigurojmë që të kete vetëm një pikë për kapjene informacionit, që të veri�kojmë se të dhënat jane te sakta sa më shpejt tëjetë e mundur me synim maksimizimin e përdorimit te atyre të dhënave.

6.5.2 Nderto besim nepermjet menaxhimit efektiv te informa-cionit nga klienti

Jemi te ndergjegjshem se besimi I klienteve �tohet nga menyra se si netrajtojmë të dhënat e tyre personale. Sigurojme se të dhënat jane te saktadhe te ruajtur mirë.

43

6.6 Rritja e E�ciences

6.6.1 Nderto ne levishmeri

Sigurohemi se zgjidhjet janë ndërtuar për të lejuar, kur është e përshtatshme,e sa me ne kohe reale, qe te dhenat aksesohen nga cdo department I qeverisedhe nga cdo vend.

6.6.2 Maksimizo Automatizimin e Proceseve

Do të automatizojme përpunimin e te dhenave kudo që të jetë e mundur dukeminimizuar nevojën për ndërhyrje manuale, sigurimin e sistemeve të për-punimit qe janë të efektshme dhe ekonomike. Do të synojmë automatiziminpër shumicën e transaksioneve, sipas standardeve, duke synuar thjeshtesinene perdorim.

6.6.3 Pergjigja sa me ne kohe reale per kerkesat e klientit

Kërkojmë ne vazhdimesi ti japim përgjigje kërkesave të klientit sa më shpejtqë të

44