English only
|
|
| Agenda Item 4.5 | Conference Room Document 38 English only |
second fao/who global forum of food safety regulators
Bangkok, Thailand, 12-14 October 2004
(Prepared by New Zealand)
Electronic transmission of documents directly between and within governments is well recognized as an efficient and secure means of communication. New Zealand developed its electronic SPS certification system, E-cert, for several reasons. Its internationalization provides a means of delivering these benefits globally:
The name "E-cert" was coined to describe the full New Zealand electronic SPS certification application'. "E-cert" has been adopted by both Australia and New Zealand. It provides for the electronic transmission of certification documents directly between and within governments.
E-cert is a web based product based on the technology that utilizes the internet protocols together with the universal language XML to enable integration of data between computer applications. E-cert provides a fully searchable database of all export certificates and their respective status and histories for all consignments regardless of whether they have arrived or are still on route. Various levels of the system can be accessed by any person given "permissions", as linked to their allocated user ID and password, anywhere in the world via any internet connected computer. A full description is contained in the Annex.
Internationalization
Following requests by other countries who wanted to replicate the front end of the New Zealand system, and in the interests of international harmonization, New Zealand has now permitted the "E-cert" name to be used to describe the generic methodology for using the internet and XML to exchange SPS certificates.
The APEC countries, Australia, USA, New Zealand and Canada have now all endorsed E-cert as the preferred method for electronic SPS certification. As of 2003, all APEC countries have committed to adopt and implement the common E-cert model by 2005/2010. E-cert working groups are to be or have already been established under Codex (CCFICS) and OIE. NZFSA has been progressively issuing user identifiers and passwords to the competent authorities of many of our trading partners. These trading partners have been encouraged to access the New Zealand animal product certificates destined for their countries and to use access to check on histories or to verify the authenticity of the paper versions they are receiving.
The United Nations CEFACT forum has set up an E-cert Ratification Project this year to agree the XML data element set that will form the international standard for SPS certificates. The UN/CEFACT Project has the support of the World Customs organization (WCO) and the Project team is keen to further coordinate with the CCFICS and anticipated OIE and IPPC working groups. The Project team has met twice so far, in Bonn in March 2004 and in Washington DC in September.
New Zealand has had the E-cert web-based product tracking and certification system in place since 2000.
Document security against fraud
Electronic document transfer is well recognized as an efficient and secure means of communication. The New Zealand E-cert system uses protocols similar to those used by banks to safeguard electronic transfers of funds. Document forgery and counterfeit packaging is increasingly being seen as a significant problem in international trade. The New Zealand E-cert system substantially reduces the potential for forgery or manipulation of documents for fraudulent use by third parties.
Processing efficiency and legal integrity
Currently E-cert in New Zealand stores almost all of the internal product eligibility documents as well as the New Zealand export certificates. This equates to some 100,000 electronic documents and certificates being generated and stored in the database per year. The increased volume of products now coming through ports is also necessitating more efficient processing so the limited inspection resources can be most appropriately used and targeted. With E-cert providing a fully searchable database of all export certificates for all consignments, the potential for better targeting or sampling is facilitated. As well, the ability to electronically download XML files maximizes the potential to utilize electronic checks and the direct population of border inspection point import databases which could result in significant inspection efficiencies.
The NZFSA considers that the electronic version residing on the New Zealand database to be the only secure version of the certificate and to be the 'original' in legal terms. Copies of the export certificates stored in the system are currently also being printed onto security paper at selected New Zealand localities. These are then additionally signed and stamped and handed over to New Zealand exporters when consignments are exported to some countries. New Zealand would like to move fully away from having to print and endorsing such "copies" and instead interface directly with importing governments' border inspection points/agencies.
Canada has been pre-clearing New Zealand meat and meat product consignments electronically since 2001 and using this information to populate the database used at its border inspection points. New Zealand also has various trials and degrees of implementation with a variety of other countries including the US, Taiwan, Singapore, Australia, Jordan etc with many more in the wings.
Security and bioterrorism
The ability to pre-screen and pre-clear consignments has also become increasingly important for both security and traceability reasons. There are also substantial advantages for multiple border inspection points and/or personnel to have access to the same information. When problems are found, real-time, interactive, government to government communication provides the ability to initiate timely corrective actions either back in the country of export or for corrected/replacement certificates to be provided. This is especially important for imports from geographically distant trading partners.
The New Zealand system has standardized data elements and the information recorded and available is at least equal to that being currently provided in the paper certificates. It is also very flexible and can interface with the different import database systems.
Electronic certificates can be viewed by importing countries either directly from the Internet using the E-cert database or by extraction of data in XML format for using in the importing government's own database. The extraction of data can use 'push' technology where the New Zealand database sends data to the receiving database, or 'pull' technology where the importing government extracts the data from the New Zealand database.
Many governments (including the USA and Canada) prefer the pull method as they maintain control of the initiation and extraction of data and nothing enters their database without their permission. Other governments may prefer the simplicity of the push method where they do nothing until the data arrives in their database. Importing Governments are therefore able to use one or more of the following options from the New Zealand E-cert application:
E-cert has revolutionized the New Zealand SPS certification system. It is cost effective and provides full control of documentation in a secure environment. Its flexibility, interactivity and adaptability allow it to match needs and systems worldwide. Harmonization and agreement on standard protocols will enhance its transportability over time. Immediate and ongoing benefits include efficiency in processing and resource utilization, security against fraud and security against bioterrorism through pre-screening and efficient inspection resource use.
The Ecert system comprises of two large web and database servers. These servers are identical. For reasons of high availability and disaster recovery the servers are located in different cities (Auckland and Wellington). Both servers are connected internally with a high speed data circuit, over which all data is replicated in real time. Hence both servers contain identical data at any time and it does not matter which server a user is connected to.
The servers are protected from unauthorized access by industry-standard firewalls. The application software and web servers insist on authentication and all data traffic is encrypted.
Access to the E-cert servers is possible from browsers over an encrypted connection using the HTTPS protocol, or for file transfers via secure FTP (SFTP protocol).
New Zealand industry users access the Ecert system by connecting to the Ecert web site. This allows them to:
Approved government signatories also access the Ecert system through the web. After ensuring that the physical products comply with the regulations, they approve certificates, maintain transport details and manage the certificate replacement process
There is also a facility whereby data for new certificate requests can be directly submitted from an Industries' computer to the Ecert system without human intervention. Some companies who produce large amount of product use this instead of submitting the data manually through the web. The mechanism available is secure FTP, i.e. the transfer of batch data files via an SSL encrypted connection to the Ecert server. SFTP is also well suited as a transport mechanism for automated supply of export certificate data to foreign authorities.
A relatively simple, yet secure way of exchanging XML data files is via secure FTP (SFTP). SFTP client and server software is available from various vendors. SFTP can be used on any architecture. In order for a foreign authority to obtain XML files the following set-up is suggested:
Foreign authorities need to develop their own software that processes XML data files. Certificate data needs to be extracted and inserted into their own database system. In addition, an automated or manual process should be set up to ensure periodic polling of the Ecert system. Acknowledgements and certificate status codes should be passed back to the Ecert system.
As an alternative to fully automated data retrieval by the foreign computer system there is the ability for foreign border inspectors to access the Ecert system directly and check what kind of goods are due to arrive. They can also inspect the electronic version of the export certificate. Again, all access is fully encrypted. Paper certificates would not be required anymore in such a set-up.
In order to access the Ecert system, foreign border inspectors need to apply for a user name and password from MAF.
Data security is of paramount importance and the Ecert system was designed to provide maximum protection from unauthorized access.
Two identical servers are maintained in order to ensure availability if one of them should go down. Servers are located independently in Auckland and Wellington, approximately 600km apart. Should one server become unavailable, the other keeps going. A suite of monitoring equipment and intelligent routing software redirect users to the functioning server in the event of the other failing. A 24x7 service regime ensures continued access, with the exception of occasional short maintenance periods.
Each E-cert component is protected by a firewall. The firewall is set up in such a way that only traffic essential to Ecert operation is allowed. All other Internet traffic is blocked. Data from and to the Ecert servers is encrypted. The firewalls contain monitoring software to detect break-ins.
Each E-cert user has their individual username and password for access. No public access is allowed. Usernames and passwords are never transmitted over the Internet in clear text, as all data is encrypted.
All web access to the Ecert system is fully encrypted using industry-standard 128 bit SSL encryption. The same kind of encryption is employed for secure FTP (SFTP) transfers of batch data.
The Ecert system provides a facility for automated data transfers using XML as the data format.
XML is an ideal data standard for the exchange of industrial and business data. Benefits of using XML include easily transferred over the Internet, widely available (many XML tools exist) and supported by all major software vendors, inexpensive to set up and maintain, wide use for business to business data exchange, XML documents are easy to create and process and XML is readable by humans and computers.