Since the applicability of the new EU customs law the practitioner is to work with 4 legal bases. With Custleg you keep track of the new provisions: It provides various search options and an integration with the relevant articles of UCC-DA, UCC-TDA and UCC-IA assigned to those of the UCC.
- Legal bases of the EU customs legislation in one platform.
- Full consolidated topical texts with rapid update service.
- Integrated version of UCC, UCC-DA, UCC-TDA and UCC-IA.
- Interlinked legal texts and provisions.
- Can be integrated with other services (single sign-on).
- May complemented with further customs legislation.
- Quick access to all relevant texts and provisions.
- Instant overview of related provisions by integration of legal bases.
- Rapid navigation through legal bases with power search.
- Finding of keywords by specialised search functionality.
- Responsive and thus also designed for display on mobile devices.
- All menues and contents in English.
£8750 to £87500 per licence per year
- Free trial available
2 0 1 2 4 8 9 3 5 9 5 6 6 9 1
Mendel Verlag GmbH & Co. KG
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||No particular technical constraints because of web service. The licence arrangement however is for a concrete contracting authority or a concrete geopraphical area (United Kingdom) and thus correspodingly limits access to the service.|
|System requirements||Web browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Answers are usually provided on the same or the next working day.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
Support levels are L1 to L3.
Regular support is contained in the licence fees.
Support is rendered by a support team consisting of both content and technical specialists.
|Support available to third parties||Yes|
Onboarding and offboarding
The site gives the necessary instructions for its use but generally is self-explanatory for the users.
For the contracting authority a 'train the trainers' training may be offered which might assist in answering questions from the users about the service.
|End-of-contract data extraction||As the service is specifically set-up for the contracting authority, the user data for the service is clearly separated. The user data comprises basically the registration data, which thus may be deleted when the contract ends.|
|End-of-contract process||When the contract ends the service is terminated and the user data may be deleted. This is included in the contract price. Additional services, if required, may be rendered against a fee.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||There are no differences apart from the responsive web design adjusting the content display to the actual size of the device.|
|Description of customisation||The appearance of the web sites may be adjusted to the look and feel of the internet presence of the contracting authority in whose name the service is rendered. The customisation is done by Mendel in alignment with the contracting authority.|
|Independence of resources||The system is horizontally scalable and allows for multiple sessions at the same time.|
|Service usage metrics||Yes|
Number of user registrations per month.
Number of requests made by the users.
Data of newly registered users.
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||The service is intended to look up specialised information on the web, so there is no need for data export as such. User data is maintained on HTML sites and thus can be correspondingly edited or stored.|
|Data export formats||Other|
|Other data export formats||HTML|
|Data import formats||Other|
|Other data import formats||HTML|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||The service is available at least at 99.5%. There have been no exemptions in the last years and thus no refund policy had to be established.|
|Approach to resilience||The information is available on request.|
|Outage reporting||E-mail alerts.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Not applicable.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Supplier-defined policies and processes compliant to the delivery of foreign trade information and data services.|
|Information security policies and processes||Supplier-defined policies and processes compliant to the delivery of foreign trade information and data services.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Supplier-defined approach and processes compliant to the delivery of foreign trade information and data.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Supplier-defined process compliant to the delivery of foreign trade information and data.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Supplier-defined processes compliant to the delivery of foreign trade information and data.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Supplier-defined processes compliant to the delivery of foreign trade information and data.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£8750 to £87500 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Buyers may be granted limited access to the solution.|