EUROPEAN DYNAMICS UK LTD

European Customs Dynamic Platform - ECDP

ECDP has been conceived, designed and implemented to address the requirements of Customs 2007/2013, and a range of needs of national Customs applications of EU’s member states administrations. ECDP provides common legal framework/control mechanisms; business model; rules and practices; functional and technical specifications; messages via CCN/CSI between EU Customs.

Features

  • CCN/CSI support
  • Message exchange conformant to applicable structural, technical and business rules
  • Homogeneous data management
  • Definition and easy re-organisation of workflows and operational rules
  • EU and National Movements via the same procedures and mechanisms
  • Integrated Management Services
  • Mechanism for every supported process
  • Roll Based Access Control (RBAC)
  • Compliant Authentication and Authorization Mechanism
  • Support for multiple input channels (Web Forms, XML, Web Services)

Benefits

  • Message exchange conformant to applicable structural, technical and business rules
  • Homogeneous data management independently of the original message format
  • Definition and easy re-organisation of workflows and operational rules
  • Compliance with national practices and requirements
  • EU and National Movements via the same procedures and mechanisms
  • Flexible interconnection with Public/private entities (Economic Operators, citizens, etc.)
  • Integrated Management Services Mechanism for every supported process

Pricing

£3750 per instance per month

Service documents

Framework

G-Cloud 11

Service ID

5 3 1 0 5 0 0 7 0 6 6 7 7 0 4

Contact

EUROPEAN DYNAMICS UK LTD

Zachary De Pian

020 34118309

zachary.depian@eurodyn.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • Internet connection
  • Reasonably recent version of web browser
  • JavaScript enabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
The user support operates on working hours during workdays. The response to questions depends on their criticality and varies between 2 hours to 2 working days. Different service metrics are possible based on specific SLAs.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Different options are available. Complete information can be found in the pricing document.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The service setup includes the provision of standard electronic support material in the form of online documentation. Additional training may also be ordered.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted through normal Service operation at any time. Bulk data transfer may be arranged at the end of the term if required.
End-of-contract process
The “off boarding” phase follows an established procedure that provides assurance to both the Customer and the Service Provider that all service aspects will be addressed. Such aspects may include (depending on the Customer’s service set up):
• Access rights: ensure that all access rights are revoked or restored to the state before the service commenced.
• Customer-supplied data: ensure that all information uploaded or stored with the system is handled in line with the Customer requirements (deleted or returned to the Customer).
• Supplier-uploaded information: ensure that all information entrusted with the system by suppliers is managed in line with the contractual and legal requirements in effect.
• System-generated data: ensure that all information related to the Customer will be made available for retrieval. Such information may include audit trails, event characteristics, etc.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service uses responsive design as much as possible, which ensures an easy to use interface that dynamically matches the display of the user's device.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
During the Service setup phase, buyers are able to select customisation options that will be implemented by the service provider. Additional information exists in the pricing document.

Scaling

Independence of resources
The infrastructure of EUROPEAN DYNAMICS warrants that service performance will be unhindered by matters of capacity, load, and network traffic thanks to its design that exploits the benefits of a scalable and robust architecture based on virtualisation.

Analytics

Service usage metrics
Yes
Metrics types
Service usage, helpdesk report, storage consumption, KPI values
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
The Service may encrypt sensitive data at rest
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The service offers the possibility to archive and download on the user’s storage area all relevant information. Such information includes user information, complete procurement exercise data and audit trail reports. All exported files are formatted according to widely used file formats, thus maximising the possibility for reuse without any modification.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • Excel
  • Original format (ZIP archive)
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
All communication of sensitive data is via HTTPS over the public internet - The Service also encrypts sensitive information in order to provide additional protection.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Firewalls + Intrusion Prevention systems protect the perimeter of the service platform - The Service also encrypts sensitive information in order to provide additional protection additional access control/protection.

Availability and resilience

Guaranteed availability
99.9% ("three nines") availability is offered as standard
Approach to resilience
All key EDHS infrastructure components are fully redundant ensuring an HA data centre architecture ideal for mission critical hosting services:
• Redundant Server Design: all servers are fitted with redundant disks, power and cooling;
• Redundant Storage: fault tolerant enterprise grade Storage Area Network solution;
• Redundant Power: Power outages are handled by a UPS backed up by a diesel generator;
• Redundant Internet feeds: The primary data centre connects via two fibre carriers to two different ISPs.
Outage reporting
Service availability is part of the service report. Outages are part of the service availability information reported.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Users must enter their username and password in order to access the service. In case of first-time login, they also need to enter a one-time transaction code that is sent to their registered email address.
Access restrictions in management interfaces and support channels
Access to management interfaces is restricted through user authentication. Access to support channels is unrestricted. Non-public network channels are used for maintenance operations.
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
TÜV HELLAS (TÜV NORD) S.A.
ISO/IEC 27001 accreditation date
06/06/2017
What the ISO/IEC 27001 doesn’t cover
The certificate is specific to the hosting service platform and its administration. An ISO9001:2015 certificate covers the quality management of the companies business processes.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • RMADS accreditaion of a service provided to Revenue Scotland
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
The service security governance complies with Cyber Essentials standard and is operated in compliance with GDPR and the national data protection laws that apply in the UK and any other involved country, if any.
Information security policies and processes
A comprehensive set of Information Policies & Procedures are implement as part of the ISO27001 ISMS under which the service is operated.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Services are operated according to Change management Policy & Procedures which includes configuration changes . Changes must receive formal approval from an internal Change Advisory Board (CAB) .
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The tenderer has defined a Patch Management Policy in order to enforce a proactive patch management strategy; this involves recording and maintaining the patch level for all information systems involved within the hosting services environment. Furthermore, the strategy involves identification and application of patches that are considered essential in maintaining the security and correct operation of the service.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A comprehensive monitoring and alerting system is implemented for data centre services which is implemented as a separate LAN in order to monitor and maintain security. An HP ArcSight SIEM is used to analyze and correlate security events from across the IT infrastructure.
Incident management type
Supplier-defined controls
Incident management approach
The Service Provider maintains an incident management policy and associated incident response procedures as part of its hosting solution. The incident response procedures provides a detailed categorisation of incidents together with triggers and the associated actions that the tenderer takes in order to inform the customer and to protect and defend the customer’s hosted information resources.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£3750 per instance per month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
EUROPEAN DYNAMICS offers a test instance of the service free of charge to Customers wishing to familiarise themselves with the system, gain access to its documentation and go through online walkthroughs of most common tasks
Link to free trial
N/A

Service documents

Return to top ↑