European Customs Dynamic Platform - ECDP

ECDP has been conceived, designed and implemented to address the requirements of Customs 2007/2013, and a range of needs of national Customs applications of EU’s member states administrations. ECDP provides common legal framework/control mechanisms; business model; rules and practices; functional and technical specifications; messages via CCN/CSI between EU Customs.


  • CCN/CSI support
  • Message exchange conformant to applicable structural, technical and business rules
  • Homogeneous data management
  • Definition and easy re-organisation of workflows and operational rules
  • EU and National Movements via the same procedures and mechanisms
  • Integrated Management Services
  • Mechanism for every supported process
  • Roll Based Access Control (RBAC)
  • Compliant Authentication and Authorization Mechanism
  • Support for multiple input channels (Web Forms, XML, Web Services)


  • Message exchange conformant to applicable structural, technical and business rules
  • Homogeneous data management independently of the original message format
  • Definition and easy re-organisation of workflows and operational rules
  • Compliance with national practices and requirements
  • EU and National Movements via the same procedures and mechanisms
  • Flexible interconnection with Public/private entities (Economic Operators, citizens, etc.)
  • Integrated Management Services Mechanism for every supported process


£3750 per instance per month

Service documents


G-Cloud 11

Service ID

5 3 1 0 5 0 0 7 0 6 6 7 7 0 4



Zachary De Pian

020 34118309

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Internet connection
  • Reasonably recent version of web browser
  • JavaScript enabled

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The user support operates on working hours during workdays. The response to questions depends on their criticality and varies between 2 hours to 2 working days. Different service metrics are possible based on specific SLAs.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Different options are available. Complete information can be found in the pricing document.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The service setup includes the provision of standard electronic support material in the form of online documentation. Additional training may also be ordered.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be extracted through normal Service operation at any time. Bulk data transfer may be arranged at the end of the term if required.
End-of-contract process The “off boarding” phase follows an established procedure that provides assurance to both the Customer and the Service Provider that all service aspects will be addressed. Such aspects may include (depending on the Customer’s service set up):
• Access rights: ensure that all access rights are revoked or restored to the state before the service commenced.
• Customer-supplied data: ensure that all information uploaded or stored with the system is handled in line with the Customer requirements (deleted or returned to the Customer).
• Supplier-uploaded information: ensure that all information entrusted with the system by suppliers is managed in line with the contractual and legal requirements in effect.
• System-generated data: ensure that all information related to the Customer will be made available for retrieval. Such information may include audit trails, event characteristics, etc.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service uses responsive design as much as possible, which ensures an easy to use interface that dynamically matches the display of the user's device.
Service interface No
Customisation available Yes
Description of customisation During the Service setup phase, buyers are able to select customisation options that will be implemented by the service provider. Additional information exists in the pricing document.


Independence of resources The infrastructure of EUROPEAN DYNAMICS warrants that service performance will be unhindered by matters of capacity, load, and network traffic thanks to its design that exploits the benefits of a scalable and robust architecture based on virtualisation.


Service usage metrics Yes
Metrics types Service usage, helpdesk report, storage consumption, KPI values
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach The Service may encrypt sensitive data at rest
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach The service offers the possibility to archive and download on the user’s storage area all relevant information. Such information includes user information, complete procurement exercise data and audit trail reports. All exported files are formatted according to widely used file formats, thus maximising the possibility for reuse without any modification.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • Excel
  • Original format (ZIP archive)
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks All communication of sensitive data is via HTTPS over the public internet - The Service also encrypts sensitive information in order to provide additional protection.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Firewalls + Intrusion Prevention systems protect the perimeter of the service platform - The Service also encrypts sensitive information in order to provide additional protection additional access control/protection.

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% ("three nines") availability is offered as standard
Approach to resilience All key EDHS infrastructure components are fully redundant ensuring an HA data centre architecture ideal for mission critical hosting services:
• Redundant Server Design: all servers are fitted with redundant disks, power and cooling;
• Redundant Storage: fault tolerant enterprise grade Storage Area Network solution;
• Redundant Power: Power outages are handled by a UPS backed up by a diesel generator;
• Redundant Internet feeds: The primary data centre connects via two fibre carriers to two different ISPs.
Outage reporting Service availability is part of the service report. Outages are part of the service availability information reported.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Users must enter their username and password in order to access the service. In case of first-time login, they also need to enter a one-time transaction code that is sent to their registered email address.
Access restrictions in management interfaces and support channels Access to management interfaces is restricted through user authentication. Access to support channels is unrestricted. Non-public network channels are used for maintenance operations.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 TÜV HELLAS (TÜV NORD) S.A.
ISO/IEC 27001 accreditation date 06/06/2017
What the ISO/IEC 27001 doesn’t cover The certificate is specific to the hosting service platform and its administration. An ISO9001:2015 certificate covers the quality management of the companies business processes.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • RMADS accreditaion of a service provided to Revenue Scotland
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards The service security governance complies with Cyber Essentials standard and is operated in compliance with GDPR and the national data protection laws that apply in the UK and any other involved country, if any.
Information security policies and processes A comprehensive set of Information Policies & Procedures are implement as part of the ISO27001 ISMS under which the service is operated.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Services are operated according to Change management Policy & Procedures which includes configuration changes . Changes must receive formal approval from an internal Change Advisory Board (CAB) .
Vulnerability management type Supplier-defined controls
Vulnerability management approach The tenderer has defined a Patch Management Policy in order to enforce a proactive patch management strategy; this involves recording and maintaining the patch level for all information systems involved within the hosting services environment. Furthermore, the strategy involves identification and application of patches that are considered essential in maintaining the security and correct operation of the service.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A comprehensive monitoring and alerting system is implemented for data centre services which is implemented as a separate LAN in order to monitor and maintain security. An HP ArcSight SIEM is used to analyze and correlate security events from across the IT infrastructure.
Incident management type Supplier-defined controls
Incident management approach The Service Provider maintains an incident management policy and associated incident response procedures as part of its hosting solution. The incident response procedures provides a detailed categorisation of incidents together with triggers and the associated actions that the tenderer takes in order to inform the customer and to protect and defend the customer’s hosted information resources.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3750 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial EUROPEAN DYNAMICS offers a test instance of the service free of charge to Customers wishing to familiarise themselves with the system, gain access to its documentation and go through online walkthroughs of most common tasks
Link to free trial N/A

Service documents

Return to top ↑