Georgia Revenue Service

COMPETITION GUIDELINE

INTEGRATED SYSTEM OF MOVEMENT AND REGISTRATION OF PRODUCTS

(Best EU industry Standards)

Content

1.  Chapter I. purpose and Scope Definition …………………………………3

2.  Chapter II. System and Performance requirements ……………………….4

3.  Chapter III. Technical Requirements ……………………………………..7

4.  Chapter IV. The mandatory requirements ……………………………….11

Chapter I. Purpose and Scope Definition

The system shall be for the provision of an integrated, government security-grade, control platform for the monitoring of production, importation, distribution and tax status of excise products. This system shall apply to the domestic manufacturing (be it high-speed automated or low-speed/low-volume non-automated production), imported and exported products (in case of purchaser request).

System shall include:

§  The development and production of highly secure Control Stamp or, where applicable, secure On-Product Marking;

§  The design, development, integration, training and maintenance of a tracking and tracing system to ensure monitoring of the highly Secure Codes (products) that mark control products:

-  products manufactured on domestic automated lines;

-  imported products or products at small – non-automated domestic manufacturers;

-  exported products

§  The design, development, roll-out and maintenance of a secure supply chain for the all solution based consumables to confirm validity of the Secure Codes applied and thus ensure the authenticity of controlled products by authorities, law enforcement officers (if necessary – by manufacturers, distributors, retailers and consumers);

§  The provision, maintenance and servicing of all required hardware (except the server) and software comprising the integrated security excise monitoring system;

§  The design, development, roll-out and maintenance of a database encompassing the set-up of secure communication protocols used to manage and transfer the collected information.

Chapter II. System and Performance requirements

All hardware requirements necessary to operate the system shall be developed, integrated, maintained and serviced by the supplier during the execution and operation of the contract. All hardware equipment shall be scalable to grow with the demands of the program and provide enough capacity to ensure, maintain and monitor efficient performance.

The control system shall be based on most advanced technologies in security printing, security coding, authentication and data management.

To protect against unauthorized access to the platform, all modules must provide user login and registration capabilities.

The first pilot testing of the system shall be implemented 3 months period from signing the contract, on the producing line agreed with the customer.

According to plan, prescribed under the signed contract between the customer and the winner company, implementation of the system in the left manufacturing lines shall start after 1 month from first pilot testing. The system shall be fully introduced no later than 31 December, 2012.

Central Data Management System

The supplier shall propose the configuration, development, integration, training, maintenance and support of a centralized data management server. This centralized system will also be used by the Authority as a repository for all system administration functionalities and management reports.

The system shall be flexible in terms of creating and presenting all kinds of report.

Production Monitoring and Control at Manufacturing Line

The supplier shall be able to integrate a production monitoring and reporting module to be used for the authentication and validation of the application of the Control Stamps and direct printed Secure Codes on the controlled products, the logging of production, and reporting of the data back to the central Data Management System.

Is considered mass production tobacco manufacturers having line speed higher than 200 packs per minute and alcohol/non-alcohol manufacturers and beer manufacturers having annual production higher than 500’000 liters or more than 2’000 bottles (cans) per hour with automated filling line installation

The production of every controlled product must be accounted for by the system. To efficiently control and account for each controlled product manufactured, the supplier will propose a comprehensive and industrially proven solution that will be seamlessly integrated onto automated production lines.

For the artisanal manufacturers or low-volume, non-automated manufacturers the Control Stamps shall be applied manually and activated by the mean of a Web based system.

The supplier must provide a method for accounting for non-confirming products and invalid Control Stamps, including those applied on products, unused stamps, stamps or direct printed Secure Codes on products for export, and stamps spoilage and wastages.

On the first stage of starting the pilot project, supplier shall ensure observation and service of manufacturing process on the spot (10-20 working days period).

Importation Monitoring and Control

Control Stamps to be used in products to be imported shall be applied (automatically or manually) by the manufacturers abroad or by the importers and activated by the mean of a Web based system and information shall be transferred to the central Data Management System through secure and encrypted communication. The supplier shall provide a secure Web based application allowing the activation of the products to be imported.

Product Auditing

The supplier will propose to customer authority a handheld terminal or specific program for mobile phones for the authentication of controlled products at any point of the supply chain. Specifications of this terminal will comply with requirements of harsh environment in which it will be used.

During entire period of contract, supplier shall ensure delivery and functionality of 100 items of control devices.

Deployment and Implementation Plan

The supplier shall be responsible for the installation and support necessary to maintain all machinery and ancillary equipments at each involved entity.

The supplier is expected to provide a detailed plan that describes the methodology used for deploying, commissioning and validating all the machinery, equipments and scanning/validation devices including:

-  Hardware equipments and associated devices ;

-  IT infrastructure and associated software;

-  Data communication infrastructure;

-  Supply chain integrity:

o  Provide description of methods that will be used in order to manage supply chain: consumables, Spare Parts & stock, Logistics, Imports

Before project implementation, the supplier shall provide the following documents:

Before the implementation:

-  System Guidelines explaining the different steps of the implementation;

At the beginning of the implementation:

-  Implementation Guidelines that should be applicable for high-speed industrial as well as low-volume production.

At the end of the implementation:

-  Quality Guidelines;

-  Security Guidelines;

-  Operation and Maintenance Guidelines.

The supplier must also provide a strategy and plan detailing system upgrade strategy and to address obsolescence for hardware, software, network and security over the course of the contract.

Technical Support, Warranty and Maintenance

The supplier shall provide a dedicated and locally based organization structure to provide technical support, maintenance and warranty services from installation of the equipments and over the course of the contract alongside a detailed maintenance plan for preventive and corrective maintenance.

The structure shall act only on behalf of the winner company, who is responsible for all the obligations prescribed under the contract.

Proposal:

§  Appropriate specialists shall work 24 hours to repair and/or replace faulty parts of the system;

§  24-hour Phone help-line and email technical support;

§  Keep records of the System’s usage and performance;

§  Train designated personnel to use the System.

All spare parts and labour time required to repair faulty equipments shall be covered during a warranty period of at least 1 year. Following termination of the warranty period, the scope and conditions of the service provided shall be provided under the form of a Service Level Agreement.

The supplier shall make available a list of key performance indicators for the performance monitoring and control of the system:

§  Control Stamp, Self-Adhesive Labels production monitoring;

§  Direct printed Secure Codes application monitoring;

§  Production monitoring and control at manufacturing lines;

§  Production monitoring and control at each manufacturing location;

§  Performance indicators of each modules of the system:

-  Uptime;

-  Reliability;

§  Field based audit reports:

-  audit information and session management information.

Security

All computers provided by the supplier shall be backed up on a regular basis.

The supplier shall provide network architecture with separate sub-networks, firewalls and proxies at the Authority. All communication between sub-systems of the secure platform up to the central Data Management System shall be secured by either standard (SSL) or proprietary solutions that offer both data privacy and data integrity protection. Additionally, all sub-systems apart from the audit terminal shall use sophisticated and highly efficient tunneling solutions (VPN) that make possible the use of the internet as a secure means of data transport.

Authentication and session management to all sub-systems shall be securely tracked and recorded.

Chapter III. Technical Requirements

Based on the item under control and depending on the needs of the Authority, the system should be able to leverage secure serialization or perform the same product control high levels through the application of a unique, secured Code directly onto product.

Different technologies shall not obstruct the process of production.

Unique Identification Methods

o  Control Stamps

o  On-Product Marking

o  Self-Adhesive stamps

Control Stamps

This system requires the supplier to provide a secure Control Stamp for the application on tobacco and beer products, alcoholic and non-alcoholic products. Also gets proposals about other consumer goods (pharmaceuticals products, edible oil, water and other) for marking.

The Control Stamp should be a dry Control Stamp for tobacco products and a self-adhesive Control Stamp for beer, alcoholic and non-alcoholic products and pharmaceuticals products. The dimension of the Control Stamp should be designed in order to be easily used in the automated production lines.

Control Stamp design and its associated security features (including coding security features) should be developed with the highest technical standards and quality control.

Each supplier shall submit, separate from its bid, the specifications for the secure Control Stamp design, security features.

The specifications must meet the minimum requirements set-forth later in this document and must fully describe the supplier’s authentication and anti-fraud solutions (anti-counterfeiting, anti-tampering, anti-smuggling and anti-diversion).

The supplier shall submit samples of secure Control Stamps and prototypes of the scanning devices required to authenticate, in the field, the covert features of the stamps. Also they shall submit technical requirements/description of equipments necessary for marking process implementation.

Security Requirement

The supplier shall propose a design combining multiple security layers. Goods having Control Stamps will have to be identified as genuine products in full cycle of movement:

-  1st level of authentication: overt security feature

-  2nd level of authentication: semi-covert security feature

-  3rd level of authentication: covert security feature

-  4th level of authentication: Forensic security feature

1st level authentication: overt security feature

The Control Stamps shall contain at least two overt security features to assist in the unaided visual authentication of the stamps. This feature should be as counterfeit proof as possible, thus the proposed overt security feature should at least comply with the following requirements:

The supplier will propose one design of Control Stamp per goods classification (preferably, using current symbols), comprised of this overt feature.

2nd level authentication: semi-covert security feature

By semi-covert authentication it is meant to say that this security feature will not be accessible at naked eye.

Therefore, the supplier shall propose a specific tool internally designed and developed to allow easy authentication of this semi-covert security feature. This specific tool will be compact, handheld and light weight, and very easy to use

3rd level authentication: covert security feature

To reinforce the two previous levels of authentication (1st and 2nd), the supplier shall propose at least four covert security features on each Control Stamp.

The first covert feature will be comprised in a specific security element (material-based security) and the second one shall be provided through the use of a unique and highly-secure encrypted code on each Control Stamp (information-based security).

In addition to the covert feature mentioned above, Control Stamps shall be designed so that if the Control Stamp is altered or reproduced through photocopying, digital reproduction or other means, i.e. counterfeited, the resulting copy will not be capable of being authenticated as a valid stamp.

4th level authentication: Forensic security feature

To reinforce the security of the Control Stamp, special pigment technology shall be used to provide a forensic marker. This security feature will be highly resistant to chemical and physical attacks and very difficult to reverse-engineer.

This forensic marker is to be controlled by the supplier, unique to the proposed solution and used to provide unequivocal evidence of the authenticity of the Control Stamp.

Coding personalization requirements

The supplier will provide a system to print a unique, highly secure and encrypted code to each Control Stamp.

The code will comply with the following requirements:

§  Be applied with security elements;

§  Be invisible or visible to the naked eye

§  Must provide a unique identification number per item encompassing:

-  Encryption algorithm

-  Country unique encryption keys (the bidder is requested to make declaration confirming the encryption keys are not used for another application)

Furthermore, the personalization component of the solution should be performed through a dedicated device capable of performing the following functionalities:

§  Inline quality control to ensure code compliance and consistency following the stage of application;

§  Secure and encrypted connection for the synchronization of personalization data with the central Data Management System.

On-line Control Stamp ordering system:

Orders will be placed via a secure web application using digital certificate providing access rights for each level of user: manufacturers, importers and exporters.

Control Stamps packaging formats should encompass:

-  Reels of Control Stamps

-  Control Stamps cut sheets

-  Control Stamps with appropriate format

All individual Control Stamps are to be tracked and synchronised with the central Data Management System through secure and encrypted communications when handed out.

Control Stamps delivery

The suppliers are to propose, as an integral part of the system, a solution to allow for the tracking of Control Stamps at any point of the supply chain including shipper and final destination.