EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 52018PC0832
Proposal for a COUNCIL DECISION on the position to be taken on behalf of the European Union in the Joint Committee established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax
Proposal for a COUNCIL DECISION on the position to be taken on behalf of the European Union in the Joint Committee established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax
Proposal for a COUNCIL DECISION on the position to be taken on behalf of the European Union in the Joint Committee established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax
COM/2018/832 final
EUROPEAN COMMISSION
Brussels, 12.12.2018
COM(2018) 832 final
2018/0422(NLE)
Proposal for a
COUNCIL DECISION
on the position to be taken on behalf of the European Union in the Joint Committee established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax
EXPLANATORY MEMORANDUM
1.Subject matter of the proposal
This proposal concerns the decision establishing the position to be taken on the Union`s behalf in the Joint Committee established under Article 41 of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax (hereinafter referred as "the Agreement"), pursuant to Article 5 and Article 41(2)(d), (e), (f), (g) and (h), Article 41(3) of the Agreement.
2.Context of the proposal
2.1.The Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax
The Agreement aims to ensure the correct determination, assessment and collection of value added tax (VAT) and recovery of VAT claims, to avoid double or non-taxation and to combat VAT fraud. The date of entry into force of the Agreement is September 1, 2018.
2.2.The Joint Committee
The Joint Committee is composed of representatives of the European Union and the Kingdom of Norway (hereafter referred as "the Parties") and shall ensure the proper functioning and implementation of the Agreement. It shall make recommendations for promoting the aims of the Agreement and adopt decisions by unanimity. The Joint Committee shall be chaired alternately by each of the Parties. The European Union is to be represented by the Commission in accordance with Article 17(1) of the Treaty of the European Union (TEU) and its position shall be subject to prior Council Decision, following a proposal from the Commission. Representatives of the Member States of the European Union may also participate in the meetings as observers.
2.3.The envisaged acts of the Joint Committee
During its first meeting, the Joint Committee should:
–adopt the Rules of procedure of the Joint Committee pursuant to Article 41(3) - Decision of the Joint Committee 1;
–adopt the standard forms, being the means for the transmission of communication and implementing the practical arrangements for the organisation of the contacts between the central liaison offices pursuant to Article 41 (2) (d), (e), (g) and (h) - Decision of the Joint Committee 2;
–adopt the procedure for the conclusion of the Service Level Agreement pursuant to Article 41(2)(j) of the Agreement - Decision of the Joint Committee 3;
–adopt the Service Level Agreement pursuant to Article 5 of the Agreement - Decisions of the Joint Committee 4 and 5;
–set the amount and the modalities of the financial contribution to be made by Norway to the General Budget of the European Union in respect of the cost generated by its participation in the European information systems pursuant to Article 41(2)(f) of the Agreement - Decision of the Joint Committee 6.
The purpose of the envisaged acts is to provide for the proper implementation of the Agreement.
3.Position to be taken on the Union`s behalf
The first Joint Committee decision will be on the rules of procedures. It lays down rules on composition and chairmanship, observers and experts, convening of meetings, agenda, secretarial support, drafting and adoption of minutes, procedure for the adoption of decisions and recommendations and expenses.
In particular, the Agreement falls under the exclusive competence of the Union. Therefore, the Union will be represented by the Commission. However, Member States may decide to participate as observers.
The second Joint Committee decision is on the adoption of the standard forms, establishing the means for the transmission of communication and implementing the practical arrangements for the organisation of the contacts between the central liaison offices. The Union legal framework already provides for a sound implementing system in the framework of Council Regulation (EU) 904/2010 on administrative cooperation and combating fraud in the field of VAT and Council Directive 2010/24/EU concerning mutual assistance for the recovery of claims relating to taxes, duties and other measures. The Joint Committee decision should provide that for the cooperation with Norway the tools implemented for the above-mentioned Union legislation will apply.
The third Joint Committee decision will establish the procedure for the conclusion of the Service Level Agreement, as well as for any future amendments. The fourth decision will be on the conclusion of the Service Level Agreement as such.
Finally, the fifth Joint Committee decision will be on the financial contribution to be paid by Norway to the General Budget of the Union in respect of the costs generated by its participation in the European information systems. The amounts to be paid by Norway have been calculated as a lump sum covering the participation/connection of Norway to the CCN/CSI system in the configuration proposed, as well as the expenditure related to the development, maintenance and up-grade of IT solutions.
–At this stage, there is no need for Joint Committee decisions pursuant to:
–Article 41 (2) (a), (b) and (c), on automatic exchange of information; the Parties will decide whether or not there will be such a need after the entry into force of the Agreement and after assessing the efficiency of the other means of cooperation foreseen by the Agreement;
–Article 41(2) (i) on implementing rules regarding the conversion of the sums to be recovered and the transfer of sums covered because according to Article 40(5) of the Agreement "as long and as far as no detailed rules are adopted by the Joint Committee for the implementation of this Title, the competent authorities shall make use of the rules, including the standard forms, currently adopted for the implementation of Council Directive 2010/24/EU, whereby the term Member State" will be interpreted as including Norway";
–Article 41 (2) (k) on amending legal references to legal acts of the Union or of Norway included in the Agreement because this need did not arise so far.
4.Legal basis
Pursuant to Article 218(9) of the Treaty on the Functioning of the European Union (TFEU) the Council, on proposal from the Commission, shall adopt a decision establishing the position to be adopted on the Union`s behalf in the Joint Committee.
The subject matter of international agreements (including on administrative cooperation between the Union and Norway in the field of VAT) falls under the exclusive competence of the Union pursuant to Article 3(2) TFEU 1 . In the Joint Committee, the Union is to be represented by the Commission in accordance with Article 17(1) TEU.
Furthermore, administrative cooperation in the field of VAT is a field for which unanimity is required for the adoption of a Union act pursuant to Article 113 of the TFEU. Therefore, the Union position represented by the Commission for the adoption of the Joint Committee recommendations and decisions, shall be previously adopted by the Council acting unanimously.
The Joint Committee will also have to agree on practical arrangements, such as drafting the provisional agenda and agreeing on the minutes of the meetings. Such tasks are necessary for the normal administration of the Joint Committee and they are not Joint Committee decisions or recommendations pursuant to Article 41 of the Agreement. However, from the Union side, all the above-mentioned tasks will be subject to prior consultation of the European Commission with the Council Working Party on Tax Questions.
The Joint Committee decisions pursuant to Article 5 and 41 of the Agreement constitute acts having legal effects and will be binding on the Parties under international law and in accordance with Article 46 of the Agreement.
2018/0422 (NLE)
Proposal for a
COUNCIL DECISION
on the position to be taken on behalf of the European Union in the Joint Committee established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 113, in conjunction with Article 218(9),
Having regard to the proposal from the European Commission,
Whereas:
(1)The Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax ('the Agreement') was concluded by the Union by Council Decision (EU) 2018/1089 2 1 and entered into force on 1 September 2018.
(2)The Joint Committee set up by that Agreement is to make recommendations and adopt decisions, in order to ensure the proper functioning and implementation of the Agreement.
(3)The Joint Committee, during its first meeting on [date], is to adopt its rules of procedure, the Service Level Agreement and other decisions concerning the proper implementation and functioning of the Agreement
(4)It is appropriate to establish the position to be adopted on the Union`s behalf in the Joint Committee, as the Service Level Agreement and other decisions will be binding on the Union.
(5)The bilateral Agreement between the Union and Norway provides for a solid legal framework to cooperate for fighting fraud and recovery of claims in the value added tax (VAT) area. This cooperation will benefit from the same tools currently used by the Member States for administrative cooperation and recovery of claims, such as the electronic platforms and e-forms.
(6)In the Joint Committee, the Union is to be represented by the Commission in accordance with Article 17(1) of the Treaty on European Union,
HAS ADOPTED THIS DECISION:
Article 1
The position to be taken by the Commission, on the Union`s behalf in the first meeting of the Joint Committee established by the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax, shall be based on the attached draft decisions to be adopted in accordance with Article 5, Article 41(2)(d), (e), (f), (g) and (h), and Article 41(3) of the Agreement.
Article 2
This Decision is addressed to the Commission.
Done at Brussels,
For the Council
The President
EUROPEAN COMMISSION
Brussels, 12.12.2018
COM(2018) 832 final
ANNEXES
to the Proposal for a
Council Decision
on the position to be taken on behalf of the European Union in the Joint Committee established in accordance with Article 41(1) of the Agreement between the European union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of the value added tax
ATTACHMENT 1
Draft
DECISION No 1/[date] of the Joint Committee of [date]
adopting the Rules of Procedure of the Joint Committee
THE JOINT COMMITTEE,
Having regard to the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of the value added tax (hereinafter referred to as the "Agreement") and in particular Article 41(1) thereof,
Whereas:
(a)It is necessary to lay down rules on composition and chairmanship, observers and experts, convening of meetings, agenda, secretarial support, drafting and adoption of minutes, procedure for the adoption of decisions and recommendations and expenses.
(b)It is necessary to adopt practical arrangements for the implementation of Article 41(3) of the Agreement,
HAS ADOPTED THE FOLLOWING RULES OF PROCEDURE:
Article 1
Composition and chairmanship
(1)The Joint Committee shall be composed of representatives of the European Union and representatives of the Kingdom of Norway (the Parties).
(2)The European Union shall be represented by the European Commission. The Kingdom of Norway shall be represented by [……].
(3)The Joint Committee shall be chaired alternately by each of the Parties for two calendar years. The first period ends on 31 December of the year following the year of the entry into force of the Agreement. The first chair will be the European Union.
Article 2
Observers and Experts
(1)Representatives of the Member States of the European Union may participate as observers.
(2)The Joint Committee may also admit other persons as observers to its meetings.
(3)Observers may be permitted by the chair to take part in the discussions and provide expertise. However, they shall not have voting rights and shall not participate in the formulation of the decisions and recommendations of the Joint Committee.
(4)Experts with special expertise may also be invited with regard to specific agenda items.
Article 3
Convening a meeting
(1)Meetings of the Joint Committee shall be convened by the chair at least once every two years. Either Party may request that a meeting be convened.
(2)The date and place of each meeting shall be determined and agreed between the Parties.
(3)Meetings may also be held by means of teleconferencing / videoconferencing.
(4)The chair shall communicate the invitation to the other Party, to the observers referred to Article 2(2) and the experts at least 15 working days before the meeting. The European Commission shall invite the representatives of the Member States of the European Union referred to Article 2(1).
(5)The meetings shall not be public unless otherwise agreed. The Joint Committee`s deliberations shall be confidential.
Article 4
Agenda
(1)The chair shall draw up the provisional agenda for each meeting and submit it to the Parties no later than 6 months before the meeting. The final agenda shall be agreed between the Parties no later than 15 working days before the meeting and circulated by the chair.
(2)Reference papers and supporting documentation shall be sent to the Parties no later than the date on which the provisional agenda is sent.
(3)For agenda items referring to decisions of the Joint Committee, the request for inclusion in the agenda and any related documents shall be sent to the Joint Committee at least 7 months in advance of the meeting.
Article 5
Secretarial support
(1)The chair shall carry out the tasks of secretary of the Joint Committee. All correspondence to the Joint Committee, including requests for items to be included or removed from the agendas, must be addressed to the chair.
(2)Notwithstanding the above, the Commission shall act as secretary for the communication of the statistics, provided under Article 20 and Article 39 of the Agreement.
Article 6
Minutes of the meeting
(1)The chair shall draft the minutes of each meeting. The chair shall circulate the minutes without delay and no later than one month after the meeting. The minutes shall be subject to mutual agreement between the Parties.
(2)The chair shall send the adopted minutes to the Parties.
Article 7
Adoption of decisions and recommendations
(1)Any decisions and recommendations of the Joint Committee shall be subject to prior discussion between the Parties.
(2)Decisions and recommendations of the Joint Committee shall be adopted during its meetings by unanimity.
(3)Decisions or recommendations may be adopted by written procedure provided both Parties agree.
(4)Under the written procedure the chair shall send the draft decisions and recommendations to the Parties and shall lay down a time limit to express their position. Any Party which does not oppose the draft acts before the expiry of that time limit, shall be regarded as having tacitly agreed to the draft acts.
(5)The chair shall inform the Parties of the outcome of the written procedure without delay, and no later than 14 calendar days after the expiry of the time limit.
Article 8
Expenses
Each Party, and when applicable each observer, shall bear the expenses it incurs in taking part to the meetings of the Joint Committee.
Date
ATTACHMENT 2
Draft
DECISION No 2/[date] of the Joint Committee of [date]
adopting the standard forms, the transmission of communication and the practical arrangements for the organisation of the contacts between the central liaison offices
THE JOINT COMMITTEE, established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of the value added tax, hereinafter referred to as the "Agreement",
Whereas:
(1)(a) Tools for transmission of communication, such as standard forms and electronic communication systems are already implemented within the framework of Council Regulation (EU) No 904/2010 on administrative cooperation and combating fraud in the field of value added tax 1 and Council Directive 2010/24/EU concerning mutual assistance for the recovery of claims relating to taxes, duties and other measures 2 and they are fully compatible with the administrative cooperation framework of the Agreement.
(2)(b) It is necessary to adopt practical arrangements for the implementation of points (d), (e), (g) and (h) of Article 41(2) of the Agreement,
HAS ADOPTED THIS DECISION:
Article 1
Standard Forms
Pursuant to Articles 21(1) and 40(1) of the Agreement, for the communication of information under Titles II and III of the Agreement, the competent authorities shall make use of the standard forms adopted for the implementation of Council Regulation (EU) No 904/2010 and Council Directive 2010/24/EU.
The structure and lay-out of the standard forms may be adapted to any new requirements and capabilities of the communication and information exchange systems, provided that the data and information contained therein are not substantially altered.
Article 2
Transmission of communication
All information communicated pursuant to Titles II and III of the Agreement shall be transmitted only by electronic means via the CCN/CSI network, unless this is impracticable for technical reasons.
Article 3
Organisation of the contacts
(1)In order to organise the contacts between the central liaison offices and liaison departments referred to in Article 4(2)(b) and Article 4(3)(b) of the Agreement, the competent authorities shall make use of the rules adopted for the implementation of Council Directive 2010/24/EU.
(2)The central liaison offices designated pursuant to Article 4(2) of the Agreement, shall keep the list of liaison departments and competent officials designated pursuant to Article 4(3) and Article 4(4) up-to-date and make it available to the other central liaison offices via electronic means.
Date
ATTACHMENT 3
Draft
DECISION No 3/[date] of the Joint Committee of [date]
adopting the procedure for the conclusion of Service Level Agreement
THE JOINT COMMITTEE, established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of the value added tax, hereinafter referred to as the "Agreement",
Whereas:
(3)(a) A service level agreement ensuring the technical quality and quantity of the services for the functioning of the communication and information exchange systems shall be concluded according to the procedure established by the Joint Committee.
(4)(b) It is necessary to adopt practical arrangements for the implementation of Article 5 of the Agreement,
HAS ADOPTED THIS DECISION:
Sole Article
(1)The Service Level Agreement, referred to in Article 5 of the Agreement, shall be concluded by the Joint Committee and shall be binding on the Parties from the day following its approval by the Joint Committee.
(2)Each Party may request a revision of the Service Level Agreement by sending a request to the chair of the Joint Committee. Until the Joint Committee decides on the proposed changes, the provisions of the last concluded Service Level Agreement will remain in force.
Date
ATTACHMENT 4
Draft
DECISION No 4/[date] of the Joint Committee of [date]
adopting the Service Level Agreement for the systems and the applications for administrative cooperation and recovery of claims in the area of VAT
1.REFERENCE AND APPLICABLE DOCUMENTS
1.1.APPLICABLE ACTS
This Service Level Agreement (‘SLA’) takes into account the list of agreements and applicable decisions listed below.
|
[AD.1.] |
Agreement between the Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax (‘the Agreement’)(OJ L 195, 01.08.2018, p. 3) |
|
[AD.2.] |
Decision of the XX Joint Committee implementing points (d), (e), (g) and (h) of Article 41(2) of the Agreement with regard to the standard forms, the transmission of communication and the organisation of the contacts of [date] |
Table 1: Applicable acts
1.2.REFERENCE DOCUMENTS
This SLA takes into account the information provided in the following reference documents. Applicable versions of the documents are published on CIRCABC or ITSM Web Portal.
|
[RD.1.] |
CCN Mail III User Guide for NAs (ITSM Web Portal) |
|
[RD.2.] |
CCN Intranet – Local Network Administrator Guide (ITSM Web Portal) |
|
[RD.3.] |
Statistics – Guidelines and instructions (ANNEX rev1) to SCAC No 560 |
|
[RD.4.] |
VAT e-Forms – Functional Specifications |
|
[RD.5.] |
VAT e-Forms – Technical Specifications |
|
[RD.6.] |
Recovery e-Forms – Functional Specifications |
|
[RD.7.] |
Recovery e-Forms – Technical Specifications |
|
[RD.8.] |
CCN/CSI General Security Policy (ITSM Web Portal) |
|
[RD.9.] |
CCN Gateway Management Procedures (ITSM Web Portal) |
|
[RD.10.] |
CCN/CSI Baseline Security Checklist (ITSM Web Portal) |
Table 2: Reference Documents
2.TERMINOLOGY
2.1.ACRONYMS
|
ACRONYM |
DEFINITION |
|
CCN/CSI |
Common Communication Network/Common System Interface |
|
CET |
Central European Time |
|
CIRCABC |
Communication and Information Resource Centre Administrator |
|
CLO |
Central Liaison Office |
|
CT |
Conformance Testing |
|
DG |
Directorate General |
|
EoF |
Exchange of Forms |
|
FAT |
Factory Acceptance Tests |
|
HTTP |
HyperText Transfer Protocol |
|
ITIL 3 |
Information Technology Infrastructure Library |
|
ITSM |
Information Technology Service Management |
|
Party |
Within the scope of this SLA, “party” shall mean either Norway or the Commission. |
|
VAT |
Value Added Tax |
Table 3: Acronyms
2.2.DEFINITIONS
|
EXPRESSION |
DEFINITION |
|
CET |
Central European Time, GMT+1 and during summer time GMT+2 hours. |
|
Working days and hours (ITSM service desk) |
7:00 to 20:00 (CET), 5 days a week (Monday to Friday including holidays) |
Table 4: Definitions
3.INTRODUCTION
This document consists of a SLA between the Kingdom of Norway (‘Norway’) and the European Commission (‘the Commission’), collectively referred as ‘the Parties to the SLA’.
3.1.SCOPE OF THE SLA
Article 5 of the Agreement specifies that "A service level agreement ensuring the technical quality and quantity of the services for the functioning of the communication and information exchange systems shall be concluded."
This SLA sets out the relationship between the Kingdom of Norway and the Commission concerning the use of the systems and applications for administrative cooperation and recovery of claims in the area of VAT, and between the Kingdom of Norway and the Member States concerning the exchange of forms.
The following systems are operational and are subject to the terms of the SLA:
·Exchange of Forms (EoF);
·Monitoring, statistics and testing.
The Commission determines the process to achieve agreement for the administrative cooperation by means of information technology. This involves standards, procedures, tools, technology and infrastructure. Assistance to Norway is provided to ensure data exchange systems are available and are properly implemented. The monitoring, supervision and evaluation of the overall system is also provided by the Commission. Furthermore the Commission provides Norway with guidelines to be respected in relation to this exchange of information.
All targets referred to in the SLA will be applicable under normal working conditions only.
In case of events of Force Majeure, the applicability of the SLA for Norway will be suspended for the duration of these Force Majeure conditions.
Force Majeure represents an unpredictable event or occurrence outside the control of Norway or the Commission, and which is not attributable to any act or failure to take preventive action by the responsible party. Such events shall refer to government actions, war, fire, explosion, flood, import or export regulations or embargoes and labour disputes.
The party invoking the Force Majeure shall inform the other party without delay about the impossibility to provide services or to accomplish the SLA targets due to Force Majeure incidents, setting out the affected services and targets. When the incidence of Force Majeure has ceased the affected party shall likewise inform the other party without delay.
3.2.AGREEMENT PERIOD
The SLA is binding on the Parties from the day following its approval by the Joint Committee established by Article 41 of the Agreement (‘the Joint Committee’).
4.RESPONSIBILITIES
The purpose of this SLA is to ensure the quality and quantity of the services to be delivered by the Commission and by Norway in order to make the specified systems and applications for administrative cooperation and recovery of claims in the area of VAT available to Norway and to the Commission.
4.1.SERVICES PROVIDED BY THE COMMISSION TO NORWAY
The Commission shall make the following services available:
·Operational services as follows:
–Helpdesk and operations:
(a)Helpdesk Support;
(b)Incident Handling;
(c)Monitoring and Notification;
(d)Training;
(e)Security Management;
(f)Reporting and statistics;
(g)Consulting.
–Reference centre:
(a)Information management;
(b)Documentation centre (CIRCABC);
In order to provide these services, the Commission shall maintain the following applications:
·Statistical applications;
·CIRCABC;
·Service desk tool.
4.2.SERVICES PROVIDED BY NORWAY TO COMMISSION
Norway shall make the following services available:
·Norway shall communicate to the Commission any available information relevant to their application of the Agreement;
·Norway shall communicate to the Commission any exceptional conditions;
·Norway shall provide annually the statistics regarding the communication of information set out in Article 20 of the Agreement.
5.SERVICE LEVEL REVIEW
This chapter provides a detailed description of the quantitative and qualitative aspects of the services to be provided by the Commission and by Norway as described above.
5.1.COMMISSION SERVICE LEVELS
5.1.1.Service desk
5.1.1.1.Agreement
The Commission shall make available a Service Desk in order to respond to any questions and to report any problems which Norway experiences with the systems and applications for administrative cooperation and recovery of claims in the area of VAT or any component that could affect them. This Service Desk will be operated by ITSM and its operating hours shall be the same as the ITSM working hours.
The availability of the ITSM Service Desk shall be ensured in at least 95% of the operating hours. All questions or problems can be communicated to the service desk during the ITSM working hours by telephone, fax or e-mail and outside those working hours by E-mail or fax message. Where these questions or problems are sent outside the working hours of the ITSM they shall be automatically deemed to have arrived at 8:00 CET on the next working day.
The Service Desk shall register and classify the service calls in a Service Management Tool and shall inform the reporting party of any change in status regarding their service calls.
The ITSM shall deliver a first line support to the users and shall dispatch any service call, which is the responsibility of another party (e.g. developer's team, ITSM contractors) within the specified time. ITSM shall ensure compliance with the registration deadlines in at least 95% of the cases occurring over a reporting month.
The ITSM shall monitor the resolution procedure for all service calls and shall start an escalation procedure by informing the Commission where the resolution period exceeds a predefined threshold, which will depend on the type of problem.
The priority level shall determine both the response and the resolution times. This is set by ITSM, but Member States or the Commission may require a specific priority level.
The registration time is the maximum time interval that is allowed to pass between the time of the receipt of the email and the sending of the acknowledgment email.
The resolution time is the time interval between the registration of the incident and the resolution information being sent to the issuer. This also includes the time involved in closing the incident.
These shall not be absolute deadlines as they take into account only the time when ITSM acts on the service call. When a service call is dispatched to Norway, the Commission or another party (e.g. developer's team, ITSM contractors) then this time does not form part of the resolution time of ITSM.
ITSM shall ensure the compliance with the registration and resolution deadlines in at least 95% of the cases occurring over a reporting month.
|
PRIORITY |
REGISTRATION TIME |
RESOLUTION TIME |
|
P1: Critical |
0.5h |
4h |
|
P2: High |
0.5h |
13h (1 day) |
|
P3: Medium |
0.5h |
39h (3 days) |
|
P4: Low |
0.5h |
65 h (5 days) |
Table 5: Registration times and resolution times (working hours / days)
5.1.1.2.Reporting
The Commission shall report on all service calls related to the systems and applications for administrative cooperation and recovery of claims in the area of VAT as follows:
·All the service calls closed during the month for Norway;
·All the service calls created during the month for Norway;
·All the service calls pending at the reporting date and time for Norway.
5.1.2.Statistical Service
5.1.2.1.Agreement
The Commission shall generate statistics about the number of exchanged forms in the VAT and recovery domain using CCN/Mail, which are available on the ITSM Web portal.
5.1.2.2.Reporting
The Commission shall produce a report on the conformance test reports, where applicable, and shall make them available to Norway.
5.1.3.Exchange of Forms
5.1.3.1.Agreement
The following table illustrates the maximum transmission deadline or answer time for the exchange of forms as defined in the legislation.
|
CCN/Mail mailbox |
Form |
Deadline |
|
VIESCLO |
Exchange of Information under Articles 7, 10, 12 and 18 of the Agreement 0 General exchanges |
The time limit for providing information is as quickly as possible, and no later than 3 months following the date of the request (Article 8 of the Agreement 0 ). However when the requested authority is already in possession of the information the time limit shall be reduced to a maximum period of one month (Article 8 of the Agreement 0 ). |
|
VIESCLO |
Exchange of Information under Articles 7, 10, 12 and 18 of the Agreement 0 Request for notification |
Request for notification with immediate answer (Article. 12 0 of the Agreement). |
|
TAXFRAUD |
Exchange of Information under
Anti-fraud exchanges |
Missing trader information shall be sent as soon as the information becomes available. |
|
TAXAUTO |
Automatic exchanges |
The categories of information subject to automatic exchange, in accordance with Article 11 of the Agreement, are to be determined by the Joint Committee. |
|
REC-A-CUST; REC-B-VAT; REC-C-EXCISE; REC-D-INCOME-CAP;
|
Request for information under Art. 22 of the Agreement 0 , Request for notification under Art. 25 of the Agreement 0 Request for recovery under Art. 27 of the Agreement 0 Request for precautionary measures under Art. 33 of the Agreement 0 |
Request for information: - acknowledgment of receipt within 7 calendar days; - update at the end of 6 months from the date of acknowledgment Request for notification: - acknowledgment of receipt within 7 calendar days; Request for recovery and request for precautionary measures: - acknowledgment of receipt within 7 calendar days; - update at the end of every 6 months from the date of acknowledgment |
Table 6: Performance EoF
5.1.3.2.Reporting
Norway shall also provide on an annual basis to the Commission statistical data via e-mail regarding to the communication of information as set out in Articles 20 and 39 of the Agreement [RD.3.] .
5.1.4.Problem Management
5.1.4.1.Agreement
Norway shall maintain an adequate problem registration 4 and follow-up mechanism for any problems affecting their application host, system software, data and applications software.
Problems with any part of the CCN network (Gateways and/or Exchange Mail servers) shall be reported to ITSM immediately.
5.1.4.2.Reporting
Norway shall inform the ITSM where they have an internal problem with the technical infrastructure related to their own systems and applications for administrative cooperation and recovery of claims in the area of VAT.
Where Norway considers that a problem reported to ITSM is not being addressed or resolved or was not addressed or resolved in a satisfactory way, it shall report this to the Commission as soon as possible.
5.1.5.Security Management
5.1.5.1.Agreement 5
Norway shall protect its systems and applications for administrative cooperation and recovery of claims in the area of VAT against security violations and shall keep track of any security violations and of any security improvements made.
Norway shall apply the security recommendations and/or requirements specified in the following documents:
|
Name |
Version |
Date |
|
https security recommendations of CCN /Mail III Webmail access – Ref. CCN /Mail III User Guide for NAs |
3.0 |
15/06/2012 |
|
Security recommendations of CCN /Mail III Webmail access – Ref. CCN Intranet – Local Network Administrator Guide |
4.0 |
11/09/2008 |
5.1.5.2.Reporting
Norway shall on an ad-hoc basis report to the Commission on any security violations and on any measures taken.
5.2.NORWAY`S SERVICE LEVELS
5.2.1.All Service Level Management Areas
5.2.1.1.Agreement
Norway shall register any unavailability problems or changes 6 regarding to the technical, functional and organisational aspects of Norway`s systems and applications for administrative cooperation and recovery of claims in the area of VAT.
5.2.1.2.Reporting
Norway shall inform the ITSM where necessary in relation to any unavailability problems or changes regarding the technical, functional or organisational aspects of their system. ITSM shall always be informed for any changes regarding the operating personnel (operators, system administrators).
5.2.2.Service desk
5.2.2.1.Agreement
Norway shall make available a service desk for responding to incidents assigned to Norway, for giving assistance and to carry out testing. The working hours of the service desk should be the same as the working hours of the ITSM Service Desk during ITSM working days. Norway`s service desk shall operate at a minimum between 10:00-16:00 CET during working days, except on its national holiday. It is recommended that Norway`s service desk follows the ITIL service support guidelines in handling the questions and incidents.
5.2.2.2.Reporting
Norway shall inform the ITSM where necessary in relation to any availability problem related to its service desk.
6.QUALITY MEASUREMENT
6.1.AGREEMENT
The Commission shall evaluate the reports (activity reports generated by ITSM, notifications, statistics, other information) received from the ITSM and Norway, shall determine the levels of adherence to this SLA and in case of problems shall contact Norway in order to solve the problem and to ensure that the quality of the service is in line with this agreement.
6.2.REPORTING
The Commission shall report on a monthly basis to Norway the level of the service as defined in Section 5.1.2.
7.APPROVAL OF THE SLA
The Service Level Agreement has to be approved by the Joint Committee in order to be applicable.
8.CHANGES TO THE SLA
The Service Level Agreement will be reviewed following a written request from the Commission or Norway to the Joint Committee.
Until the Joint Committee decides on the proposed changes, the provisions of the current SLA remain in force. The Joint Committee acts as the decision making body for the present agreement.
9.CONTACT POINT
For any questions or remarks regarding this document, feel free to contact:
SERVICE PROVIDER - SERVICE DESK
Date
ATTACHMENT 5
Draft
DECISION No 5/[date] of the Joint Committee of [date]
adopting the Service Level Agreement for the Common Communication Network/Common System Interface services (‘CCN/CSI SLA’)
1.REFERENCE AND APPLICABLE DOCUMENTS
1.1.APPLICABLE ACTS
This CCN/CSI SLA takes into account the list of agreements and applicable decisions provided below.
|
[AD.1.] |
Agreement between the Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of value added tax (‘the Agreement’(OJ L 195, 01.08.2018, p. 3) |
|
[AD.2.] |
Decision of the XX Joint Committee implementing points (d), (e), (g) and (h) of Article 41(2) of the Agreement with regard to the standard forms, the transmission of communication and the organisation of the contacts of [date] |
Table 7: Applicable acts
1.2.REFERENCE DOCUMENTS
This CCN/CSI SLA takes into account the information provided in the following reference documents. Applicable versions of the documents are those available at the time of signing this agreement.
|
ID |
REFERENCE |
TITLE |
VERSION |
|
CCN-COVW-GEN |
CCN/CSI & SPEED2 Systems Overview |
EN18.01 |
|
|
CCN-CMPR-GW |
CCN Gateways Management Procedures |
EN19.20 |
|
|
CCN-CSEC-POL |
CCN/CSI General Security Policy |
EN05.00 |
|
|
CCN-CSEC-BSCK |
CCN/CSI Baseline Security Checklist |
EN03.00 |
|
|
CCN-CLST-ROL |
Description of CCN/CSI roles |
EN02.10 |
|
|
CCN-CNEX-031 |
External note 031 - Procedure for the Move of a CCN/CSI Site |
EN06.20 |
|
|
CCN-CNEX-060 |
External Note 060 - Install new CCN Site |
EN02.20 |
|
|
CCN/CSI-PRG-AP/C-01-MARB |
CCN/CSI-PRG-AP/C-01-MARB-Application Programming Guide (C Language) |
EN11.00 |
Table 8: Reference Documents
2.TERMINOLOGY
2.1.ACRONYMS
|
Acronyms |
DEFINITION |
|
ACT |
Application Configuration Tool |
|
AIX |
IBM Unix OS |
|
CBS |
Central Backup Site |
|
CCN |
Common Communication Network |
|
CCN/CSI |
Common Communication Network / Common System Interface |
|
CCN/WAN |
Framework service for the provision of network services to CCN |
|
CI |
Configuration Item |
|
CIRCABC |
Communication and Information Resource Centre for Administrations, Businesses and Citizens |
|
COTS |
Common Off The Shelf |
|
CPR |
Customer Premises Router |
|
CSA |
CCN Security Administrator |
|
CSI |
Common System Interface |
|
DG |
Directorate General |
|
DMZ |
De-Militarised Zone |
|
EC |
European Commission |
|
ESTAT |
Eurostat |
|
FW |
Firewall |
|
HPUX |
Hewlett Packard Unix Operating System |
|
HTTP |
Hyper Text Transport Protocol |
|
HTTPS |
Hyper Text Transport Protocol - Secure |
|
HVAC |
Heating, Ventilating, and Air-Conditioning |
|
HW |
Hardware |
|
ICT |
Information and Communication Technology |
|
IMAP |
Internet Message Access Protocol |
|
IP |
Internet Protocol |
|
ITCAM |
IBM Tivoli Composite Application Manager |
|
ITS |
IT Services |
|
ITSM |
IT Service Management |
|
LAN |
Local Area Network |
|
LSA |
Local System Administrator |
|
MQ |
IBM MQ Series SW |
|
MVS |
Multiple Virtual Storage |
|
N/A |
Not Applicable |
|
NA |
National Administration |
|
NDI |
National Domain Interface |
|
OBS |
Orange Business Services |
|
OLA |
Operational Level Agreement |
|
OLAF |
Office de Lutte Anti-Fraude |
|
OS |
Operating System |
|
OSP |
Obligation of Service Provider |
|
OSR |
Obligation of Service Requesters |
|
POL |
Policy |
|
PoP |
Point of Presence |
|
PRG |
Program |
|
QA |
Quality Assurance |
|
RAP |
Remote API Proxy |
|
RD |
Reference Document |
|
REV |
Revision |
|
RFA |
Request For Action |
|
ROL |
Role |
|
SFI |
Submit For Information |
|
SMTP |
Simple Mail Transport Protocol |
|
SQI |
Service Quality Indicator |
|
SSG |
Secure Services Gateways (Juniper Encryption box) |
|
SW |
Software |
|
TAXUD |
Taxation and Customs Union |
|
TCP |
Transmission Control Protocol |
|
UPS |
Uninterruptible Power Supply |
|
VM |
Virtual Machine |
|
VPN |
Virtual Private Network |
|
WAN |
Wide Area Network |
Table 9: Acronyms
2.2.DEFINITIONS OF TERMS FOR THE PURPOSE OF THE CCN/CSI SLA
|
term |
DESCRIPTION |
|
Reporting period |
The elapsed time covered is one month. |
|
Working day |
The working days are the working days of the Service Provider Service Desk. These are 7 days a week including public holidays. |
|
Working hour |
The working hours are the working hours of the Service Provider SD. These are 24/24 during the working days. |
|
Duty Period |
The Service Provider’s “Duty Period” is the hours of coverage of the Service Desk function. The duty is ensured by Service Provider SD from 24/24, 7 days a week including public holidays. Depending of the CI's Service Window, there is an immediate action (24*7) or the intervention is scheduled for the next day. Letter, fax, e-mails and electronic requests (through the ITSM Portal) are accepted at any moment. Incoming requests are registered as “Service Calls” in the Service Provider Service Desk management system. |
Table 10: Definitions
3.INTRODUCTION
This document consists of a Common Communication Network/Common System Interface Service Level Agreement (CCN/CSI SLA) between the European Commission (‘Service Provider’) and the Kingdom of Norway (‘Service Requester’), collectively referred as ‘the Parties to the SLA’.
In particular the ‘Service Provider’ includes the organisational units of DG TAXUD, as listed below:
·DG TAXUD B2 unit coordinating all CCN/CSI activities;
·ITSM3 Operations providing operational services;
·CCN2DEV providing CCN software (evolutionary and corrective maintenance services);
·Trans-European Backbone network provider (CCN/WAN, currently OBS).
Based on the nature of the requested service, one of the Service Providers will fulfil the task.
The ‘Service Requester’ is the national tax administration (NA) of Norway. The concerned organisational units within the NA are:
·The National CCN Support Centre in charge of the support and management of the DG TAXUD CCN Infrastructure equipment located at NA premises as well as the national infrastructure supporting the applications running over the CCN/CSI infrastructure;
·The National Application Support Centre in charge of the national support of the EC applications running in the National Domain and using the CCN/CSI infrastructure services;
·The National Application Development Teams in charge of the development of applications using the CCN/CSI infrastructure including their sub-contractors.
3.1.SCOPE OF THE CCN/CSI SLA
Article 5 of the Agreement specifies that "A service level agreement ensuring the technical quality and quantity of the services for the functioning of the communication and information exchange systems shall be concluded."
This CCN/CSI SLA sets out the relationship between and the Commission (Service Provider) and the Kingdom of Norway (Service Requester), concerning the operational phase of the Common Communication Network/Common System Interface system (‘CCN/CSI system’).
It defines the required level of the service provided to the Service Requester. It also provides for a mutual understanding of service level expectations and the responsibilities of the involved Parties to the SLA.
This document describes the services and service levels provided currently by the Service Provider.
All targets referred to in the CCN/CSI SLA will be applicable under normal working conditions only.
In case of events of Force Majeure, no Party shall be liable for any failure to perform its obligations where such failure is as a result of natural disaster (including fire, flood, earthquake, storm, hurricane or other natural disaster), war, invasion, act of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, military or usurped power or confiscation, terrorist activities, nationalisation, government sanction, blockage, embargo, labour dispute, strike, lockout or interruption or long-term failure of the commercial electricity grid.
3.2.CCN/CSI SERVICE DEFINITION AND CHARACTERISTICS
The Common Communication Network/ Common System Interface is a tool for exchange of tax information between the National Administrations in the field of Taxation and Anti-Fraud. The main characteristics of the CCN/CSI system infrastructure are listed hereafter:
|
TRANS-EUROPEAN |
CCN/CSI offers a global WAN access to Service Requesters through a number of Points of Presence (PoP) in every Member State, acceding countries and Norway. The CCN/CSI network backbone offers the required capacity and resilience to provide the Service Requesters with a high availability rate. |
|
MULTI-PLATFORM |
Allows the interoperability between heterogeneous platforms (Windows, Linux, Solaris, AIX, HPUX, SVR4, IBM MVS, etc.) through a highly portable communication stack (CSI) installed on standard national Application Platforms. |
|
MULTI-PROTOCOL |
Supports various protocols and exchange paradigms: §CSI protocol supporting asynchronous and synchronous (request/response) communication paradigms (CCN/CSI channel); §HTTP/S protocol for interactive access to CCN Intranet services (CCN Intranet channel); POP, IMAP, SMTP protocols for the exchange of e-mail between NA users but also between applications (CCN Mail III channel). |
|
SECURE |
Information exchanges over the CCN/CSI network are protected to ensure optimal confidentiality and data integrity. Security services include: §Site-to-site IPSec256-bits encryption and protection against unwanted accesses enforced by Firewall/encryption devices deployed at every CCN/CSI site; §Access control mechanisms (authentication, authorisation, accounting) at site level enforced at CCN Gateway and supported by local administration tools (ADM3G); Session-level security enforced by message-level encryption (CSI secure), SSL v.3 mutual authentication and encryption (HTTPS), POP-S and IMAP-S (secure e-mail transport). |
|
MANAGED |
The CCN/CSI infrastructure also provides Service Requesters with managed services including: §Central Monitoring; §Event logging; §Production of statistics on CSI and CCN Mail III message exchanges (size, number of messages, matrix) and statistics on CCN gateways and CCN Mail III; §User management (ADM3G) and directory services; §CSI stacks validation; §Portal services: oCCN Portal: on-line access to statistics, on-line remote API proxies (RAP) management; oITSM Portal: on-line Newsletter, on-line documentation and CSI stack packages, CCN Frequently Asked Questions (FAQ) §ACT (Application Configuration Tool); Services calls tracking and on-line support. |
Table 5: Characteristics of the services provided by CCN/CSI
3.3.AGREEMENT PERIOD
The CCN/CSI SLA is binding on the Parties from the day following its approval by the Joint Committee established by Article 41 of the Agreement (‘the Joint Committee’).
4.RESPONSIBILITIES
4.1DUTIES OF THE SERVICE PROVIDER (OSP)
The Service Provider shall:
|
[OSP1] |
Operate the CCN/CSI network infrastructure in order to achieve the Service Levels described in section 8. |
|
[OSP2] |
Select the various CCN/CSI Infrastructure and Software components. |
|
[OSP3] |
Provide Hardware and Software maintenance for the DG TAXUD CCN infrastructure equipment (e.g. CCN Gateways) installed at the Service Requesters premises as well as the central CCN Mail III servers. |
|
[OSP4] |
Provide monitoring of the DG TAXUD CCN Infrastructure equipment installed at the Service Requesters premises. |
|
[OSP5] |
Manage the CCN/CSI audit files. |
|
[OSP6] |
Manage the CCN/CSI addressing plan. |
|
[OSP7] |
Respect the rules and recommendations put forward in the “Security documents”: §CCN/CSI General Security Policy RD3 ; CCN/CSI Baseline Security Checklist RD4; |
|
[OSP8] |
From time to time, the Service Requester needs to make sure that the network availability will not be reduced due to maintenance or other expected unavailability’s. In that case, the Service Requester will notify the Service Provider at least 1 month in advance. If the Service Requester cannot respect this delay, DG TAXUD will arbitrate the situation. |
|
[OSP9] |
All software licenses running on the CCN gateways will be provided by DG TAXUD. |
|
[OSP10] |
Respect the CCN/CSI site backup policy (cfr. RD2). |
|
[OSP11] |
Audit the system as defined in RD2. |
|
[OSP12] |
Regularly proceed with the System Security Checkup as defined in RD2 |
Table 6: Obligations of the Service Provider (OSP)
4.2.DUTIES OF SERVICE REQUESTER (OSR)
The Service Requester shall:
|
Technical and Infrastructure level |
|
|
[OSR1] |
House the DG TAXUD CCN Infrastructure equipment provided by the DG TAXUD and provide appropriate: §Rack/Storage space; §electrical power supply; HVAC; |
|
[OSR2] |
Make sure that the CCN/CSI components are "electrically" connected to the UPS. Specific adaptations to local standards (e.g. plug adapters) have to be provided by the Service Requester |
|
Operational and Organisation level |
|
|
[OSR3] |
Assign personnel in charge of the roles listed in RD5 . |
|
[OSR4] |
Ensure presence outside of normal working hours whenever deemed necessary and requested by the Service Provider. For some operations performed by the backbone carrier or by the Service Provider, the coordination and/or the presence of the LSA from the Service Consumer may be required. There will be at least one-month notice in order to plan these activities; full cooperation is necessary in order to respect the complex planning due to the number of sites. |
|
[OSR5] |
Never stop any of the DG TAXUD CCN Infrastructure equipment without formal authorisation from the Service Provider. |
|
[OSR6] |
Ask for the formal authorisation from the Service Provider before installing on the DG TAXUD CCN Infrastructure equipment additional hardware or software components that do not belong to the standard delivery package. |
|
[OSR7] |
Provide a clear description of the perceived/reported incidents, reported by the service requester. |
|
[OSR8] |
Collaborate actively with the Service Provider and/or his representatives when required for the delivery of services. |
|
Communication level |
|
|
[OSR9] |
Use exclusively the contact points at the Service Provider and inside their own organisation. |
|
[OSR10] |
Notify the Service Provider of any absence of the contact points during the opening hours of the Service Provider, or, at least, provide a backup able to replace the contact points. |
|
[OSR11] |
Notify the Service Provider of any modification of its own contact points, at least 5 working days before this modification becomes effective. |
|
[OSR12] |
Notify the Service Provider of any scheduled INFRASTRUCTURE maintenance potentially affecting the DG TAXUD CCN Infrastructure equipment hosted at the Service Consumer premises (at least one week in advance for all equipment). e.g.: planned power or network infrastructure outages, DC move, ip-address changes, …. |
|
[OSR13] |
Notify the Service Provider of any external problem such as power failure affecting the good running of the CCN Gateways and application platforms. |
|
[OSR14] |
Notify Service Provider, through a formal request, at least six months in advance for any moving of DG TAXUD CCN Infrastructure equipment. The Service Requester takes in charge the costs of the moving operations. Refer to RD6 for more details about the procedure. |
|
[OSR15] |
Notify the Service Provider of any outage of the secured links between the DG TAXUD CCN Infrastructure and the Service Requester (NA or peer DG). |
|
[OSR16] |
Notify the Service Provider of any outage of the Application Platforms. |
|
[OSR28] |
The service requester is requested to communicate any planned local DC/Computer room outage (incl. WAN) 1 (one) working week upfront. This in order for DG TAXUD to be able to put in place the necessary communication to any other involved stakeholders. |
|
Security and User Management level |
|
|
[OSR17] |
Manage the local user accounts on the CCN Gateway (cf. RD2). |
|
[OSR18] |
Grant physical access permission to the equipment and staff mandated by the Service Provider when required. |
|
[OSR19] |
Authorise the appropriate TCP ports in the Service Consumer network (National Domain) (cfr. RD2). |
|
[OSR20] |
Ensure that the Network Encryption Devices (currently Juniper SSG) at the Service Requester site is located in an access-controlled area. |
|
[OSR21] |
Restrict access to all devices of the DG TAXUD CCN Infrastructure to authorised personnel. The access shall be allowed only on request from the CSA. Unwanted access to these devices can jeopardise the security or at least cause network outages. |
|
[OSR22] |
Respect the rules and recommendations put forward in the “Security documents”: §CCN/CSI General Security Policy RD5 ; §CCN/CSI Baseline Security Checklist RD6 ; |
|
Application Management Development |
|
|
[OSR27] |
The Service Requester is sole responsible for the development, support and management of its applications. They must conform to the rules defined in RD8 |
Table 7: Obligations of the Service Requesters (OSR)
4.3.SERVICES PROVIDED BY THE SERVICE PROVIDER
4.3.1.IT Service Desk
The Service Provider offers a consolidated IT Service Desk with Incident and Problem Management. The IT Service Desk extends the range of classical help desk services and offers a more global-focused approach, allowing business processes to be integrated into the CCN/CSI service management.
Indeed, the IT Service Desk not only handles incidents, problems and questions, but also provides an interface for other activities such as change requests, maintenance contracts, software licences, service level management, configuration management, availability management, security management and IT service continuity management.
The IT Service Desk also spontaneously notifies the Service Requester of any urgent information, thus acting as an information-dispatching centre for the Service Requester.
A Notification is defined as a message issued by the Service Provider warning Service Requester of an event that may affect the CCN/CSI operations: gateway unavailability, system outage, malfunctions, infrastructure maintenance or software update.
The IT Service Desk interface to Service Requester is achieved through the Service Provider contact point or through the ITSM Web portal, which provides on-line services to the Service Requester such as service call tracking; ACT tool and the CCN Web portal which provides CSI packages download area, access to statistics and monitoring information, etc.
4.3.1.1.Incident and problem management
This service deals with incidents originating from Service Desk users (including system operations). An incident may be defined as a simple request for information or clarification, but may also be categorized as the reporting of non-compliant behaviour of a specific component.
An incident is defined as an unexpected event that is not part of the standard operation of the infrastructure or a failure that degrades an operational CCN/CSI service. An incident is solved when the service is restored.
The incident can be related to the following Configuration Items (CI):
·The hardware under responsibility of the Service Provider: CCN gateways, security devices, Customer Premises Routers (CPR) and other network connectivity devices on the EuroDomain (DG TAXUD CCN Infrastructure) LAN;
·The software running on the encryption devices;
·The system software running on the gateways: Operating System, basic communication software such as TCP/IP, etc.;
·The third-party software running on the gateways such as Tuxedo, MQSeries, Sun ONE Directory Server, PostgreSQL, Apache, etc.;
·The CCN Mail III;
·The CCN/CSI software running on the gateways;
·The CSI software running on the Application Platforms;
·SIAP (Secure Internet Access Point) – Unified Defence.
A problem is identified either from a single incident which has an extremely adverse impact on the user service and for which the cause is unknown, or from multiple incidents exhibiting common symptoms. A problem is solved when the cause is identified and removed.
When an incident occurs, the situation is investigated in order to restore the operational CCN/CSI services (if needed) and to find the root cause of the incident. The Service Provider helps to resolve incidents in the NA application software, at the level of the interface with CCN/CSI, as long as this has no impact on the other services to be provided by the Service Provider. The Service Provider assistance consists in providing information about the correct usage of CCN/CSI. It does not consist in participating in the debugging of NA application software.
4.3.2.Tools supporting the Service Management
The monitoring of the CCN gateway infrastructure, applications and CCN queues is supported by the IBM® Tivoli Monitoring (Tivoli Monitoring) and IBM Tivoli Composite Application Manager (ITCAM) product family.
The CCN Tivoli Monitoring and Reporting service, based on IBM Tivoli Monitoring suite, provides the following functionalities:
·Monitor the applications queues located on the CCN Gateways (WebSphere MQ);
·Monitor the operating system status of the CCN Gateways;
·CPU usage, Disk space, Memory usage, Network usage, Processes;
·Out of Band HW monitoring;
·Monitor the running processes of the CCN components located on the CCN Gateways;
·Monitor the CCN Mail III infrastructure;
·Provide to the CCN Tivoli users a view on the previous monitored information;
·Generate pre-defined alerts on the previous monitored components;
·Provide reports based on collected historical data (CCN Tivoli Data Warehouse);
·Give information about the availability and performance of the CCN/CSI infrastructure over time, reporting important trends in a consistent and integrated manner.
4.3.3.ICT Infrastructure Management and Operations
The Service Provider is called upon to install, operate, and maintain the CCN/CSI operational infrastructure so as to guarantee the agreed availability levels.
The CCN/CSI operational infrastructure is composed of the EuroDomain relay devices (CCN Gateways), security devices, customer premises router and telecommunications.
This service covers:
·Availability Management;
·Contingency Management;
·Application Configuration Data management;
·Security Management.
And also includes:
·The coordination of the moving of CCN/CSI equipment;
·The coordination of deployment of new sites;
·The capacity planning of the CCN infrastructure;
·Follow-up of the above-requested activity during the monthly progress meeting. This meeting is QA’ed and consists of all contracting parties contributing to the CCN/CSI service;
·Facilitation of ‘freeze’ requests. These can be requested only by authorized users to a DG TAXUD dedicated official;
·Design, planning, deployment, operations, technical support & retirement of HW, OS and COTS;
·Network Services;
·HW& OS & COTS Services;
·Backup & Restore;
·Job Management Service;
·Production & Maintenance of ICT Infrastructure Management Related Plans i.e. ICT Infrastructure Plan, Availability Plan, Capacity Plan, Continuity Plan;
·Feasibility Studies linked to Infrastructure.
4.3.3.1.Availability Management
The main service that the Service Provider has to provide is to ensure that the CCN/CSI system is “up and running” at the required availability level.
The Service Provider ensures that all CCN/CSI sites are interconnected through a Wide Area Network (WAN) offering the necessary resilience and capacity to ensure the proper functioning of critical business applications using the CCN/CSI infrastructure and services.
The availability management service covers the following items:
·Global access in all connected NAs;
·The provision of the local loop (+ a backup line) between the WAN local access point (PoP) and the National Administration premises;
·The Customer Premises Router (CPR) installation, configuration, and maintenance;
·The Security Device (i.e. SSG encryption-firewall box) installation and maintenance;
·Communication gateways located on the DMZ, at every local site (i.e. CCN Gateways);
·The central CCN Mail III system.
The Service Provider also provides statistical information on the availability collected under operational circumstances and a monitoring service, both for pro-active problem tracking and statistical purposes.
4.3.3.2.Contingency Management
The Service Provider is responsible for the CCN/CSI components located in the DG TAXUD CCN Infrastructure at each CCN/CSI site.
The Contingency service aims at restoring the agreed service levels within an agreed timeframe in case of partial or complete dysfunction or destruction of the CCN/CSI system by providing the Service Requesters with help and items such as:
·Software backup of CCN gateways (at every site);
·Central CCN backup site;
·Redundant encryption devices;
·Switching capabilities between production and backup gateways;
·Spare units for hardware devices;
·Dual telecom access lines to the CCN backbone (at every site);
·Assistance in installation and configuration of CCN/CSI items in the DG TAXUD CCN Infrastructure;
·Recovery procedures.
4.3.3.3.Application Configuration Data Management
This service concerns the management of configuration data, required by CCN/CSI applications, by the Service Provider.
These configuration data are stored in the central CCN/CSI Directory. The central CCN/CSI Directory management is shared between the Service Provider and the National Administrations. Each National Administration is in charge of the management of its local CCN/CSI users. The rest is managed by the Service Provider.
Examples of configurations subject to an Administration Service Request are:
·Definition of a local admin profile;
·Registration of an application service;
·Registration of an application queue;
·Registration of a message type;
·Validation of application configuration data;
·Registration of administration roles;
·Contact list management.
4.3.4.Security Management
This service concerns the management of the security items, required by CCN/CSI environment, by the Service Provider.
Security is managed as well on the level of the involved server equipment (OS), network equipment and on operational level.
·Information exchanges over the CCN/CSI network are protected to ensure optimal confidentiality and data integrity.
·Security services include:
–Site-to-site encryption and protection against unwanted accesses enforced by firewall/encryption devices.
–Access control mechanisms (authentication, authorisation, accounting) at site level enforced at CCN Gateway and supported by local administration tools (ADM3G).
–Session-level security enforced by message-level encryption (CSI secure), SSL mutual authentication and encryption (HTTPS & NJCSI), POP-S and IMAP-S (secure e-mail transport).
–SIAP unified defence mechanism for secured internet access to CCN services.
4.3.5.Documentation management
The Service Provider maintains the whole CCN/CSI technical documentation (i.e. technical document, user guides, frequently asked questions, newsletters, upcoming events, etc.) up-to-date, which acts as Documentation Centre.
This includes the documentation related to the CCN/CSI infrastructure: Oracle-Tuxedo, IBM-MQ, CCN Gateways, CCN Mail III, CSI software, procedures, reports, history of communication with partners, etc.
The Service Provider manages a list of documentation, related to the CCN/CSI that can be communicated to Service Requester. These documents are available on CIRCABC, and the ITSM Portal.
The Service Provider automatically updates the list with the newly approved version of the documents.
4.3.6.Reporting and statistics
The Service Provider provides the Service Requester with the following reporting facilities through the CCN and ITSM Web Portal:
·On-line availability figures for CCN Gateways and CCN Mail III servers;
·On-line newsletters;
·Statistics on CCN/CSI exchanges.
The Service Provider also regularly holds IT Tech & Infra meeting, where the reporting and statistics are presented.
4.3.7.Training
The Service Provider works out courses and performs training related to the technical aspects of the CCN/CSI system. The standard courses are organised in training packages divided into modules. As a general rule, training sessions are organised every year. The standard training packages are distributed twice a year via DG TAXUD and available online on the ITSM Portal.
5.SERVICE LEVEL MEASUREMENT
5.2.SERVICE LEVEL
The Service Level is a measure of the quality of the services provided by the Service Provider. It is computed by a Service Quality Indicator or SQI.
It is expected that the Service Requester complies with its obligations (see § 0 ) to achieve the agreed Service Level.
5.2.APPLICABLE SERVICE QUALITY INDICATORS
5.2.1.Individual CCN/CSI Site Availability
This Quality indicator provides the lowest measured availability of an individual site during the « Full Period », i.e. 24*7, for a given month. The CCN/CSI SLA limit is defined as follows:
|
LIMIT |
>= 97,0 % availability |
5.2.2.Quality Indicator on the Duty Period
The Service Provider’s “Duty Period” is the hours of coverage of the Service Desk function. The duty is ensured by the Service Provider SD 24/24, 7 days a week including public holidays.
Depending of the CI's Service Window, there is an immediate action (24*7) or the intervention is scheduled for the next Service Window. Letter, fax, e-mails and electronic requests (through the ITSM Portal) are accepted at any moment. Incoming requests are registered as “Service Calls” in the Service Provider Service Desk management system.
The SLA limit is defined as follows:
|
LIMIT |
Service Desk shall not be unreachable during the duty period more than 2 times / month |
5.2.3.Quality Indicator on the Notification Service
The Service Provider provides notifications services to the Service Requester.
There are two types of notifications, for Urgent Notifications and for Normal Notifications:
·URGENT NOTIFICATIONS (when there isn’t enough time to notify the CCN/CSI community at least 7 calendar days in advance): the notifications are disseminated to the appropriate audience at the latest, 2 hours after reception of an urgent notification request.
·NORMAL NOTIFICATIONS (or planned interventions): the notifications are disseminated to the appropriate audience at least one week (7 calendar days) before the interventions and a reminder is sent at least 24 hours before the events.
This indicator measures the respect of deadline for announcement (via mass mails) of scheduled unavailability.
5.3.4.Quality Indicator on the Contingency Management
Cold Standby (Switch Procedure, Backup & Restore or CCN over Internet)
The appropriate type of switch to be performed depends on a thorough analysis of the specific national administration setup and the problem at hand.
The maximum delay to switch from any national administration Production Gateway to an appropriate CCN Backup Gateway solution is defined as follows:
|
LIMIT |
Max 5 working hours following the agreement with the Service Requester to perform the switch |
5.3.5.Quality Indicator on the Application Configuration Data management
The maximum delay to implement an Application Configuration Request via the ACT (Application Configuration Tool) for a single site is defined as follows:
|
LIMIT |
5 working days |
5.3.6.Quality Indicator on the Acknowledgment Delay
The maximum delay between the time a request is received by the Service Desk and the time an acknowledgment (i.e. Service Call number) is sent to the service requester, is defined as follows:
|
LIMIT |
30 minutes |
Incidents are classified according to their priority levels.
The priority of an incident is a number between 1 and 4:
|
1 |
CRITICAL |
|
2 |
HIGH |
|
3 |
MEDIUM |
|
4 |
LOW |
5.3.7.Quality Indicator on the Resolution Delay
The resolution delay is the elapsed time between the moment the incident is acknowledged by the Service Provider and the moment the Service Provider repairs the root cause of the incident or implements a workaround.
According to the Priority, the resolution delay is defined as follows:
|
PRIORITY |
RESOLUTION DELAY |
|
CRITICAL |
5 Working Hours |
|
HIGH |
13 Working Hours |
|
MEDIUM |
39 Working Hours |
|
LOW |
65 Working Hours |
Table 8: Resolution Delays
|
PRIORITY |
LIMIT |
|
CRITICAL |
>= 95.00% of CRITICAL incidents must be solved within the agreed resolution delay (5 Working Hours). |
|
HIGH |
>= 95.00% of HIGH incidents must be solved within the agreed resolution delay (13 Working Hours). |
|
MEDIUM |
>= 95.00% of MEDIUM incidents must be solved within the agreed resolution delay (39 Working Hours). |
Table 9: Limit of Resolution Delays for Incidents
6.APPROVAL OF THE SLA
The Service Level Agreement has to be approved by the Joint Committee in order to be applicable.
7.CHANGES TO THE SLA
The CCN/CSI SLA will be reviewed following a written request from the Commission or Norway to the Joint Committee.
Until the Joint Committee decides on the proposed changes, the provisions of the CCN/CSI SLA in force are applicable. The Joint Committee acts as the decision making body for the current CCN/CSI SLA.
8.CONTACT POINT
For all operational services, the ITSM3 Operations acts as single point of contact. Its coordinates are provided below:
|
ITSM3 Operations - IBM |
|
☎ Toll free: + 800 7777 4477 |
|
✆ Caller paid: + 40 214 058 422 |
|
http://portal.ccntc.ccncsi.int:8080/portal
|
|
https://itsmtaxud.europa.eu/smt/ess.do
|
Date
ATTACHMENT 6
Draft
DECISION No 6/[date] of the Joint Committee of [date]
adopting the amount and modalities of the financial contribution to be made by Norway to the general budget of the Union in respect of the cost generated by its participation in the European Information Systems
THE JOINT COMMITTEE, established in accordance with Article 41(1) of the Agreement between the European Union and the Kingdom of Norway on administrative cooperation, combating fraud and recovery of claims in the field of the value added tax, hereinafter referred to as the "Agreement",
Whereas:
(a)Regulation (EU) No 1286/2013 of the European Parliament and the Council of 11 December 2013 establishing an action programme to improve the operation of taxation systems in the European Union for the period 2014-2020 (Fiscalis 2020) lays down the rules for the development, operation and maintenance of the European Information Systems.
(b)The Common Communication Network/Common System Interface and the electronic forms to be adopted pursuant Article 41(2)(d) of the Agreement are Union components of the European Information Systems referred to in point A of the Annex of Regulation (EU) No 1286/2013.
(c)Pursuant to Article 9(3) of Regulation (EU) No 1286/2013 the use of the Union components of the European Information Systems by non-participating countries shall be subject to agreements with those countries to be concluded in accordance with Article 218 of the Treaty on the Functioning of the European Union.
(d)It is necessary to adopt practical arrangements for the implementation of Article 41(2)(f) of the Agreement;
HAS ADOPTED THIS DECISION:
Article 1
Installation costs
The initial costs to be paid by the Kingdom of Norway for the establishment of the Virtual Private Network access is 20 000 EUR.
The amount shall be paid within 60 days following adoption of this decision.
Article 2
Yearly financial contribution
The yearly financial contribution that the Kingdom of Norway shall pay to the General Budget of the Union shall be 20 000 EUR. The amount shall be paid each year by 1 September.
The contribution shall cover the expenditures related to the development, maintenance and upgrade of IT solutions (Common Communication Network/Common System Interface, e-Forms).
Article 3
Method of payment
The contributions under Articles 1 and 2 shall be paid in euro to the euro denominated bank account of the Commission that will be indicated in the debit note.
Date
