Common menu bar
Breadcrumb
Export and Import Controls System (EICS)
Frequently Asked Questions (FAQ)
Table of Contents
- Apply for Permit
- General Management
- Links with Canada Customs Revenue Agency and other Federal Government Departments
- Quota Management
- Technical
Apply for Permit
Commodity Identification
Will DFAIT include ruling traceability for commodities removed / changed over the years?
Effective August 2001 the responsibility for classification of clothing and textile products was passed on to CCRA. Should DFAIT resume responsibility for classification, the issue of publishing rulings will be addressed.
Will it be possible to amend an error in classification after the permit has been issued?
Providing the shipment has not been released the process for an incorrect classification is to cancel the erroneous permit and reapply for a corrected permit. Note: The commodity used on the corrected permit must satisfy all related business rules; i.e., export licence, quota requirements, etc…
Would it be possible to have a link between DFAIT's commodity codes and the CCRA Tariff Codes?
This concept applies only to imports. DFAIT and CCRA do not use the same numbering schema except for the first 6 digits of the commodity codes that are based on the international Harmonized System. There is no immediate plan to provide such a link.
Will the overall difficulty with consistency and access to proper commodity identification continue?
Effective August 2001, the responsibility for classification of clothing and textile products was passed on to CCRA. Should DFAIT resume responsibility for classification, the issue of ensuring consistency in commodity classification will be addressed.
Will the EICS follow the example of the Canadian Food Inspection Agency's (CFIA) tool to identify product and permit documentation requirements?
There is no immediate plan to develop such a search engine. Determination for permit requirements will continue to be done by accessing the Import and Export Control Lists on the web page or by contacting DFAIT's various phone numbers.
Commodity Lines on Permits
How many item/commodity lines may be sent with one export permit application?
Limit for export permit application and certificates of eligibility will be 10 lines.
How many items/commodity lines may be sent with one import permit application?
Limit is 3 items per permit application with additional limitations based on product type and origin of product.
Documentation
Would it be possible to notify users when updates / changes are made to the Bluebook?
DFAIT will publish a note on the "Highlight" page when updates/changes are made to the Bluebook. The Bluebook is broken down into sections and sub-sections so users would be able to either download / reprint only the part that was modified.
Would it be possible to have the reformatted Bluebook available in both hard and electronic copy even if Customs Brokers would have to pay for the cost of the printing?
DFAIT will NOT be providing hard copies of the Bluebook.
Will a search engine similar to the Canadian Food Inspection Agency's (CFIA) be available?
There is no immediate plan to develop such a search engine. Determination for permit requirements will continue to be done by accessing the Import and Export Control Lists on the web page or by contacting DFAIT's various phone numbers.
Error Codes
Can I expect to see any errors?
Yes. EICS will reply with error numbers and corresponding text messages. In addition, there will be an indication as to whether the error is a rejection, routing or a non-submission error.
There is nothing in the Participants' Requirements Document (PRD) appendix about error codes. Could the error codes be made available?
A list of error codes and descriptions can be found in Annex B (PDF * 602 KB) of the PRD under Section 13. The PRD is available on our website.
Faxing Permit Applications
Will EICS continue to accept permit applications by fax, even for importers?
Yes. This procedure will not change. Our Data Entry unit will process the applications under existing criteria.
Permit Processing
When a Portable Document Format (PDF) file is sent to us bearing the permit, will a header be sent for the purposes of identifying the PDF file contents? Specifically, there is no need to print a permit in the vast majority of cases. If we must print a permit after the fact, we need the general brokers reference number and/or permit number to identify the correct PDF file.
The name of the PDF will contain the permit ID.
When you transmit the data to us for a permit, will you also be sending us the expiry date for the permit? If not, how are we to calculate the expiry date?
The permit's effective and expiry dates will be added to the Acknowledgement message and distributed.
Is it still permissible to mix commodities that require different permit information on one permit application?
Though the XML layout is built to allow the mix of commodities, the allowable mix of commodities will match the status quo at this time; for example, clothing and agriculture products are not permitted on the same application.
When one entry/transaction results in multiple permits please identify exactly what will be sent to us that will enable me to associate all the permits with the correct entry/transaction?
Under EICS, each permit will identify the applicable transaction number. Customs Brokers who use the comments block to identify the number of the application out of the total required will receive that information back on the permit; e.g. one of seven, etc…
Should the reasons for permit cancellation be provided?
Yes. The EICS will not permit a cancellation request without a reason.
Would it be possible to break up the transaction number and the Harmonized System codes by spaces on forms and screens?
No. Spaces between characters will not be provided.
Will the EICS include an option to retrieve a permit for cancellation and/or amendment?
Both amendments and cancellation of permits are available within EICS.
Can an importer be shown as an applicant as is the case today?
An importer/exporter can be listed as the applicant except for non-resident importers/exporters who cannot be an applicant.
Could we get clarification on the General_Reference_Number available for brokers?
This number is for Customs Brokers internal use to assist in identifying clients. The information from this field is not transmitted to CCRA nor is it reflected on the PDF.
Will it be possible to apply for cheese export permit and military technical item export permit on the same application?
No. The mixing of commodities on applications is not permitted.
Will it be possible to list more than one supplier on a permit application?
Under item 4.8 of the PRD, it will be possible to list one or more suppliers for one commodity, up to 10 for SWL, up to 3 for Strategic Goods.
If we request the cancellation of a permit, will we be required to print the permit, apply a sticker and surrender the original or will the cancellation request and approval be sufficient?
Under EICS there is no requirement to surrender an original cancelled permit, rather you will be required to provide a valid reason for cancellation. In order to ensure that a cancelled permit is not used for clearance of goods, the Bureau's Verification and Compliance Section will be diligent in examining cancelled permits and comparing them with data from CCRA and US Customs.
How will we know if the Acknowledgement message is successful?
When you receive a message flagged "severity=notify then successful".
Would there be a field to enter to Applicant's file number for specific use of the Customs Broker?
Yes. There is a field provided for that purpose in the "Submit Page". Specific information is provided on the Participants Requirement Document (PRD) on the Bureau website pertaining to the format/size of that field.
Has DFAIT looked at the option of moving to the same system CCRA is using with CFIA?
The CCRA/CFIA system was designed a few years ago and incorporated many functions that DFAIT would also like to implement with CCRA. However, radical changes between the CCRA and DFAIT interface are not possible due to the constraints in ACROSS. DFAIT is in constant discussion with CCRA to try to modify and improve the interface and exchange data in the most efficient and effective way possible, but a system similar to the CFIA / CCRA is not possible to implement.
How many permit application acknowledgements by DFAIT could be received in an e-mail?
The response will match the permit application input which is limited to 10 to a batch.
Would it be possible to modify a permit in a timely manner when a shipment arrives at the border and transfer data to CCRA immediately so the trucks are not held by the Customs inspectors?
For DFAIT, as long as the system is available, cancellation / replacement of permits will be possible. However, when a permit has been transferred to ACROSS, no changes can be made by CCRA.
For agriculture products, DFAIT requests that importers obtain permits prior to release, the availability of specific TRQ import permits is not a condition of release at Revenue Canada. Customs inspectors will release any shipment of TRQ goods, even in the absence of an import permit. However, if no permit has been obtained by the date of final accounting under subsection 32(1), (3), or (5) of the Customs Act, the goods imported without a permit will be classified under the over access commitment tariff.
How many permit applications by the applicant can be inserted in an e-mail?
The limit is 10 applications per batch with 1 attachment per e-mail.
Would importers be able to fill in the form from the DFAIT site and transfer it electronically to the Customs Broker?
This functionality is not within the scope of the EICS. However, in lieu of using faxes to provide the information to their Customs Brokers, importers can download the form and send it as an attachment to an e-mail or make other arrangements with their Customs Brokers.
Will we be able to view the status of permit requests?
Yes. This functionality has been incorporated in the EICS.
Is it feasible to send an e-mail reply back to the originator when a security error is discovered?
No. It would cause too much traffic.
Could the use of the CCRA Business Number for company identification be standardized?
DFAIT will continue using its own client identification numbers which will be linked to the CCRA Business Number.
Could the remarks section made by Customs Brokers show up on a transaction?
Yes. This feature is incorporated into the EICS.
Will it be possible to transfer transaction numbers to another permit if shipment arrives at a different port, rather than cancelling the permit?
No. Modifications made to permits cannot be transferred to ACROSS due to major changes to the CCRA / DFAIT interface that would be required.
What is the maximum number of lines for the permit application by the applicant? Import and Export permit?
The maximum number of lines per application is 3 for import permits and 10 for export permits/certificates.
How would DFAIT ensure that applications to EICS are originating from a Canadian resident?
The Applicant screen will only accept EIPA file numbers for Canadian residents.
Under Permit Application/User Identifier, will this consist of the PKI certificate number or the current assigned outpost number?
The outpost number will remain the permit application/user identifier when keying in permit applications.
Under General Entries / Permit Delivery Target, today when we apply for a permit on behalf of another broker, we will not be shown as the applicant but we would want the permit delivered to our facilities. The same situation applies when we are requesting an Export Permit (Certificate of Eligibility) as the applicant is the Exporter.
Under EICS, the Permit Delivery Target is an information field only and is intended as an aid to direct the applying outpost broker on how to distribute the permit to the applicant. The PDF of the permit can be printed or saved by the applying outpost broker and can then be distributed to the applicant accordingly, for example e-mail.
Should the number of records sent and the number of records processed match?
Yes. They should be the same (checks and balances).
Under General Entries / Comment, is this the "Other terms and conditions" field?
Yes. The Comment will appear on import and export permits, in the "Other terms and conditions" field.
Would Customs Brokers have another way other than the WEB Standard Application Method to apply for a permit that would be faster and less cumbersome? The Standard Application Method includes too many screens and fields; it is a slow process. There are no automatic jumps from field to field.
The EICS provides 3 methods for applying for permits: 1. EDI (see PRD), 2. Standard Application (5 section application) and 3. Expert Application (single page data entry). The Expert Application method is faster than the Standard Application method.
Would the physical signature still be required on permits and other documents now that EICS provides for secure electronic signature?
Yes. Applicant signatures are still required on the export permits/certificates printed as a PDF.
In many cases, the Importers/Exporters do not know the exact content of the shipment until the last minute and/or the shipment papers are being made available (can be 45 minutes before shipment arrives at the border). The Importers' orders do not necessarily correspond to the shipment in several cases. Thus, people wait until the last minute to apply for permits or amendments are required to the issued permits. Would EICS ease and hasten the process of issuing import permits and Certificates of Eligibility?
Yes, the EICS will be available for applications from 04:00 to 24:00 EST Monday to Friday and from 04:00 to 20:00 EST on Saturday.
Why are permits still limited to 3 lines?
Because of CCRA / ACROSS limitations, no changes in the format of the permit can be implemented for Go-Live.
Would it be possible to have two different countries of origin on the same permit for steel import?
No. To allow that option, we would have to capture the country for each line. That would require changes to both CCRA and DFAIT systems.
Whatever application method is used, would it be possible for the applicants to save the applications on their system before it is submitted to EICS?
Yes. Users will be able to save data before submitting application on EICS for future retrieval using multiple retrieval criteria. In addition, previously created applications (both submitted and not submitted) can be copied to create a new application using the same information.
General Management
Access to EICS
Which e-mail address can we send questions pertaining to the EICS?
Please use eics.scei@international.gc.ca mailbox.
Who will have access to the EICS and be issued permits?
Licenced Customs Brokers.
What is PKUnzip or WinZip?
These are utilities that can be downloaded for free from the Internet. These utilities allow you to decompress/compress a file. These utilities make it easy to transport and copy files faster, e.g. to allow for faster transmission or file download. Zip files save time and space.
Will we require a VPN for security purposes?
No. A VPN (Virtual Private Network) manages security at the network level. The EICS will manage security at the XML transaction level, with Entrust PKCS7 encryption, encapsulated in a MIME object, and shipped with SMTP.
Would several users in the same office be able to access the system concurrently?
Yes. Providing each user has access to a PC that meets the minimal requirements for using the EICS.
What will be the level of access to EICS for Importers and Exporters?
At this time, only Customs Brokers will have access to the EICS.
Will we be able to access EICS from any station in our office?
There is no restriction to the number of broker workstations allowed to communicate with EICS (both Web and EDI). Each workstation must satisfy the requirements and configurations as set out in the PRD. Entrust Direct is required on the workstation to permit WEB access.
Why is it that importers cannot apply for permits directly?
DFAIT has decided to rely on Customs Brokers licenced by CCRA for application of permits. DFAIT does not have the staff nor the resources required to support a large amount of clients (300 Customs Brokers and 40,000 Importers and Exporters). DFAIT's mandate is to control commodities/areas specified in the Export Import Permits Act (EIPA). It does not deal with other customs issues that are under the responsibility of CCRA. Importers and Exporters would still have to use the services of Customs Brokers to supply these CCRA related services. Also, DFAIT is now opening its system to all Customs Brokers.
What will be the level of access to EICS for the general public?
The general public will not have access to the secure system but will continue accessing information and statistics from our non-secure website at /controls-controles/index.aspx
Of the two proposed methods of secure access; i.e. EDI and WEB, which is the more expensive to implement?
DFAIT provides two options of secure access at no charge from DFAIT. The selection is left to the client to decide which one best suit their need. Customs Brokers need to make their own cost assessments.
Disaster Recovery
What do you mean when you recommend that we plan for an alternate Internet provider in case we have difficulties with our primary ISP?
In the event that your primary ISP is unavailable for a length of time you consider unacceptable, we recommend you have another ISP on standby.
Would we not have to figure out which messages have not been received by your primary message provider and resend them from our site to the alternate message provider?
Correct. And that applies also when we are up and running. If for some reason, you forward an e-mail to us and it gets lost, you will have to resend the message to us because we do not have a guaranteed delivery service between you and us using the Internet.
Fee Structure / Financial System
Will we have the ability to transfer funds?
All financial transactions are being handled by the Department's financial section. Contact phone, facsimile and e-mail coordinates will be provided for brokers to seek any information related to permit fees.
Could you develop a method to offset for billing errors?
All financial transactions are being handled by the Department's financial section. Contact phone, facsimile and e-mail coordinates will be provided for brokers to seek any information related to permit fees.
Is there a possibility for DFAIT to register Canadian exporters with the U.S.?
This is not the responsibility of DFAIT.
Would it be possible to reconcile U.S. data with permits data?
While it is the goal of DFAIT to have data reconciliation with the U.S. similar to that that occurred under the SLA, negotiations between the appropriate authorities in each country must occur.
Will DFAIT implement a larger penalties regime for cheaters?
The Export and Import Permits Act provides for prosecution with the judgement incorporating a penalty and/or incarceration as deemed appropriate. The EICB is committed in its verification efforts and will use all avenues to ensure compliance of the EIPA.
Will DFAIT implement a financial relationship with CCRA for punitive actions, suspension?
Discussions with CCRA are ongoing in the context of an overall compliance program.
Export permits are not being used by U.S. Customs. Why do we have to provide permits to the U.S. Customs if U.S. Customs does not want/need it?
Depending on the commodity being exported, permit presentation to U.S. Customs may be required. Brokers should be aware that the need for presentation of permits exists and, ensure that adequate tools are available to comply; i.e., compatible printers for PDF permits.
Could you provide a buffer period on collection for regular users?
All financial transactions are being handled by the Department's financial section. Contact phone, facsimile and e-mail coordinates will be provided for brokers to seek any information related to permit fees.
Will we receive invoices electronically?
Brokers will receive monthly statements from the Department's financial unit that will indicate outstanding fees on a daily basis. The EICS will allow for brokers to obtain their detailed daily permit fee transactions.
Could you ensure that company balance files for SLA Fee Collection Accounts Receivable are current and up-to-date at all times to avoid unnecessary suspension?
Discrepancy problems on balance of accounts receivable should be eliminated with EICS. The collection of fees is being handled by the Department's financial section.
Could you speed up cheque cashing?
This is not under TIA's control, but under the control of the departmental Cashiers office. However, TIA will try to make arrangements to expedite the process.
Will there be an increase on the fees for permits?
No increase.
If applications could include more than 3 lines, would permit fees be charged on transactions instead of the 3-line permit?
DFAIT will not implement any changes to the permit fee schedule for EICS Release 1 and there will be no change to the number of lines for Import permit or certificate of eligibility. Export permits can accomodate 10 lines.
Will we be provided the ability to match permit number with applicable charges/credit for accounting purposes?
Brokers will receive monthly statements from the Department's financial unit that will indicate outstanding fees on a daily basis. The EICS will allow for brokers to obtain their detailed daily permit fee transactions.
Can originating outposts be identified on the invoice?
The permit numbers and the originating outpost numbers are present on the EICS daily invoice.
How will payments be made?
There is no change to the fee payments. Customs Brokers are billed monthly.
Levels of Service
Will reports be provided electronically?
Yes. This feature has been incorporated in the EICS.
Will DFAIT define a clear chain of command within the Trade Controls and Technical Barriers Bureau?
The chain of command within the Bureau is as follows: a) Officer, b) Manager, c) Deputy Director, d) Director and e) Director General.
Will DFAIT establish a consistent time to process routed applications?
Routed applications are processed as quickly as possible. However, process time may vary from one application to the other depending on the issue/case to be addressed. The specific times are listed in the Service Pledge published on the Bureau's website.
Will there be a hotline available to get a status report on the system when there are problems?
EICS client support:
Tel: 1-877-888-8838
Email: eics-scei@international.gc.ca
Will the EICS be available 24/7?
No. The EICS will be available from 04:00 to 24:00 EST Monday to Friday and from 04:00 - 20:00 Saturday.
Performance Measures / Standards
Will it be possible to apply performance measures / standards for Customs Brokers similar to CCRA / CFIA?
Accuracy of permit / quota applications will be reflected in the approval rates per client.
Links with Canada Customs Revenue Agency and other Federal Government Departments
Across
Will you transfer the Transaction Number into ACROSS?
No change to the ACROSS interface is possible.
Could entries typed in ACROSS automatically institute a request for a permit at DFAIT (similar to CFIA)?
This type of functionality is not possible due to major changes that would be required to CCRA and DFAIT systems and cannot be accommodated at this time.
CCRA
CCRA forwards a file with the next year's entire Harmonized Tariff; can you advise if DFAIT reviews the DFAIT flag cross-referencing tariff codes? I.e. they have Quota commodity flags and Permit Required commodity flags (this latter is shared with other remissions).
We do not receive CCRA's electronic harmonized tariff with flags identifying those tariff codes they link to DFAIT.
Quota Management
Quota Allocations
Does the transfer of quota require DFAIT's approval, and if so, can this cause delays?
For control purposes, DFAIT maintains discretion on approval of transfer of some quota, e.g. Agriculture, and applies rules for quota transfer; such as, Tariff Preference Levels.
Would a third party, other than a Customs Broker, be able to continue managing quota for quota holders, i.e. apply for quota, view, monitor and manage quota? At the moment, some consultants are giving those services to quota holders and both, consultants and companies, would like EICS to allow the same to continue.
EICS will not provide that type of functionality. DFAIT may review its position for future releases.
Will there be an availability of doing quota checks on EDI?
Quota transaction information will not be available through EDI.
Will quota holders be able to transfer quotas from their accounts?
Not at the time of EICS implementation.
Customs Brokers currently have an obligation to confirm availability of quota before making an application. Will the level of responsibility be established now that Importers and Exporters will be allowed to manage their quota online in case of misuse of quota?
Importers and Exporters are solely responsible for the use of their quota but will not have direct access to EICS on implementation. The obligation for quota verification by Customs Brokers remains the same.
Where can I obtain the rules on quota allocation?
Rules for quota allocation are published through Notices to Importers and Exporters and are available on our website at Export and Import Controls
Will Customs Brokers be able to view quota information on all quota holders if there is no confidentiality issue?
Customs Brokers will have access only to their clients' quota files after proof of Broker authorization has been sent to DFAIT's by the Quota Holder and the authority has been entered into the EICS.
Technical
EICS Platform
Why would users have to use new software when they can already access the EICB website without problems with their current hardware and software? Why can they not just add the secure component to their existing system?
The same components function on specific operating systems. We have also used features of the web browser that make it more friendly for users and easier to use.
Would Customs Brokers be able to assign print jobs to any print queue and/or printer even if located on other premises, e.g. application done in Montreal but permit to be issued in Vancouver?
Related brokers will be able to print permits at other locations. In addition, the permit PDF can be e-mailed and subsequently printed.
Will it be possible to enter the data for the B3 and press a key to automatically transfer the data to EICS?
No. That type of functionality is not part of EICS.
What level of security will the system offer?
EICS transactions between DFAIT and its users will be encrypted using Public Key Infrastructure (PKI) through Entrust software. This will provide a high level of security including confidentiality, integrity and digital signature. The level of security meets or exceeds that of online banking services.
Does DFAIT plan to change the platform on a constant basis or can we be assured that the proposed platform will be in use for a while, e.g. 4,5 or 10 years?
The plans are to keep the systems up to date with technology. The standard is to upgrade the equipment /software on a 4-year basis. However, DFAIT is aware that not everyone can keep up with the technology. This is why it is trying to support as many versions of operating systems as possible and propose the use of an easily integrated browser.
Why has DFAIT selected a Windows platform? What about those who are currently using MacIntosh equipment?
Components necessary to secure MacIntosh to an acceptable level were not available during project planning. This will be examined in the future.
Entrust
Is Entrust functional with UNIX platform?
UNIX is not supported. Please contact Entrust Technologies in your area.
What software will be used for encryption purposes?
Entrust software with x.509v3 certificates. Certificates will be provided by DFAIT through Secure Applications and Key Management Services - Government Telecommunications and Informatics Services (SAKMS - GTIS), the Certification Authority (CA) of Public Works and Government Services Canada (PWGSC) on behalf of DFAIT.
Since DFAIT requires a secure e-mail communication, do we need the Entrust Direct product?
The Entrust Direct product is needed for Web access, please contact DFAIT.
Can the Entrust software be tailored to our needs?
Yes. A toolkit is available from DFAIT. It comes with complete capabilities for encryption coding and signing. DFAIT has made source code available to use as a model on our website.
Will you supply us the Entrust VB component for API development?
You will need to contact Entrust Technologies for components of their products.
Does Entrust software provide objects for Windows?
Yes. You must make a call to API.
For how long will the Entrust licence and the PKI certificate be valid? What will be the cost to renew both?
The Entrust licence is valid forever. PKI certificates are valid for as long as the information contained within remains unchanged.
Can we use our current Entrust certificates to access EICS?
No, you cannot. With respect to levels of security, cross-certification to external organizations is not possible at this time.
Network Security
Could we have a written notice that we'll not have to use a trusted link?
There are no requirements for a Virtual Private Network (VPN). Security is provided by cryptographic methods at the application layer.
PKI
What is PKI?
Public-key cryptography provides the foundation of network security through encryption and digital signatures. Together, encryption and digital signatures provide: 1. authentication, which allows your e-business to engage trusted customers, partners and employees; 2. authorization, which allows business rules to dictate who can use what resources, under what conditions; 3. confidentiality, which protects the confidentiality of sensitive information, while stored or in transit; 4. integrity, which prevents any transaction from being tampered with and will notify you not to trust the contents should the message change from its original state; 5. non-repudiation, which prevents any party from denying an e-business transaction after the fact; 6. audit controls, which provides audit trails and a record of critical and non-critical events that have occurred within the infrastructure. All of these security benefits are essential to conduct truly secure electronic business transactions.
Would PKI be assigned to the organization or would each employee accessing the EICS need a personal certificate?
PKI group certificates will be assigned to organizations.
If PKI certificates are assigned to individuals, how would data be linked to a particular individual amongst the various outposts across Canada, e.g., if an application is rejected, where would the message be sent?
PKI certificates will be issued to companies, not to individuals.
Will we have to apply for Production PKI certificates?
Yes. See this webpage.
We have 2 PKI test certificates. Do we have to test Web access from both locations? Or can we test from one location only, and internally complete the training of the other outpost?
DFAIT requires that you test from both locations.
In an arrangement with another service provider, do we need certificates?
Yes. A service provider cannot sign a document for you.
Are DFAIT and CCRA coordinating public key certificate issuance?
The EICS Project is exploring the possibility of recognizing Public Key Certificates issued by other PKI Certificate Authorities; such as, CCRA. DFAIT is also looking at a cross-certification solution.
Do I need only one PKI certificate for both Web and EDI?
You will require a device certificate for EDI and a subscriber group certificate for WEB.
Who will manage issues related to certificates in Production?
DFAIT will manage the keys.
Can the certificates issued by DFAIT to the user be used for other purposes?
Certificates issued by DFAIT to a user must be used solely for access to the EICS.
How do I bind my e-mail address pertaining to PKI? How do I create the certificate directory?
The X.509v3 certificate resides on the X.500 directory at SAKMS-GTIS CA. You establish a port connection (TCP 389) to the CA. You do not store any PKI-related data on your server.
Why do I need a digital certificate?
A certificate assures both parties that each is who they claim to be.
When will testing with real (Production) PKI certificates occur?
Production certificates have been issued to online Customs Brokers.
Is there a requirement for cross-certification?
No. Certificates will be issued by DFAIT for the purpose of protecting transactions.
What is the cost for a PKI certificate?
$55.00 per credential. DFAIT will waive fee for first year of implementation.
We have several people completing permit applications in Windsor. With the new system, when we apply for our permits via the web, would each person in the Windsor office require a separate PKI certificate?
One certificate will cover the location. We will be issuing a group certificate to people at the same outpost.
How is a digital signature created?
To create a digital signature, the sender takes the message and processes it with a hashing algorithm. The sender then encrypts this hash with their own private key, and delivers it along with the message. The receiver then takes the encrypted hash, and decrypts it with the sender's public key. Then the receiver takes the original message and runs it through the same hashing algorithm. If the two hashes are identical, then the receiver knows the message was not altered during transmission. Since the matching hash was derived from the encrypted private key of the sender, the receiver trusts that only the sender could have been the author of this message.
What is a digital signature?
A digital signature is an electronic means of validating the integrity and authenticity of a given piece of data.
How does encryption work?
Encryption is the process of taking sensitive information and scrambling it so that the file is unreadable. Decryption is the reverse, taking unreadable data and transforming it into the original data.
What is a hash?
A hash function takes data of any length as input, and produces a digest or hash (hence the term) of a finite, usually 128 or 160 bits, in length. This hash is then used to represent (not replace) the original piece of data. An example of a hash: Take Message 1 (Today is November 01, 1999) and hash using hexadecimal (base 16) to represent the bits. The following hash will result: (5ABF9254 90626928 5DE857F9 50A46EFE 595ACC60. Next take Take Message 2 (Today is November 02, 1999) and hash using hexadecimal (base 16) to represent the bits. The following hash will result: (10656678 351FCA2D 33FAA294 DB41589F 8B03A7FA. Notice how even a slight change in the input message produces a quite different hash.
What is a shared secret?
A shared secret is information that is ideally known only to two entities; a secret that each can reasonably expect only the other will know.
We have an office in Toronto and one in Niagara Falls. Will we require two PKI certificates?
Yes. You will require two certificates.
PRD
Is the transaction number identified as optional?
Yes it is.
When applying for a Tariff Preference Level (TPL) the Participants' Requirements Document (PRD) indicates that all three fields namely, fibre origin, yarn origin, and fabric origin are mandatory. In today's system we are completing the yarn origin/fabric origin only in some cases and obtaining the permits. Does this still apply under the new system?
You need only fill in those fields applicable for the TPL you are claiming. The rules governing these fields have not changed under EICS.
When should we expect the commodity code and description applicable to each code be available to us in a form that can be loaded into a computer?
The Bluebook, which identifies the commodity code, and provides a full description, can be downloaded from our website at any time.
Will the attachment or the subject in the email with the PDF file reference these fields? Otherwise it may be difficult for our internal systems to identify when the PDF arrives in our mailbox.
The Permit PDF file(s) are attached to the same e-mail as the acknowledgement XML file. The Permit ID is also part of the Acknowledgement reply XML. The naming convention for the Permit PDF file is: permit_id.pdf; e.g. 123.pdf
Could there be access to the PRD?
Yes. It is posted on our website and we will signal which changes have been made and where.
Will there be a field for 'broker reference' for export permits? This will be essential in order to correlate the export permit back to the original application.
The General_Reference_Number is recommended for this purpose.
Are the Transaction Number and the General Reference Number used for the same purpose?
Both the Transaction Number and the General Reference Number are for brokers' exclusive use. The General Reference Number also appears in acknowledgement messages.
With respect to the hardware requirements in the PRD, could you please tell us about the different ports and why these ports are required?
Port 389 TCP for LDAP (Lightweight Directory Access Protocol) is required for the web client if you will be doing transactions not carried on the EDI. Port 709 TCP for SEP (Secure Exchange Protocol) is required for you to talk to the Directory Server / Certificate Authority (CA) to consult the Certificate Revocation List (CRL) to ascertain that certificates are valid (this is done transparently to users) and to get certificate information on the DFAIT recipient.
Will the 'User Identifier' reflect the company or will it be defined by processing location?
The User Identifier is unique to EICS and is assigned by DFAIT. There is to be one User Identifier assigned per PKI certificate. Whether certificates are issued by individual, processing location or company, is still to be confirmed.
Why is the CCRA Transaction Number optional? It should be mandatory for the 'I' (Import) indicator, and optional for the 'E' (Export) indicator.
Not all imports are subject to transaction numbers.
What are the structured 'reject text messages' returned by DFAIT? Has the Department considered creating reject codes? How will the reject be received by the applicant?
The EICS provides both reject codes and corresponding text messages which are available in the PRD on the Bureau's website.
Will there be further changes to the PRD?
Yes, there will be changes.
Would it be possible to include a fourth mode of transport: air?
The mode of transport field, on the EDI Permit Application transaction, pertains to softwood lumber exports only as indicated in the PRD. As such, the only options are road, rail and water.
Are the Supplier/Consignee Phone and Fax Numbers optional fields?
Yes.
What is the size of a PDF file?
Encrypted, our test PDFs are approximately 40K.
What data elements will be provided in the PRD?
DFAIT has published numerous data elements including country, ports, error messages as well as the numeric values required for EDI and expert applications.
The additional quantity requirements under chapters 61-63 have been addressed. Do you not want a unit of measure for each or are you making an assumption?
The "Alternate Quantity" unit of measure is to be entered in accordance with the information provided in the Handbook of Export and Import Commodity Codes. This includes certain Clothing and Textiles commodities covered under Chapters 61-63 as well as certain agriculture codes.
Could you also push out PRD changes to users?
Yes. We will inform you via e-mail when the PRD has been updated.
Item 4.1 "Quantity" and "Value" are defined as integer data types. Should they not be monetary?
For more information, see Section 6 "Data rules and guidelines, particularly 6.2.4. of the PRD.
Service Providers
Do we require a certificate from DFAIT when using a service provider?
At this time, brokers would still require a certificate issued by DFAIT for signing documents.
If a service provider is our agent, are we still required to send an e-mail?
Yes. If you choose to go through the service provider of your choice, you will still be required to test sending a e-mail.
For routing purposes, we would like the "To:" field in the MIME header of the messages to show a different destination e-mail address for each of the different users. Since the content is encrypted, the MIME header is what will have to be used by us to route the message to the appropriate subscriber. At the same time, we will only be accessing a single mailbox. Can this be done by creating alias addresses for the same mailbox on your SMTP server?
You should address your messages using e.g. XYZ@your.net, DDD@your.net.
Would it be possible to use a service provider to communicate with DFAIT since this service is already used to communicate with various federal departments?
DFAIT does not see any objection in communicating with the Customs Brokers through a service provider.
Can I rely on the service provider's XML file layout?
You must map the flat file layout to DFAIT XML specifications.
Can we assume, when sending to DFAIT, that the message is a single MIME part with type Application/pkcs-7-mime and EnvelopedData as the content?
Yes.
Can we always assume that the Acknowledgement is the first attachment while the PDF file is the second?
Yes. Furthermore, if there are "n" permit applications within one XML file, the return-e-mail to you would contain one acknowledgement message followed by "n" PDF files.
Will both have MIME type set to Application/pkcs7-mime and with EnvelopedData as the content?
Yes.
Testing
What will be the hours of testing?
Testing can be done within the normal hours of operation indicated in the PRD.
How will Customs Brokers be involved in testing?
Customs Brokers will be invited to test the various methods of permit application. Some mandatory tests will have to be performed and test results provided to DFAIT with comments and recommendations.
Will testing be done in Production?
Testing will be done in our pre-production environment.
Will the contact for the Web and EDI testing be the same?
Yes.
Will it be possible for Customs Brokers to have access to the test scripts developed by DFAIT?
No. DFAIT did make available training material that included examples of areas that brokers are required to perform in. It is expected that brokers will use their own client data to perform tests within the EICS.
What approach will DFAIT take with user testing of the EICS?
The EICS testing approach will consist of 4 steps for the EDI and 3 steps for the WEB. Step 1 (EDI and WEB) : Establish connectivity to test environment through reception of e-mail with attachment from the user's gateway. Step 2 (EDI only) : XML transaction testing of file sent unencrypted to test environment. Step 3 (EDI and WEB): Encrypted file sent to test environment using PKI test certificate. Step 4 (EDI and WEB) : Access signoff.
XML
Will it be possible to change the destination address quickly on the broker side?
The reply is sent to the sender address. This differs from previous information.
If I use codes as I anticipate, will they be edited against existing fields or those in Production?
EICS contains CCRA codes. During the EICS XML testing, please use the CCRA codes. The XML DTD is able to accommodate CCRA codes without change.
Do we need a user ID for the XML transaction testing step?
You will not require a valid user ID for the initial testing step.
Am I to understand that unlike the hardcopy paper version of a permit application that all sub-sections of 4.v Item will repeat for each line of commodity details depending on the specific requirements of that commodity detail line?
Sub-items 4.2 - 4.8 are indeed being carried at the item level.
In the XML file, do we need to duplicate the number of item and the number of commodities?
There is no need to duplicate the items/commodities. Each application may contain multiple items. Each item should contain only one commodity group.
Regarding a bulk rejection - How do we identify individual applications?
Customs brokers have the option of including their own internal reference number.
Can we FTP to NT box from UNIX, encrypt and e-mail?
Yes. That is an option. There are other options as well. There is also message queuing. You must pick an option that is compatible with the technology you are using.
