Canada Education Savings Program

Similar documents
Canada Education Savings Program (CESP) Data Interface Operations and Connectivity

Canada Education Savings Program (CESP) Industry Testing Guide

e-frr SYSTEM USER GUIDE

Mile Privacy Policy. Ticket payment platform with Blockchain. Airline mileage system utilizing Ethereum platform. Mileico.com

GRANTS AND CONTRIBUTIONS ONLINE SERVICES USER GUIDE: ACCOUNT REGISTRATION AND MANAGEMENT

Youth can begin apprenticeship in high school through Secondary School Apprenticeship (SSA) programs.

Canadian Anti-Spam Legislation (CASL) Compliance Policy. 2. Adopt Canadian Anti-Spam Legislation (CASL) Compliance Policy.

ECA Trusted Agent Handbook

INSTRUCTIONS ON TECHNICAL SUPPORT AND BACKUP FOR THE ELECTRONIC INTERBANK CLEARING SYSTEM

St. Christopher (St. Kitts) & Nevis. FATCA Portal User Guide

Canadian Anti-Spam Legislation (CASL)

INSTRUCTIONS ON TECHNICAL SUPPORT FOR THE ELECTRONIC INTERBANK CLEARING SYSTEM

Elders Estates Privacy Notice

Employment Ontario Information System (EOIS) Case Management System

GRANTS AND CONTRIBUTIONS ONLINE SERVICES USER GUIDE: CANADA SUMMER JOBS

Data Use and Reciprocal Support Agreement (DURSA) Overview

GRANTS AND CONTRIBUTIONS ONLINE SERVICES USER GUIDE: CANADA SUMMER JOBS

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

RULEBOOK ON NUMBER PORTABILITY FOR SERVICES PROVIDED VIA PUBLIC MOBILE COMMUNICATIONS NETWORKS

ALABAMA STATE BOARD OF PUBLIC ACCOUNTANCY ADMINISTRATIVE CODE

IBM Payment Gateway for AIX, Version 2 Adds Major Functions to Financial Institutions Processing Transactions for Internet Commerce

RULES OF TENNESSEE STATE BOARD OF EQUALIZATION CHAPTER ASSESSMENT CERTIFICATION AND EDUCATION PROGRAM TABLE OF CONTENTS

Published: December 15, 2017 Revised: December 15, 2017

SSL Certificates Certificate Policy (CP)

CERTIFICATE POLICY CIGNA PKI Certificates

Employee Security Awareness Training Program

ALABAMA STATE BOARD OF PUBLIC ACCOUNTANCY ADMINISTRATIVE CODE

Frequently Asked Questions

Guideline 8: Submitting Electronic Funds Transfer Reports to FINTRAC

Annex 2 to the Agreement on Cooperation in the Area of Trade Finance & Cash Management Terms and Conditions for Remote Data Transmission

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

EACH MONTH CUTTING EDGE PEER REVIEW RESEARCH ARTICLES ARE PUBLISHED

Extractive Sector Transparency Measures Act. NRCan eservices Portal User Guide

Director s Requirements No (Issued initially as Practice Bulletin 204)

CERTIFICATE IN LUXEMBOURG COMPANY SECRETARIAL & GOVERNANCE PRACTICE

FPKIPA CPWG Antecedent, In-Person Task Group

Municipal Law Enforcement Officer Certified-M.L.E.O. (c) Certification Application Guide

Published: December 15, 2016 Revised: December 15, 2016

WIRELESS DEVICES: ACCEPTABLE USE AND GUIDELINES

Guideline for support SWIFTNet for Corporates

IMPORTANT: PLEASE READ INSTRUCTIONS FIRST Deadline: January 31st (Annually)

AUTOMOTIVE GLASS TECHNICIAN

Examination Regulations for Employee Certification regarding Usability Engineering

(Extract from Web-forms for Intrastat, Eurostat, March 2000)

DECISION OF THE EUROPEAN CENTRAL BANK

WIRELESS DEVICES: ACCEPTABLE USE AND GUIDELINES

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Association of Psychology Postdoctoral and Internship Centers INTERNSHIP MATCHING PROGRAM

SECURITY SYSTEMS TECHNICIAN

IBM Sterling B2B Services File Transfer Service

Scotiabank Student GIC Program Application Guide - Please Read Before Applying. Important Dates to Remember:

INSTRUMENTATION AND CONTROL TECHNICIAN (INDUSTRIAL INSTRUMENT MECHANIC)

EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites

Modifications to DSF 2 License Agreement and supporting documents

Professional Engineers Ontario. canada s anti-spam. Guidelines for Chapters


Request for Qualifications for Audit Services March 25, 2015

ORC ACES Subscriber Instructions. Component/Server Certificates

COMMITTEE FOR PROPRIETARY MEDICINAL PRODUCTS (CPMP) GUIDELINE ON REQUIREMENTS FOR PLASMA MASTER FILE (PMF) CERTIFICATION

Renewal Registration & CPE for CPAs in Iowa

Automated Background Check System (ABCS)- Requesting Access Guide. April 2018

ETSY.COM - PRIVACY POLICY

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY

FIRST TIME USER GUIDE- 2016

ARKANSAS HIGH COST FUND 2013 CARRIER REVENUE REPORT& SELF INVOICE INSTRUCTIONS

Major Appliance Recycling Roundtable ONLINE REGISTRATION & REPORTING SYSTEM INSTRUCTIONS

CertDigital Certification Services Policy

MSRB GATEWAY USER MANUAL

Enterprise Income Verification (EIV) System User Access Authorization Form

1- How do you register for an account with Alberta Transportation s Online Services?

2018 ACH RULE CHANGES AND UPDATES. Jessica Lelii & Jill Lamb, AAP EFT Specialist, MY CU Services, LLC. Disclaimer

Customer Access. Partner Initiated PICA - The Cisco PICA User Guide

RULES AND REGULATIONS OF THE BUICK CLUB OF AMERICA

Change Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account

T2S Connectivity Guide

INSULATOR (HEAT & FROST) (HEAT & FROST INSULATOR)

HP Instant Support Enterprise Edition (ISEE) Security overview

We reserve the right to modify this Privacy Policy at any time without prior notice.

BlackBerry Enterprise Server for Microsoft Exchange

FISCAL. Reimbursements Web Reporting AGENCY USER MANUAL

International Application Service AGENT PORTAL USERS GUIDE

Olympus Grants Registration Guide

Appendix B SUBSCRIPTION TERMS AND CONDITIONS. Addendum to British Columbia Electronic Library Network Electronic Products License Agreement

IBM COBOL for Windows, V7.6 provides a costeffective compiler and runtime environment for customizing third-party applications on Windows servers

Red Flags/Identity Theft Prevention Policy: Purpose

NSDA ANTI-SPAM POLICY

EDI ENROLLMENT AGREEMENT INSTRUCTIONS

Companion Guide Institutional Billing 837I

GST/HST Info Sheet GST/HST Info Sheet

Standard CIP-006-4c Cyber Security Physical Security

INDUSTRIAL MECHANIC (MILLWRIGHT)

TOOL AND DIE MAKER INDUSTRY TRAINING PROGRAM PROFILE ACCREDITED PROGRAM. Occupation Description. Pathways to Certification.

ACH Rules Compliance Audit Requirements Request for Comment

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

ORC ECA Subscriber Instructions for Individual Identity and Encryption Certificates

IDENTITY THEFT PREVENTION Policy Statement

Municipal Law Enforcement Officer Certified-M.L.E.O. (c) Certification Application Guide Program Features

Standard CIP-006-3c Cyber Security Physical Security

Transcription:

Version Number: 5.0 Version Date: August 6, 2007

Version History Version Release Date Description R 1.0 September 30, 1998 Initial version for HRSDC internal reviews. D 2.0 March 15, 1999 Ongoing updates. D 2.1 April 27, 1999 Ongoing updates. D 2.2 May 27, 1999 Ongoing updates. D 2.3 July 21, 1999 Ongoing updates. D 2.4 October 10, 1999 Management review and update. D 2.5 November 15, 1999 Review updates release. R 2.0 December 15, 1999 Updates to contacts list R 3.0.1 November 6, 2001 Ongoing updates. R 4.0 April 27, 2005 Ongoing updates. R 5.0 August 6, 2007 New LRA procedures and new version of ViaSafe. Legend D Draft R Release Notes to the Reader: Comments and questions regarding this document may be addressed to: Canada Education Savings Program Human Resources and Skills Development Canada 140, Promenade du Portage, Phase IV Mailstop: Bag 4 Gatineau, Quebec K1A 0J9 Telephone: 1-888-276-3624 Fax (819) 953-6500 E-mail: cesp-pcee@hrsdc-rhdcc.gc.ca 2

Table of Contents 1 INTRODUCTION... 4 1.1 PURPOSE... 4 1.2 SCOPE... 4 1.3 TERMS... 5 2 NON-TECHNICAL CONNECTIVITY REQUIREMENTS... 6 2.1 PKI SUBSCRIPTION BASICS... 6 2.2 THE GUARANTOR MODEL... 6 2.3 LOCAL REGISTRATION AUTHORITY & THE GUARANTOR... 7 2.4 PKI USER REQUIREMENTS... 7 2.5 LRA & PWGSC CONTACT INFORMATION... 8 3 TECHNICAL CONNECTIVITY REQUIREMENTS... 9 3.1 PWGSC MSFT (MANAGED SECURE FILE TRANSFER) SERVICE... 9 3.2 CONFIGURATION REQUIREMENTS... 9 3.3 NETWORK REQUIREMENTS... 10 3.3.1 Access to ITSB MSFT Services... 10 4 GENERAL TRANSMISSION INFORMATION... 11 4.1 INDUSTRY TESTING... 11 4.2 STANDARD PRODUCTION RUNS... 11 4.3 SUMMARY REPORTING (RECORD TYPE 700 )... 11 4.4 PROCESSING PERIOD... 11 4.5 REPORT TIMING... 12 4.6 MONTHLY PROCESSING... 12 4.7 PRODUCTION SCHEDULES... 13 3

1 Introduction Promoters of Registered Education Savings Plans (RESPs) must report CLB, CES Grant and/or P-Grant applications and financial transactions to Human Resources and Skills Development Canada (HRSDC), Canada Education Savings Program (CES Program). The Program accepts and returns electronic reporting through a dedicated, secure Internet-based, Public Key Infrastructure (PKI). No other means of information exchange is accepted by CES Program. 1.1 Purpose The purpose of this document is to provide detailed information about how to set up secure encrypted bi-directional telecommunications operations between financial institutions and HRSDC, CES Program. 1.2 Scope This document describes the nature of and mechanisms for the transmission of information between financial institutions and CES Program. The Data Interface and Connectivity document provides the following information: How organizations connect and transmit information to CES Program When organizations send and receive information Who to contact for technical support concerning problems with information exchanges with CES Program. This document does not cover general business requirements of organizations managing RESPs or business rules surrounding the CES Program. Business issues are covered in other documents which include: Canada Education Savings Act Canada Education Savings Regulations Canada Education Savings Grant Interface Transaction Standards Canada Education Savings Grant Trustee Agreement Canada Education Savings Grant Promoter Agreement 4

1.3 Terms The following are definitions of terms used in this document: Canada Revenue Agency (CRA) Promoter Sender Formerly Canada Customs and Revenue Agency. Any person (or organization) that offers an RESP to the public and has approval for the RESP from Canada Revenue Agency for purposes of the Income Tax Act (ITA). The organization sending information electronically to the CES Program system and receiving CLB, CES Grant and/or P-Grant payments from the Program. This organization must be the trustee of the RESP or an administrative agent for the RESP trustee. For the purpose of this document a Service Provider is not considered a Sender. Service Provider Any organization that provides a service, on behalf of a financial organization, to compile and submit electronic transaction information to CES Program. 5

2 Non-technical Connectivity Requirements This section outlines non-technical requirements that must be arranged by Senders to transmit files to CES Program. 2.1 PKI Subscription Basics PKI certification facilitates the transmission of secure, encrypted, and authenticated electronic mail over the Internet. PKI encrypted media ensures that no sensitive Promoter information is exposed during transmission between Senders and CES Program. All PKI transmissions receive acknowledgement in both directions. The PKI Certification and MSFT account set-up must be complete prior to submitting any data files to CES Program. Senders must fill out a PKI External Subscriber application form in order to obtain PKI certification. An External Subscriber Application form can be found at the Public Works and Government Services Canada (PWGSC) website. Completed forms can be faxed to the CES Program s authorized LRA (see below). Each Sender is limited to 2 PKI user accounts. One user account should be designated the primary user, and the second as a back-up to the primary user account. Once an account becomes activated, reports already received through the primary user should be deleted. Reports not retrieved or deleted after 3 months will be cleared to reduce network congestion. The back-up account should be activated at least once a month to ensure that it is functioning properly. If an organizational change occurs and a user must be replaced, the active user must advise CES Program, Program Operations along with all the LRA s listed below, that they wish to have their account disabled. Replacement users must submit a PKI External Subscriber application form and continue through the certification process as a new user. 2.2 The Guarantor Model PWGSC has agreed to a new method for issuing PKI certificates, called the "Guarantor Model". This allows the creation of a key without an LRA being present. In most instances, the Guarantor (definition below) will be an Office Manager or current PKI key holder. Others who may be considered as a Guarantor include Judges, Lawyers, Police Officers, Chartered Accountants, Doctors, Dentists, etc - much like the required Guarantor when someone applies for a passport. It is the subscriber's responsibility to find someone who can act as his/her Guarantor. 6

2.3 Local Registration Authority & the Guarantor Local Registration Authority (LRA): Provides assistance to the subscriber of the PKI key on behalf of PWGSC. Guarantor: Provides assistance to the LRA in the form of validating the identity of the PKI key subscriber in person. The LRA & Guarantor participate in PKI key creation process in the following manor: PKI User Initialization: Upon initial subscription, the Guarantor is required to identify each user in person. The LRA and Guarantor are responsible for completing their specified sections of the subscriber application form. The LRA is also responsible for providing the Authorization Code to the user to allow the user to perform the initialization process. User Key Recovery: Key recovery is necessary when a user forgets their password, when the profile is compromised due to loss of PC, when there is suspected unauthorized access, or when one's common name is changed due to a name change or organizational change. In order to request a key recovery the user must submit a PKI Change Request Form to their authorized LRA. This form can be downloaded from the PWGSC website. The LRA will request that the Certificate Authority (CA) set up the user for recovery. The Guarantor will be required to repeat physical identification of the user; the LRA will provide the new authorization code for key recovery via registered mail. Until key recovery is complete, recipients can not submit new files to CES Program or access the report files returned from CES Program. 2.4 PKI User Requirements All PKI users must identify themselves to a Guarantor, showing at least two pieces of identification, including one with a picture and both with a signature, such as a driver s license or building pass. Subsequent to authentication by the Guarantor, the LRA provides the subscriber with half of the initialization codes (the authorization code) via registered mail. The reference code, the other half from the CA, is sent directly to the subscriber by electronic mail. Both codes are required to enable the actual initialization. If there is a problem receiving the authorization codes, contact the authorized LRA or Information Technology Services Branch (ITSB) at the numbers noted below. ITSB is responsible for facilitating secure communications of sensitive information for the federal government. 7

2.5 LRA & PWGSC Contact Information LRA - Main Contact Compliance and Monitoring Canada Education Savings Program Human Resources and Skills Development Canada 140, Promenade du Portage, Phase IV Mailstop: Bag 4 Gatineau, Quebec K1A 0J9 Fax: (819) 953-6500 E-mail: cesg-pcee.indtest@hrsdc-rhdcc.gc.ca PWGSC - National Service Desk Information Technology Services Branch (ITSB) Tel: (613) 738-7782 8

3 Technical Connectivity Requirements This section outlines technical requirements that Senders must fulfill to establish telecommunications with CES Program. 3.1 PWGSC MSFT (Managed Secure File Transfer) Service Senders must use MSFT software to send data to CES Program via the Internet. MSFT is Entrust enabled, and is recognized by HRSDC as a secure method of data encryption. MSFT is the only file transmission technology that CES Program accepts. MSFT software is provided free to Senders by CES Program. MSFT software and installation instructions are sent to Senders by ITSB as part of the PKI subscription process, however, the PKI certification process must be complete prior to installation and use of MSFT. The benefits of using MSFT include the following: Data compression Non-repudiation (proof services) Simple execution Information protection Management and change tracking. 3.2 Configuration Requirements The MSFT Entrust Client works on any personal computer equipped with the following: Pentium 166 MHz microprocessor or better At least 32 Mbytes of RAM At least 12 Mbytes of free disk space on the user s hard disk for software At least 5 times the disk space estimated for data files (ie. 10MB file requires 50MB of free disk space to process through MSFT agent) Network Card or Dial-up Modem Operating system: Windows 95/98, Windows NT Workstation 4.0, Windows XP, Windows 2000 and Windows 2003 Note: This is a Web based application and requires Internet Explorer 5.5 or above. Pop-ups should be enabled for this site. Client needs to have Java Runtime Environment 1.4.02_13 or above (versions 5 or 6 should use the version that has the new DST patches). 9

3.3 Network Requirements Senders must have access to Internet service from the MSFT configured PC. Internet access enables the transmission of secure PKI Internet transmission to the ITSB MSFT agent at one of the PWGSC Data Centers. Note: Response time and service availability depends on the quality of the local Internet service acquired by the Sender. 3.3.1 Access to ITSB MSFT Services Internet Protocol (IP) connectivity must exist from the MSFT Agent PC to the ITSB MSFT service. If the Sender MSFT Agent is running behind any type of Firewall (application firewall, Router, etc.), the following ports must be open (outbound): TCP port 389 for Lightweight Directory Access Protocol (LDAP) connection. This port is used to connect to the LDAP servers. TCP port 829 for Authority portion of the PKI key management portion. Required for maintenance of the user security profile with the PKI server. TCP port 443 for Hypertext Transfer Protocol over Secure Socket Layer or HTTPS and TLS/SSL connections must be granted. 10

4 General Transmission Information CES Program receives information from RESP Senders, in the electronic format defined by the specifications outlined in the Interface Transaction Standards (ITS). Senders submit encrypted data representing transactions within an RESP to ITSB. The data is decoded by ITSB and transferred to CES Program for processing. CES Program returns reports, indicating transaction events and associated errors, to Senders by the same encrypted method. 4.1 Industry Testing Senders must submit data to the CES Program Industry Testing Unit to be certified compliant with the current Interface Transactions Standards specifications. Until Sender test data is certified compliant, Sender production data is not accepted by CES Program. This policy prevents format errors in Promoter data and increases data integrity. The Industry Testing Guide provides detailed information on the guidelines for Industry Testing. 4.2 Standard Production Runs CES Program receives files containing transaction information representing activities within a RESP and processes them monthly based on calendar year and processing period. A production run is typically the monthly timeframe within which CES Program processes Sender data files. 4.3 Summary Reporting (Record Type 700 ) Senders must send records of record type 700 to the program once per processing period. The summary reporting files are sent to CES Program in the same manner as standard production files. Details of the record type 700 can be found in the Interface Transaction Standards. 4.4 Processing Period Senders report all RESP activity that occurred during a processing period to CES Program by the production run cut off date. Processing periods normally extend from the first day of the month to the last day of the same month. The cut off date for Senders to submit a data file for a production run generally falls on the fourth business day following the processing period s end date. 11

For example: the February 2001 production run would have a processing period of January 1 st, 2001 to January 31 st, 2001. The production run cut off date would be February 6 th, 2001. The Summary Reporting Information must also be sent to CES Program on a monthly basis and in a separate file, however, the deadline to submit this information for a given processing period is delayed one month. For example: For the processing period covering January 1 st, 2001 to January 31 st, 2001 the cut-off date for submitting summary reporting information (record type 700) would be the production run cut-off date for the March 2001 production run (March 6, 2001). Note: Any future transactions received in a file following the last day of the processing period will be rejected. For Example: A transaction dated January 3, 2009 received by CES Program on January 4, 2009 for the December 1 to 31, 2008 processing period will be rejected. 4.5 Report Timing The CES Program system uses the Processing date and Transaction Date to determine a beneficiary s entitlement. Therefore, Senders should ensure that transactions which occur in a given processing period are reported to CES Program before the production run cut-off date for that particular processing period. Information contained in files received by the CES Program system, after the production run cut-off date, is stored and processed in the next processing period unless the Sender requests that the file be removed. If transmission to CES Program is delayed due to CES Program technical difficulty, deadline dates are extended and Senders are notified via ListServ notification. 4.6 Monthly Processing The CES Program system processes RESP transactions to calculate the amount of CLB, CES Grant and/or P-Grant awarded by or owed to CES Program. CLB, CES Grant and/or P-Grant are awarded to a beneficiary based on the order the transactions occurred with the Promoter. The CES Program system uses the date of the transaction and not the date in which CES Program receives the transaction information. When processing the monthly CLB, CES Grant and/or P-Grant amount, all transactions from all Senders are considered together during one production run. The single production run prohibits additional data from being collected and processed separately. 12

Transactions occurring on the same date receive grant amounts in proportion to the contribution amount. Therefore, it is important to transmit data within the prescribed period. During processing there is an order in which certain transactions are processed. Non-financial transactions, which provide information on the RESP contract, beneficiary and subscriber, are processed first. Financial transactions (Record type 400 ) such as contributions, withdrawals and transfers are processed after the non-financial transactions. Refer to the Interface Transaction Standards for details on all record and transaction types. Files containing the summary reporting information (record type 700) are processed separate from, and do not have an impact on, the processing of standard financial and non-financial CLB, CES Grant and/or P-Grant transactions. 4.7 Production Schedules Sender transaction data is not processed until after the production run cut off date. After the data is processed, payment of CLB, CES Grant and/or P-Grant to the Sender typically occurs on the last business day of the month. Current production schedules for transaction processing and any other relevant information are issued periodically by CES Program via ListServ notification. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback