The development of a streamlined electronic system requires consideration of the principles that inform the development and maintenance of the system over a time frame involving decades.1 The following are a set of Core Principles that focus on the objective, how the objective is to be realised, and the features of the system.

Design Principles

These principles refer to the design and implementation of the online permit and monitoring system.

  1. A Single System that serves the needs of permit granting authorities and applicants seeking to access genetic resources and/or traditional knowledge associated with genetic resources within a country’s jurisdiction.

  2. A Central Hub. In existing systems a permit application may be circulated by email or by post to various permit granting authorities. In this system the application, once submitted in electronic form, stays in place at a central server based hub. It is assumed that more than one authority may be involved in reviewing or authorising a permit. In this system notifications are dispatched to relevant authorities to inform them of the need for action on a particular application. Authorities log in to the system and take action accordingly, including communications with applicants that are transmitted through the notification system. Communications arising from an application are stored with the application as part of the electronic file register for the application.

  3. Easy to Use. The system should be as simple as possible and not require specialist knowledge or software to access or use the system. The system is intended to be used by non-specialists using simple check boxes and entries in forms.

  4. Responsive. The system should be sufficiently flexible to adapt to the needs of different authorities, including their reporting needs. The needs of police, customs and national park authorities should be addressed through responsive mobile formats (phones and tablets) including use of “permit passes” with QR codes (Quick Response codes) and bar codes similar to a mobile airline boarding pass. The “permit pass” would be carried by applicants and could be checked by relevant authorities on the ground using reader software on mobile phones with minimal effort. Consultation and practical testing with the relevant authorities is required to implement this principle.

  5. Secure. The system should meet standard security requirements (e.g. https:) and comply with applicable data protection laws. Attention should be paid to the provisions of the Nagoya Protocol on confidentiality (Article 14.2, 17.3, 17.4). Particular attention should be paid to the storage of commercially sensitive information linked to a permit and ABS contract including secure offline storage of such information. Backups of the system should be maintained securely and encrypted in accordance with existing standards for the protection of digital information. A physical archive of the documents should be maintained in accordance with existing practice.

Attention may also be required to protect against back doors. A back-door is a secret route into an electronic system that bypasses normal authentication requirements. Back doors may be built in at the design stage (to provide a means of restoring access to the system resulting from lockout) or discovered by users seeking access to the system. Consideration should be given to limiting the potential for back doors in any code and monitoring to detect back doors that may subsequently be discovered by users. For discussion on types of back doors see Wysopal, C and Eng, C (2015) Static Detection of Application Backdoors.

  1. Independent. The system should be based on, and maintained, using widely available standard open source software tools and standard text formats to avoid dependency on a single supplier/contractor or data format. No third party should own all or part of the system. Note that public procurement rules are likely to be of relevance in implementing this principle.

  2. Long Term. The research and development cycle involving biological and genetic resources or associated traditional knowledge may take place over a period of decades. It is therefore important to take a long term perspective on the functioning of the permit system and its integrity over time, including proper back-ups.

  3. Unique Identifiers. Unique identifiers enable internal coherence within the system and monitoring outside the system. For a permit and monitoring system the starting point could be a unique identifier such as a standardised country code (e.g. BS for the Bahamas or UG for Uganda and ZA for South Africa), the date (2015) and unique number (1234) to produce unique identifiers such as BS20151234, UG20151234 or ZA20151234. This system functions very effectively for 90 million patent documents in multiple countries and is recommended.

  4. Triple Redundancy. The permit system should build in the principle of triple redundancy in its tracking system rather than relying on a single point of reference. Triple redundancy is an engineering design principle that means that three distinct systems perform the same function. Because they are independent systems, if one system fails the two others will continue to work. If a second system fails then one other system, normally the simplest, will continue to work. Further details and examples of the implementation of this principle for ABS are provided in Section 4 on unique identifiers.

  5. Integrating Technical and Legal Components. The development of an online permit and monitoring system is a technical development that is directed towards the effective realisation of legal obligations on the part of Parties to the Protocol and establishing clear legal requirements on the part of applicants. Legal aspects of the system, notably with respect to the terms of permits and contracts as well as change of intent should be recognised at the design stage. In practice this means that the development of the technical aspects of the system and the legal aspects should be closely linked. Longer term legal advice should be built into the development cycle to respond to changing legal requirements.

  6. Minimal Human Intervention. Primary responsibility for data input should rest with applicants in entering legally required information. Government action should be confined, as far as possible, to approval of electronic applications, communications related to approvals, and archiving of physical copies of records. The basis of this principle is that human intervention introduces typological errors (such as spelling mistakes) or errors of interpretation (such as interpretations of person or institutional names). These errors affect the integrity and utility of the system over the long term, particularly with respect to monitoring and reporting.

  7. Anticipate Legacy. A development cycle approach to the permit system should be established that involves forward planning and transitioning from an existing system (that becomes the legacy system) to a new system over time. A formal development plan should be developed and periodically reviewed based on experience gained.

  8. Value Permit Staff. The permit system is important to the ability of Parties to the Protocol to implement their obligations, generate benefit-sharing and the valuation of genetic resources and associated traditional knowledge. The time horizon for the realisation of benefits may span decades. While most countries have a permit system it is also important to value the staff who process permit data. This role will become increasingly important in future years in terms of the capacity to bring benefits for conservation and sustainable use. Consideration should therefore be given to recognition of the importance of staff roles and maintaining continuity in the skills required to run and maintain the system.


  1. The research in this paper was conducted with the support of The Bahamas Environment, Science & Technology Commission (BEST) of the Government of the Bahamas under the UNEP/GEF project “Strengthening Access and Benefit Sharing (ABS) in the Bahamas” as set out in Oldham, P (2015) Concepts for an Electronic Monitoring Tool. UNEP/GEF project “Strengthening Access and Benefit Sharing (ABS) in the Bahamas”. The present paper was written with the additional support of The ABS Capacity Development Initiative through the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ). The views expressed are solely those of the authors and should not be interpreted as reflecting the views of the Government of the Bahamas, the ABS Initiative or GIZ.