The International Transaction Log (ITL) connects registries and secretariat systems that are involved in the
emissions trading mechanism defined under the Kyoto Protocol and its Doha amendment. One of the key mandates
of the ITL is to ensure an accurate accounting and verification of transactions proposed by registries in
order to support the review and compliance process of the Kyoto Protocol.
In practical terms, registries send transaction proposals to the ITL, which assesses each proposal against a
set of defined checks, derived from the Kyoto Protocol, its Doha amendment and other relevant COP/CMP
decisions. The ITL then responds to registries’ transaction proposals by clearing them for further
processing. If a transaction proposal is approved, the registry completes the transaction; if the transaction
proposal is rejected, the ITL sends an error code indicating which ITL check has failed and the registry
terminates the transaction.
The full specifications of the ITL system are defined in the
Data Exchange Standards (6517 kB) (DES). The DES describes the technical requirements for the
communication between the ITL and registries. It also provides the list of all the checks performed by the
ITL.The UNFCCC secretariat in its capacity of the ITL administrator has awarded a contract for the development,
hosting and technical support of the ITL to leading IT services companies. The technical arrangements for the
ITL include adequate provisions to ensure high-availability of the system and secure communications between the
ITL and registries. A service desk team, operating 7 days a week, is also in place to assist the administrators
and operators of systems connected to the ITL.
eighth annual report of the ITL administrator (562 kB) provided recommendations to CMP 8 based on lessons
learned during the first commitment period of the Kyoto Protocol. In these recommendations, it was proposed
that information security management be improved based on the International Organization for
Standardization/the International Electrotechnical Commission (ISO/IEC) 27001 and ISO/IEC 27002 standards.
In order to assess the impact of managing information security on the basis of ISO/IEC standards, the ITL
administrator established a Security Working Group (SWG) under the Registry System Administrators Forum.
Following the definition of objectives and plans to adopt a framework for managing the security of the
information assets within registry systems, the ITL administrator and the SWG identified relevant assets and
their associated information security requirements, reviewed known information security threats, and selected
relevant controls in order to manage risks.
Following guidance provided by SBI 40, the ITL administrator and the SWG conducted a registry-specific and
quantitative risk assessment which confirmed varying levels of maturity of information security in registry
systems. The ITL administrator and the SWG prepared the document
(FCCC/SBI/2015/INF.2) which includes recommendations for implementation of further security controls,
including the related resource requirements. This document will be considered at SBI 42.