Archive for November, 2017

SQL Server 2017

November 22nd, 2017

SQL Server 2017 went on general release a couple of weeks ago. This brings a whole host of benefits

Microsoft SQL Server 2017 features the much-anticipated SQL Graph, which provides new graph database capabilities for representing complex many-to-many relationships. Social media platforms like Facebook and LinkedIn use graph databases extensively, and in the era of big data, use cases are emerging across many industries.

Businesses can explore these relationships to reveal valuable information – from changes in the types of structures to the query abilities being requested of you and your teams. Whether it’s identifying similarities in customers behind trends in purchasing behavior, or mapping patterns in credit card usage to determine credit limits or risk indicators of defaulting on repayments, the introduction of graph capabilities to SQL Server makes the processes more streamlined.

Perhaps the most touted feature of the new version is that it will be available to be installed on Linux; an entirely inconceivable premise 10 years ago, which just goes to show how far Microsoft have changed in their approach to supporting non-Windows platforms as standard.

The announcement earlier this year that Power BI would be included as part of SSRS in was welcome. Previously, each tool was well suited for a specific reporting purpose – SSRS was great for designing reports that require a lot of visual tailoring and widely common formats for exporting, whereas Power BI is more geared towards real-time, dashboard views that marry together disparate data sources in a straightforward way. By being able to leverage SSRS to fully utilise Power BI reports, the application suddenly becomes a lot more versatile and the potential for combining together functionality becomes a lot more recognisable. So, for example, having the ability to drill down to an SSRS report from a Power BI report would be an excellent way of providing reporting capabilities that satisfy end-user consumption in 2 different, but wildly applicable, scenarios

The updated SSMS client for SQL Server 2017 has been given refreshed icons that bring the application more in line with how Visual Studio and other Microsoft products are looking these days

Inside a Microsoft cloud data centre with Synergy Software Systems

November 22nd, 2017

Get the reach and local presence you need with Microsoft’s global datacenters – https://azure.microsoft.com/en-us/regions/ Azure is generally available in 36 regions around the world, with plans announced for 6 additional regions.

Go beyond the limits of your on-premises datacenter using the scalable, reliable infrastructure that powers the Microsoft Cloud.

Transform your business and reduce maintenance costs with an energy-efficient infrastructure spanning more than 100 highly secure facilities worldwide, linked by one of the largest networks on earth.

The engine that powers Microsoft’s cloud services, the is designed to support smart growth, high reliability, operational excellence, cost-effectiveness, environmental sustainability, and a trustworthy online experience for customers and partners worldwide.

Microsoft deliver the core infrastructure and foundational technologies for Microsoft’s over numerous online businesses including: Dynamics 365, Power Bi, Cortana analytics, IoT, Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Windows Azure platform.

The infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers, content distribution networks, edge computing nodes, and fiber optic networks.

The portfolio is built and managed by a team of subject matter experts working 24x7x365 to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide

Those are 2014 figures and the Microsoft cloud has expanded greatly since then for example the acquisition of Linked in and the launch of Dynamics 365.

To help you comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft offers the most comprehensive set of compliance offerings of any cloud service provider. Microsoft business cloud services operate with a cloud control framework, which aligns controls with multiple regulatory standards (https://www.microsoft.com/en-us/trustcenter/guidance/risk-assessment#Audit-reports)

Argentina PDPA – Microsoft has implemented the security measures in the Argentina Personal Data Protection Act.

BIR 2012 – Agencies operating in the Netherlands government sector must comply with the Baseline Informatiebeveiliging Rijksdienst standard.

Canadian Privacy Laws – Microsoft contractually commits to implementing security that helps protect individuals’ privacy.

CCSL (IRAP) – Microsoft is accredited for the Australian Certified Cloud Services List based on an IRAP assessment.

CDSA – Azure is certified to the Content Delivery and Security Assoc. Content Protection and Security standard.

China DJCP – Azure and Office 365 operated by 21Vianet are rated at Level 3 for information security protection.

China GB 18030 – Azure and Office 365 operated by 21Vianet are certified as compliant with the Chinese character standard.

China TRUCS – Azure and Office 365 operated by 21Vianet obtained Trusted Cloud Service certification.

CJIS – Microsoft government cloud services adhere to the US Criminal Justice Information Services Security Policy.

CS Mark (Gold) – Microsoft received the CS Gold Mark in Japan for Azure (IaaS and PaaS) and Office 365 (SaaS).

CSA STAR Attestation -Azure and Intune were awarded Cloud Security Alliance STAR Attestation based on an independent audit.

CSA STAR Certification – Azure, Intune, and Power BI were awarded Cloud Security Alliance STAR Certification at the Gold level.

CSA STAR Self-Assessment – Microsoft STAR Self-Assessment details how cloud services fulfill Cloud Security Alliance requirements.

DFARS – Microsoft Azure Government supports Defense Federal Acquisition Regulation (DFARS) requirements.

DoD – Microsoft received Department of Defense (DoD) Provisional Authorizations at Impact Levels 5, 4, and 2.

EN 301 549 – Microsoft meets EU accessibility requirements for public procurement of ICT products and services.

ENISA IAF – Azure aligns with the ENISA framework requirements through the CSA CCM version 3.0.1.

EU Model Clauses – Microsoft offers EU Standard Contractual Clauses, guarantees for transfers of personal data.

EU-U.S. Privacy Shield – Microsoft complies with this framework for protecting personal data transferred from the EU to the US.

FACT – Microsoft Azure achieved certification from the Federation Against Copyright Theft in the UK.

FDA CFR Title 21 Part 11 – Microsoft helps customers comply with these US Food and Drug Administration regulations.

FedRAMP – Microsoft was granted US Federal Risk and Authorization Management Program P-ATOs and ATOs.

FERPA – Microsoft aligns with the requirements of the US Family Educational Rights and Privacy Act.

FIPS 140-2 – Microsoft certifies that its cryptographic modules comply with the US Federal Info Processing Standard.

FISC – Microsoft meets the requirements of the Financial Industry Information Systems v8 standard in Japan.

GxP – Microsoft cloud services adhere to Good Clinical, Laboratory, and Manufacturing Practices (GxP).

HIPAA/HITECH – Microsoft offers Health Insurance Portability & Accountability Act Business Associate Agreements (BAAs).

HITRUST – Azure is certified to the Health Information Trust Alliance Common Security Framework.

IRS 1075 – Microsoft has controls that meet the requirements of US Internal Revenue Service Publication 1075.

ISO 9001 – Microsoft is certified for its implementation of these quality management standards.

ISO 20000-1:2011 – Microsoft is certified for its implementation of these service management standards.

ISO 22301 – Microsoft is certified for its implementation of these business continuity management standards.

ISO 27001 – Microsoft is certified for its implementation of these information security management standards.

ISO 27017 – Microsoft cloud services have implemented this Code of Practice for Information Security Controls.

ISO 27018 – Microsoft was the first cloud provider to adhere to this code of practice for cloud privacy.

IT Grundschutz Compliance Workbook – Azure Germany published this Workbook to help our clients achieve IT Grundschutz certification.

ITAR – Azure Government supports customers building US International Traffic in Arms Regs-capable systems.

MARS-E – Microsoft complies with the US Minimum Acceptable Risk Standards for Exchanges (MARS-E).

MeitY – The Ministry of Electronics and Info Technology in India awarded Microsoft a Provisional Accreditation.

MPAA – Azure successfully completed a formal assessment by the Motion Picture Association of America.

MTCS – Microsoft received certification for the Multi-Tier Cloud Security Standard for Singapore.

My Number (Japan) – Microsoft does not have standing access to My Number data, a number unique to each resident of Japan.

NEN 7510:2011 – Organizations in the Netherlands must demonstrate control over patient health data in accordance with the NEN 7510 standard.

NHS IG Toolkit – Azure is certified to the Health Information Trust Alliance Common Security Framework.

NIST 800-171 – Microsoft DoD certifications address and exceed US NIST 800-171 security requirements.

NIST CSF – Microsoft Cloud Services meet the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

NZ CC Framework – Microsoft NZ addresses the questions published in the New Zealand cloud computing framework.

PCI DSS – Azure complies with Payment Card Industry Data Security Standards Level 1 version 3.1.

Section 508 – Microsoft cloud services offer Voluntary Product Accessibility Templates.

Shared Assessments – Microsoft demonstrates alignment of Azure with this program through the CSA CCM version 3.0.1.

SOC 1- Microsoft cloud services comply with Service Organization Controls standards for operational security.

SOC 2 – Microsoft cloud services comply with Service Organization Controls standards for operational security.

SOC 3 – Microsoft cloud services comply with Service Organization Controls standards for operational security.

Spain ENS – Microsoft received Spain’s Esquema Nacional de Seguridad (National Security Framework) certification.

UK Cyber Essentials PLUS – Cyber Essentials PLUS is a UK government-defined scheme to help organizations protect against common cyber-security threats.

UK G-Cloud – The Crown Commercial Service renewed the Microsoft cloud services classification to Government Cloud v6.

WCAG 2.0 – Microsoft cloud services comply with the Web Content Accessibility Guidelines 2.0.

Blog registration discontinued.

November 22nd, 2017

To the many of you who have asked for registration and not had a response, please accept our apologies. The overwhelming success of the site means we get typically 50 new registrants a day and it has been administratively difficult to keep up so with approval and review or comments from over 10000 subscribers. So much against the trend we have dropped the social media links and options to comment.

This will give us more time to add content and will also help with performance o the site.

U.A.E. Draft VAT regulations – Synergy Software Systems summary

November 20th, 2017

The UAE Ministry of Finance announced the Executive Regulation for the Federal Decree-Law No. (8) of 2017 on Value Added Tax at a Cabinet meeting on 7 November 2017, headed by His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE, Ruler of Dubai.

The Regulation defines VAT as the 5% tax imposed on the import and supply of goods and services at each stage of production and distribution, including:
- what is a deemed supply, with the exception of specific supplies subject to the zero rate
– what is exempted as specified in the Decree-Law.

Before reviewing the individual titles of the registration this is summary of the salient points:

VAT Registrations
It is important to note that the draft VAT executive regulations state that businesses are required to register in accordance with the timelines previously announced by the Federal Tax Authority. As a consequence, if taxpayers have not registered within these timelines, it may potentially result in late registration penalties which are AED 20,000.

The UAE’s Federal Tax Authority is urging companies subject to the value-added tax to register before December 4 to avoid paying the tax from their own pockets.

The Federal Tax Authority (FTA) requires by law 20 working days to access and process their applications, said Khalid Al Bustani at a media briefing in Dubai. Companies submitting applications after that date are not guaranteed to get their formalities completed, will not be able to charge 5 per cent VAT to their customers and may have to pay the tax from their pocket until their registrations are finished, according to FTA officials at the briefing.

– Businesses providing taxable supplies may apply for a voluntary VAT registration if their sales exceed AED 187,500 per annum
- Businesses providing exclusively zero-rated supplies may apply for an exemption from the obligation to VAT register
- The mandatory VAT registration threshold is AED 375,000 sales per annum
- A registration application must be submitted within 30 days of being obliged to register
- Tax Groups may be formed for multiple, related parties businesses to register under one number – one taxable party, the ‘representatives’, takes on the responsibility to prepare and submit the consolidated return
- De-registrations are permitted on the cessation of the taxable supplies, or on the tax authorities decision

Tax point
VAT becomes due on the earlier of:
-The invoice date
- The delivery of the goods or performance of the service
- The payment date

Place of supply rules
- For real estate, a supply is deemed to take place in UAE where the services is directly connected with UAE real estate
– Domestic transport services are deemed to be supplied from the place where the transport commences
- For goods transported to another GCC State which has implemented VAT (‘implementing state), the place of supply is the destination provided adequate proof of transportation can be obtained

Zero rating
The following goods and services shall be zero-rated for VAT purposes (note: all foods will be standard rated):
- Goods physically exported to other VAT registered businesses outside of the UAE or other implementing state provided commercial evidence of the transport is retained by the vendor
- when supplied to a customer that does not have a establishment in UAE and is outside of the country at the time of supply. The exception is real estate in UAE.
- Supply of international transportation services for passengers and goods
- The supply or import of precious metals
- New residential property supplies
- Education services if supplied by an accredited government body
- Healthcare services provided by a body linked to the state
- Approved pharmaceuticals

Exempt supplies

The following services will be exempted from VAT:
- Financial services related to dealing in money (e.g. FX, debt securities, loans, bank accounts, derivatives or similar, issuing shares and life insurance)
- Other financial services attracting a fee or commission are liable to VAT
- Residential buildings with a lease longer than 6 months
- Bare land
- Local passenger transport

VAT Free Designated Zones

Special geographical areas within the UAE, but outside of the UAE VAT regime. These are created upon a decision by the Cabinet. They have security measures and customs controls to monitor the movement of goods. The transfer of goods or provision of services within the Zones will not be subject to VAT – similar to the bonded warehouse concept.
Import VAT becomes payable when any goods leave the Zone.

Non-recoverable VAT

The following VAT is not recoverable against VAT on taxable supplies:
- Entertainment for non-employees
- Personal use vehicles and other goods for employees
- Employee-use goods not directly associated with the provision of taxable supplies

VAT invoices
VAT invoices must include the following details:
- Name and address of supplier
- VAT Number
- Unique VAT invoice number
- Date of invoice, and date of supply if different
- Description of the goods/services provided
- Unit prices, quantity or volumes of the supplies
- Any discount offered
- VAT calculation and gross amount due in AED (any rate of exchange used)

Simplified invoices may be issued to non-tax payers or when the consideration is below AED 10,000.

Electronic invoices may be issued if the vendor has secure storage facilities, and the authenticity of the invoice can be guaranteed

VAT reporting
The standard VAT reporting period is 3 months
VAT returns must be received by the 28th of the month following the reporting period.

The VAT return includes:
- Name, address and tax registration number of the tax payers
- The tax period
- Submission date
- Values of taxable supplies made, and output VAT charged
- Values of zero rated supplies made
- Values of exempt supplies made
- Value of taxable supplies consumed, and input VAT claimed
- Total value of VAT due

Transitional rules
- Goods or services provided before the implementation of VAT will be treated as having been provided on the implementation date
- A payment for the services prior to the implementation date will be disregarded for determining the time of supply after the implementation date
- The value prior to VAT implementation of any goods or services will be treated as exclusive of VAT

The Value Added Tax (VAT) to be launched on January 1 in UAE will bring many changes in the price structure of the goods and services in the country. While some basic things like school fees will be exempt from tax, many other essential items such as: water, food, and jewelry may be included in the VAT.

The VAT in UAE will be levied at a fixed rate of 5 per cent on all applicable items.

The tax will also be levied from the tourists visiting the country, however, the tax paid by tourists in the UAE will be refunded back to them at the airport.

Check out below the list of goods/services we understand will be taxed under VAT
◾Food
◾Electricity bills (Power)
◾Jewellery
◾Car rentals
◾Smartphones
◾Dining out
◾Commercial rents (Renting out for commercial purposes)
◾Plastic surgery
◾Uniforms of private and public schools
◾Water bills
◾Cars
◾Electronics
◾Watches
◾Entertainment
◾Tenancy contracts
◾Hotel
◾Service apartment
◾Private school books

Goods/services we understand to be exempt from VAT
The following items/services will be VAT exempt:
◾Medical fees
◾Air travel
◾Medicines
◾Basic and preventive surgery
◾Exam fees
◾Local transport
◾Residential rents
◾Public school books

The VAT will also be applicable to the free zone companies making supplies outside the zone. This might increase pre-financing cost for such companies.

Draft Regulation Titles:

The first title of the Regulation includes the definitions of terms used.

The second title deals with supply, which includes:
- articles regulating the supply of goods and services,
- supplies that consist of more than one component
- the exceptions related to deemed supplies.

The third title of the document tackles the subject of registration, such as:
– mandatory and voluntary registration,
– related parties,
– conditions to be met to register tax groups
– appointing a representative member,
– deregistration,
– exception from registration,
– registration on law coming into effect
– obligations to be met before deregistration.

The fourth title looks into rules relating to supply, including:
– articles on the date of supply,
– place of supply for goods,
– place of supply of services for real estate,
– transport services,
– telecommunications and electronic services,
– intra-GCC supplies,
– the market value,
– prices to be inclusive of: tax, discounts, subsidies and vouchers.

The fifth title discusses profit margins, and also explains how to calculate VAT based on profit margins,

The sixth title addresses zero-rated goods and services, including:
- telecommunications,
- international transportation of passengers or goods,
- investment grade precious metals,
- new and converted residential buildings,
- healthcare,
- education
- buildings earmarked for charity.

The seventh title clarifies provisions relating to products and services exempt from value added tax, namely:
- the supply of certain financial services as specified in the Executive Regulation,
- the supply of residential (non-zero-rated) buildings either by sale orby lease,
- the supply of bare land,
- the supply of local passenger transport.

The eighth title addresses accounting for tax on:
- specific supplies and includes articles relating to supplies with more than one component,
– general provisions in relation to import of goods
– applying a reverse charge on goods and services,
– moving goods to implementing states
– imports by non-registered persons.

The ninth title address Designated Zones in article (51),

The tenth 10 provides further detail on:
- calculating due tax,
- recovery of input tax relating to exempt supplies,
- input tax not recoverable, a
- special cases for input tax.

The eleventh includes:
- article (55) on apportioning input tax
- article (56) on adjusting input tax after recovery,

The twelfth title addresses:
- the capital asset scheme in article (57)
- adjustments within the capital asset scheme in article (58).

The thirteenth title includes:
- article (59) on tax invoices,
- article (60) on tax credit notes
- article (61) on fractions of the fils.

The fourteenth title discusses Tax Periods and Tax Returns,

The fifteenth title 15 goes into recovery of excess tax in article (65).

The sixteenth title 16 tackles recovery in other cases and includes:
- article (66) on new housing for nationals,
- article (67) on business visitors,
- article (68) on tourists
- article (69) on foreign governments.

The seventeenth title includes:
- article (70) on Transitional Rules,
- article (71) on record-keeping requirements
- article (72) on keeping records of supplies made.

The eighteenth title discusses closing provisions.

The draft text of the Executive Regulation for Federal Decree-Law No. (8) of 2017 on Value Added Tax, is to be published on the UAE Ministry of Finance’s website www.mof.gov.ae – https://www.mof.gov.ae/en/budget/pages/vatquestions.aspx
and the Federal Tax Authority’s website www.tax.gov.ae​​

https://www.tax.gov.ae/pdf/VAT-Decree-Law-No-8-of-2017.pdf

Some comments:
The Executive Regulation is clear that prices must be expressed inclusive of VAT unless something is being supplied for export or where the customer is registered for VAT i.e. for B2C retail sales

This will prevent preventing businesses from misleading consumers by adding 5 per cent to the price at the till, but it s gives rise to complexity where businesses are supplying to a combination of consumers, non-registered businesses and registered businesses, and where they make both domestic and international supplies.

There is reference to “Designated Zones” being treated as outside the UAE in the Decree-Law, but the Executive Regulation makes it clear these must be “a specific fenced geographic area [which] has security measures and customs controls in place to monitor entry and exit of individuals and movements of goods to and from the area”. It simply wasn’t permissible under the GCC Framework Agreement, or the design of VAT generally, to treat the Dubai International Financial Centre differently from anywhere else in the UAE.

Banks, will need to work through Article (42) of the Executive Regulation to determine which of their supplies are exempt and which are standard rated. For example, supplies cannot be exempt if they are “conducted in return for an explicit fee, discount, commission, and rebate or similar”.
Furthermore, in relation to Islamic finance products, the drafting is currently unclear on whether each separate part of a product will need to be certified as Sharia compliant, or whether only a product generally has to have been certified.

Challenges remain for certain sectors. Healthcare services, which are generally zero rated, are defined as a supply “that is generally accepted in the medical professions as being necessary for the treatment of the recipient of the supply including preventive treatment”. That’s not just a question for a tax lawyer. That’s a question for a doctor.

The UAE Executive Regulation now takes a more considered approach than the simpler but ultimately unsatisfactory approach taken in the Saudi legislation with regard to existing contracts. Under the Executive Regulation, when a contract is silent on VAT, the consideration will be treated as exclusive of VAT, and the recipient will be required to pay VAT in addition if, broadly speaking,
(i) the recipient of the supply is registered for VAT;
(ii) the recipient of the supply has the right to recover the VAT charged in full, or in part.

It is still unclear regarding VAT on supplies to government entities – for example, whether an entity is in fact a government entity, whether a government entity is required to be registered, and whether it has the right to recover VAT?

Security, security

November 5th, 2017

The IRS fends off 4 million hacking attempts a day, Commissioner John Koskinen said last Tuesday