Philippine Coast Guard
CG-4 Integrated Systems
Philippine Coast Guard
Sign in
Live on Cloudflare · cg4.pcg-web.app

The logistics backbone of CG-4, in one system.

Fuel, fleet cards, deliveries, mobility, contracts, and document routing — for the Deputy Chief of Coast Guard Staff for Logistics and every unit it serves, end to end.

The platform

Eight systems, one sign-in

Each module owns one logistics function under CG-4's mandate — sharing one directory, one access model, and one audit trail.

Document Routing

Route, track, and act on CG-4 documents end to end — with deadlines, routing slips, and a full audit trail.

Gas Slips

Fuel slip issuance, approval, release, and station-side consumption — QR-verifiable end to end.

Delivery Advices

POL procurement paperwork: delivery advices, invoices, and disbursement vouchers, reconciled.

Fleet Cards

Government fleet-card inventory and monthly consumption reporting across every unit and district.

Mobility

Land-vehicle registry, preventive maintenance, repairs, and monthly inventory for the whole fleet.

Contracts

Procurement and infrastructure contracts through their full lifecycle, with milestone tracking.

Admin Office

Operations & admin support — activities, meetings, and the command calendar in one place.

Tech Support

Report an issue or request help — a tracked ticket, open to every active user.

What's new

Release notes

Every change to the platform is logged here as it ships.

  1. v0.1 Platform shell & secure foundation Rolling out

    Accounts and sign-in, the hierarchical access model, and the module framework — all standing on the new cloud foundation, with an approval wall for new accounts and a full audit trail from day one. Module-by-module release notes will land here next.

Security & compliance

Built on certified, encrypted, fully-audited cloud infrastructure

Security is the foundation of the platform, not an add-on. The directorate's records and the integrity of its transactions are protected at every layer — on infrastructure trusted by governments and enterprises worldwide.

ISO/IEC 27001 ISO/IEC 27701 ISO/IEC 27018 SOC 2 Type II PCI DSS

The underlying cloud network is independently audited to the standards above. The platform itself is engineered to those same controls — encryption, strict access control, and full auditability — and aligns with DICT and Data Privacy Act requirements.

Encrypted at every layer

All traffic is served over HTTPS/TLS with automatically-managed certificates; the database and every uploaded file are encrypted at rest. There is no unencrypted path in or out.

Passwords are never stored

Each is protected with PBKDF2-HMAC-SHA-256 — 100,000 iterations, a unique per-user salt — and compared in constant time, the current OWASP-recommended approach.

Hardened sessions

A random 256-bit token in an HTTP-only, Secure cookie; the server keeps only its SHA-256 hash. Even a full database disclosure cannot reveal a usable session, and accounts revoke instantly.

Server-enforced access

A hierarchical role model is checked on the server for every single action — never merely hidden in the interface. Deny-by-default: no client is ever trusted.

Zero access until approved

New accounts start with no permissions and wait behind an approval wall until an administrator explicitly grants them. There is no self-service escalation.

Complete audit trail

Every consequential action is logged — who did it, what changed before and after, and when — as a permanent, attributable record for command review.

Backup & recovery

The managed database supports point-in-time recovery to any moment within the retention window, and data is replicated across the provider's global network.

Nothing to procure or patch

No servers to buy, no software to install, no per-seat licenses. It runs in any modern browser and updates deploy instantly — with no on-premise box to maintain.

DICT Cloud First Policy

Operating on secure, certified cloud infrastructure rather than an unmanaged local server is exactly what DC No. 2017-002 mandates for government agencies. The 2020 amendment adds the guarantees that matter most:

  • The Philippine government retains full ownership and control of its data, wherever it is hosted.
  • Sole authority over encryption keys — no provider can read the data without government authorization.
  • Data is not subject to foreign law or access except as Philippine law permits.
  • No vendor lock-in or exclusivity; identity and access controls stay with the government.

Data Privacy Act of 2012 (RA 10173)

The platform is designed in alignment with the Act and National Privacy Commission principles through four concrete controls:

Access control
Data minimization
Encryption
Full auditability

Questions command asks

Isn't it safer to keep the data on a physical server in the office?

A server in one building has no geographic redundancy — hardware failure, power loss, fire, flood, or theft can make its data unrecoverable, and it must be monitored, patched, and physically secured around the clock by staff. The certified cloud replicates data across multiple locations automatically, so no single event causes data loss, and a dedicated security team defends it continuously.

Could we just build our own server instead?

The DICT Cloud First Policy sets a high bar for any on-premise alternative: it must be demonstrably superior in security, features, cost, and deployability at once. Certified cloud infrastructure clears all four — annual independent security audits, managed databases and backups out of the box, a far lower true cost of ownership than procurement-plus-maintenance, and provisioning in minutes rather than the 6–18 months government hardware procurement typically takes.

Who can actually see the data?

Only authenticated users with the appropriate role. Every action is tied to a verified account and scoped strictly to what that role requires. The platform uses the cloud only as underlying infrastructure — not as a data processor with visibility into the records — and the Philippine government retains sole control of its own data under the 2020 Cloud First amendment.

Ready when you are

Sign in with your CG-4 account. New here? Register and an administrator will grant your access.

Philippine Coast Guard · CG-4
Deputy Chief of Coast Guard Staff for Logistics
Developed by Mage Technologies, Inc.