Fuel, fleet cards, deliveries, mobility, contracts, and document routing — one platform for the Deputy Chief of Coast Guard Staff for Logistics and the Coast Guard units it supports nationwide.

The platform
Each module owns one logistics function under CG-4's mandate — sharing one directory, one access model, and one audit trail.
Route, track, and act on CG-4 documents end to end — with routing slips, attachments, and a full audit trail.
Fuel slip issuance, approval, release, and station-side consumption — QR-verifiable end to end.
Fuel (FOL) procurement — delivery advices, invoices, disbursement vouchers, and unit gas-slip issuance, reconciled.
Government fleet-card inventory and monthly consumption reporting across every unit and district.
Land-vehicle registry, preventive maintenance, repairs, and monthly inventory for the whole fleet.
PCG vessel registry with live AIS tracking — follow the fleet on the map, by hull number or ship name.
Procurement and infrastructure contracts through their full lifecycle, with milestone tracking.
Operations & admin support — activities, meetings, and the command calendar in one place.
Report an issue or request help — a tracked ticket, open to every active user.
What's new
Every change to the platform is logged as it ships — carrying the full v1.x history forward into v2.0.0-beta.66.
Document Routing now carries the clearer, more responsive working experience proven in CG-6 while preserving CG-4's department permissions and operational workflows. Its analytics are more accurate and actionable, and the obsolete document-deadline workflow has been retired.
Security is the foundation of the platform, not an add-on. The directorate's records and the integrity of its transactions are protected at every layer — on infrastructure trusted by governments and enterprises worldwide.
The underlying cloud network is independently audited to the standards above. The platform itself is engineered to those same controls — encryption, strict access control, and full auditability — and aligns with DICT and Data Privacy Act requirements.
All traffic is served over HTTPS/TLS with automatically-managed certificates; the database and every uploaded file are encrypted at rest. There is no unencrypted path in or out.
Each is protected with PBKDF2-HMAC-SHA-256 — 100,000 iterations, a unique per-user salt — and compared in constant time, the current OWASP-recommended approach.
A random 256-bit token in an HTTP-only, Secure cookie; the server keeps only its SHA-256 hash. Even a full database disclosure cannot reveal a usable session, and accounts revoke instantly.
A hierarchical role model is checked on the server for every single action — never merely hidden in the interface. Deny-by-default: no client is ever trusted.
New accounts start with no permissions and wait behind an approval wall until an administrator explicitly grants them. There is no self-service escalation.
Every consequential action is logged — who did it, what changed before and after, and when — as a permanent, attributable record for command review.
The managed database supports point-in-time recovery to any moment within the retention window, and data is replicated across the provider's global network.
No servers to buy, no software to install, no per-seat licenses. It runs in any modern browser and updates deploy instantly — with no on-premise box to maintain.
Operating on secure, certified cloud infrastructure rather than an unmanaged local server is exactly what DC No. 2017-002 mandates for government agencies. The 2020 amendment adds the guarantees that matter most:
The platform is designed in alignment with the Act and National Privacy Commission principles through four concrete controls:
Frequently asked questions
A server in one building has no geographic redundancy — hardware failure, power loss, fire, flood, or theft can make its data unrecoverable, and it must be monitored, patched, and physically secured around the clock by staff. The certified cloud replicates data across multiple locations automatically, so no single event causes data loss, and a dedicated security team defends it continuously.
The DICT Cloud First Policy sets a high bar for any on-premise alternative: it must be demonstrably superior in security, features, cost, and deployability at once. Certified cloud infrastructure clears all four — annual independent security audits, managed databases and backups out of the box, a far lower true cost of ownership than procurement-plus-maintenance, and provisioning in minutes rather than the 6–18 months government hardware procurement typically takes.
Only authenticated users with the appropriate role. Every action is tied to a verified account and scoped strictly to what that role requires. The platform uses the cloud only as underlying infrastructure — not as a data processor with visibility into the records — and the Philippine government retains sole control of its own data under the 2020 Cloud First amendment.