Checklist for E-Procurement Portal

E-Procurement Portal has been set up for providing state-of-the-art e-Procurement services in India to Govt. Departments, Public Sector Organisations and Large Private Sector Enterprises. This e-procurement portal comprehensively addresses almost every nuance of the formal Public Procurement process having ‘Legal’, ‘Security’ and ‘Transparency’ related significance.

( Read more:  CISO Guide for Denial-of-Service (DoS) Security )

 

Key Learning: Dos and Don’ts:

Functionality of E-Procurement application includes -- Multi-stage, Multi-envelope Sealed-Bidding (including two-stage tendering process as per CVC Guidelines. The system offers added functionality of e-Reverse Auction, e-Forward Auction, and e-Catalog system, integrated with the core sealed-bid e-Procurement system.

To incorporate such unmatched ‘Security’ and ‘Transparency’ related features, this application uses ‘Symmetric Pass-Phrase’ for bid-encryption (i.e. bid-sealing), as distinct from using Public-Key (i.e. PKI) of TOE officer for bid encryption. While PKI is excellent for electronic/ digital signatures, its use for data-encryption (i.e. bid encryption in the context of e-procurement) is quite useful.

Dos:

  • Planning must include quality analysis and it also includes making checklist for having secure environment.
  • Reporting and analysis on Key Security Incident  
  • Reporting and analyzing on Risk Assessment and remediation activities


Don’ts:

  • Don’t micro manage.
  • Don’t design too much in details.

Opportunities and Challenges:

As this application is fully compliant with – IT Act 2000; CVC Guidelines on e-procurement (especially CVC Circular No. 18/04/2010 dated 26th April 2010); the e-Procurement Integrity Matrix of Transparency International India (TII); Government of India’s e-Procurement Guidelines issued in August 2011 by STQC, Department of IT, Ministry of Communications & IT, Government of India; and ‘Recommendations for Encryption Policy’ u/s 84A of the IT (Amendment) Act, 2008 by the Data Security Council of India (DSCI), regarding ‘Data Encryption’ (i.e. bid encryption in the context of e-procurement), getting a secure environment has always remains a priority and along with all this learning keeping the system running presents both opportunities and challenges.

( Read more:  Annual Survey on Cloud Adoption Status Across Industry Verticals )

Dos

  • Educate on the existence and implications of Information Security policy and standards on their initiatives.
  • IT personal – Reinforce their roles and responsibilities pertaining to Information Security.
  • All Employees – Establish on their responsibilities to protect systems and Information Assets
  • Non Employees – Establishing clarity on their responsible as they position to customer confidential data.
  • Adopting mechanism for Safeguarding your Customer Confidential Information.
  • Documentation.

Don'ts

  • Don’t Use Insufficient Support
  • Don’t subscribe to non-business service with your business critical.

-With Dinesh Kumar Chawla, Telecommunications Consultants India Ltd., on How To Evaluate An E-Procurement Portal ClickToTweet

What are your takes on E-Procurement? Share your views with us in the comments below.

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)