E-Procurement Portal has been set up for providing state-of-the-art e-Procurement services in India to Govt. Departments, Public Sector Organisations and Large Private Sector Enterprises. This e-procurement portal comprehensively addresses almost every nuance of the formal Public Procurement process having ‘Legal’, ‘Security’ and ‘Transparency’ related significance.
( Read more: CISO Guide for Denial-of-Service (DoS) Security )
Key Learning: Dos and Don’ts:
Functionality of E-Procurement application includes -- Multi-stage, Multi-envelope Sealed-Bidding (including two-stage tendering process as per CVC Guidelines. The system offers added functionality of e-Reverse Auction, e-Forward Auction, and e-Catalog system, integrated with the core sealed-bid e-Procurement system.
To incorporate such unmatched ‘Security’ and ‘Transparency’ related features, this application uses ‘Symmetric Pass-Phrase’ for bid-encryption (i.e. bid-sealing), as distinct from using Public-Key (i.e. PKI) of TOE officer for bid encryption. While PKI is excellent for electronic/ digital signatures, its use for data-encryption (i.e. bid encryption in the context of e-procurement) is quite useful.
- Planning must include quality analysis and it also includes making checklist for having secure environment.
- Reporting and analysis on Key Security Incident
- Reporting and analyzing on Risk Assessment and remediation activities
- Don’t micro manage.
- Don’t design too much in details.
Opportunities and Challenges:
As this application is fully compliant with – IT Act 2000; CVC Guidelines on e-procurement (especially CVC Circular No. 18/04/2010 dated 26th April 2010); the e-Procurement Integrity Matrix of Transparency International India (TII); Government of India’s e-Procurement Guidelines issued in August 2011 by STQC, Department of IT, Ministry of Communications & IT, Government of India; and ‘Recommendations for Encryption Policy’ u/s 84A of the IT (Amendment) Act, 2008 by the Data Security Council of India (DSCI), regarding ‘Data Encryption’ (i.e. bid encryption in the context of e-procurement), getting a secure environment has always remains a priority and along with all this learning keeping the system running presents both opportunities and challenges.
- Educate on the existence and implications of Information Security policy and standards on their initiatives.
- IT personal – Reinforce their roles and responsibilities pertaining to Information Security.
- All Employees – Establish on their responsibilities to protect systems and Information Assets
- Non Employees – Establishing clarity on their responsible as they position to customer confidential data.
- Adopting mechanism for Safeguarding your Customer Confidential Information.
- Don’t Use Insufficient Support
- Don’t subscribe to non-business service with your business critical.
-With Dinesh Kumar Chawla, Telecommunications Consultants India Ltd., on How To Evaluate An E-Procurement Portal ClickToTweet
What are your takes on E-Procurement? Share your views with us in the comments below.