e-Tendering - MKCL

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 9 months ago)

73 views

E
-
TENDERING

CVC, IT Act & other Security Aspects

Introduction


Organizations

or

departments

require

certain

raw

material/stationery/items

which

are

needed

in

order

of

their

proper

functioning

in

day
-
to
-
day

activities
.

For

example

:

An

organization

has

an

accounts

department,

which

needs

regular

supply

of

stationery

in

order

to

keep

its

books

up
-
to
-
date
.


So,

to

procure

such

items

or

services,

which

are

needed

by

any

organization

in

order

to

function

properly
;

they

undergo

a

process

of

tendering

through

which

they

assign

the

work/service

to

the

outside

party

for

regular

supply

of

such

work/service
.

Tendering / Procuring


Process

of

procuring

for

a

certain

time

frame

at

pre
-
fixed

rates

on

pre
-
defined

terms

&

conditions

is

known

as

TENDERING/

Procurement
.


Even

after

such

a

high

penetration

of

IT

in

organizations,

these

processes

are

still

done

manually
.



The

processes

are

well

defined,

but

manual

processes

has

its

limitations
.

Difference between Procurement /
Tendering


Procurement

:

It

is

the

acquisition

of

goods

and/or

services

at

the

best

possible

total

cost

of

ownership,

in

the

right

quality

and

quantity,

at

the

right

time,

in

the

right

place

and

from

the

right

source

for

the

direct

benefit

or

use

of

corporations,

individuals,

or

even

governments,

generally

via

a

contract
.


Tender

:

is

a

legal

way

of


offering

.

In

simple

words,

it

is

a

legal

document

which

offers

a

contract
.

So, we tender if we need to procure something !

Limitations or Drawbacks


The traditional process is manual and hence attracts more cost &
time.


Different departments employ separate tendering. De
-
centralized
processes again add to all these.


Additional burden of paperwork.


Very lengthy process, difficult to understand and requires dedicated
man
-
power.


Increased cases of fake tendering/bribery lead to lack of faith in
process.


Transparency of process as well as of persons involved is at stake.


Small geographical reach. Local competition & local lobby
flourishes.


These are only a few… We can effectively manage to process
tendering/procurement processes the ‘e’ way !

What is e
-
Procurement ?


e
-
Procurement

is

IT
-
enabled

process

of

procurement
.

Employing

IT

systems

&

solutions

to

do

the

process

of

tendering/procurement
.


A

Web

based

approach

to

remove

the

paper

based

manual

process

to

a

tech
-
based

process

which

gives

additional

features

like

time

saving,

cost

reduction,

greater

transparency

etc
.


Why e
-
Procurement ? Its need…


In

order

to

ensure

economy

and

efficiency

in

procurement
-

Reduction

in

costs,

better

price

negotiation

and

shorter

procurement

cycle
.

Through

an

easy

and

effective

reporting

and

analysis

tools,

one

can

improve

efficiency

in

report

maintenance,

check

maverick

buying

and

create

seamless

data

integration
.

Clarity

of

specifications

and

adherence

to

time

frame

are

other

benefits
.


To

promote

competition

among

bidders


To

provide

equitable

treatment

of

bidders


To

promote

fairness

and

transparency

in

bidding

offers


Further

from

a

Government

Department’s

perspective

e
-
procurement

system

can

be

designed

to

factor

in

all

Rules

and

Orders

on

the

subject

such

as
:


Rules

relating

to

procurement

in

GFR

2005


Policy

preferences

for

PSUs/cottage

and

small

industries


CVC

Guidelines


C&AG

observations


Delegation

of

Powers


Best

international

practices

Central Vigilance commission

Central Vigilance Commission


Formed

in

February,
1964

on

the

recommendations

of

the

Committee

on

Prevention


of

Corruption,

headed

by

Shri

K
.

Santhanam
,

to

advise

and

guide

Central

Government

agencies

in

the

field

of

vigilance
.


CVC

is

conceived

to

be

the

apex

vigilance

institution,

free

of

control

from

any

executive

authority,

monitoring

all

vigilance

activity

under

the

Central

Government

and

advising

various

authorities

in

Central

Government

organizations

in

planning,

executing,

reviewing

and

reforming

their

vigilance

work
.


The

CVC

Bill

was

passed

by

both

the

houses

of

Parliament

in

2003

and

the

President

gave

its

assent

on

september

11
,

2003
.

Thus

the

Central

Vigilance

Commission

Act

2003

(No
45

0
f

2003
)

came

into

effect

from

that

date
.

CVC Act


The

CVC

Bill

was

passed

by

both

the

houses

of

Parliament

in

2003

and

the

President

gave

its

assent

on

September

11
,

2003
.



Thus,

the

Central

Vigilance

Commission

Act

2003

(No
45

0
f

2003
)

came

into

effect

from

that

date
.


The

Commission,

while

conducting

the

inquiry,

shall

have

all

the

powers

of

a

Civil

Court

with

respect

to

certain

aspects
.

Jurisdiction of CVC


Members

of

All

India

Service

serving

in

connection

with

the

affairs

of

the

Union

and

Group

A

officers

of

the

Central

Government


Officers

of

the

rank

of

Scale

V

and

above

in

the

Public

Sector

Banks


Officers

in

Grade

D

and

above

in

Reserve

Bank

of

India,

NABARD

and

SIDBI


Chief

Executives

and

Executives

on

the

Board

and

other

officers

of

E
-
8

and

above

in

Schedule

‘A’

and

‘B’

Public

Sector

Undertakings


Chief

Executives

and

Executives

on

the

Board

and

other

officers

of

E
-
7

and

above

in

Schedule

‘C’

and

‘D’

Public

Sector

Undertakings


Managers

and

above

in

General

Insurance

Companies


Senior

Divisional

Managers

and

above

in

Life

Insurance

Corporations


Officers

drawing

salary

of

Rs
.
8700
/
-

p
.
m
.

and

above

on

Central

Government

D
.
A
.

pattern,

as

on

the

date

of

the

notification

and

as

may

be

revised

from

time

to

time

in

Societies

and

other

Local

Authorities

CVC guidelines : e
-
Procurement


Various GOs/GRs regarding CVC guidelines on e
-
Procurement can be found on
http://www.cvc.nic.in/proc_works.htm


These

promote

use

of

a

web
-
based

tendering

process

to

ensure

greater

transparency,

high

efficiency,

effective

cost

cutting

through

reduction

of

time

delays

etc
.
,

defining

the

powers

of

people

involved

with

respect

to

various

rules/practices

followed

and

the

security

aspects

that

need

to

be

followed
.


Electronic Actions have a legal binding


We

must

adhere

to

all

the

legal

bindings

in

all

our

actions
.


Documentation

plays

vital

role

in

all

manual

processes

across

organizations
.


Similarly,

there

was

a

need

to

legalize

the

transactions

made

in

electronic

mode
.


IT

Act

was

implemented

to

give

authentication

to

documents

and

signatures

in

e
-
mode
.

IT Act of India


The

Act

simultaneously

amended

the

following

Acts
-


The

Indian

Penal

Code

Act,

1860
;

The

Indian

Evidence

Act,

1872
;

The

Reserve

Bank

of

India

Act,

1934
;

The

Banker’s

Book

Evidence

Act,

1891
.


Gave

legal

recognition

to

electronic

records

(Section

4

of

the

Act)


Gave

legal

recognition

to

digital

signatures

(Section

5

of

the

Act)


Provided

for

Certifying

Authorities

and

Subscribers

in

connection

with

digital

signature

(Section

17

to

42

of

the

Act)


Made

provision

for

penalties

for

cyber

offences

(Section

43

to

47

of

the

Act)


Established

Cyber

Appellate

Tribunal

(Section

48

to

64

of

the

Act)


Listed

cyber

offences

(Section

65

to

78

of

the

Act)
.

IT Act provides legal backbone to


Electronic

Commerce

(E
-
Commerce)

includes

not

only

Internet

commerce

but

also

transactions

through

other

electronic

medium
.

In

other

words

it

can

be

described

as
-



transaction

between

a

company

and

its

customers

i
.
e
.

buying

and

selling

of

goods
,

services

and

information

(including

after
-
sale

service

and

support
)
;



exchange

of

structured

business

information

between

two

or

more

companies
,

e
.
g
.

Electronic

Data

Interchange

(EDI)
;

and


internal

commerce

involving

work

flow

reengineering,

product

and

service

customization,

Supply

Chain

Management

(SCM)

etc
;

by

using

electronic

devices
.


Electronic

devices/medium

used

for

E
-
Commerce

include



Bar

Code

Machines,

Vending

Machines,

Telephone

&

Telegraphs,

Fax,

Television,

Stand

alone

Computers,

Computer

Network,

Internet,

WWW

&

E
-
mail
.

And it talks about SECURITY…


In

manual

process,

we

maintain

a

definite

security

through

defined

means

and

authenticity

of

our

acts

is

reflected
.



IT

transactions

or

electronic

actions

also

are

legalized

by

implementing

IT

Act
.


BUT,

IT

Act

talks

about

the

Secured

actions

and

transactions

and

securely

authenticating

the

documentation
.

It

also

talks

about

the

ways

in

which

information

should

be

encrypted

so

as

to

maintain

its

authenticity
.

Secured Documentation


The

process

of

DIGITAL

SIGNATURE

involves

the

converting

electronic

record

into

secret

code

first,

and

then

translating

the

codes

into

a

small

number

by

applying

a

formula
.

Each

licensed

Subscriber

uses

unique

secret

code

and

formula,

which

is

known

to

him

only
.

This

is

done

through

private

key
.

Based

on

private

key

techniques,

public

key

is

designed
.


The

AUTHENTICATION

of

the

electronic

record

shall

be

effected

by

the

use

of

asymmetric

crypto

system

and

hash

function

which

envelop

and

transform

the

initial

electronic

record

into

another

electronic

record
.


ASYMMETRIC

CRYPTO

SYSTEM

:

a

system

of

a

secure

key

pair

consisting

of

a

private

key

for

creating

digital

signature

and

a

public

key

to

verify

the

digital

signature
.


PRIVATE

KEY

:

the

key

of

a

key

pair

used

to

create

digital

signature


PUBLIC

KEY

:

the

key

of

a

key

pair

used

to

verify

a

digital

signature

and

listed

in

the

Digital

Signature

Certificate
.

Contd



CRYPTOGRAPHY

:

The

process

of

coding

is

called

encryption

and

the

process

of

decoding

is

called

decryption
.

Encryption

and

decryption

is

done

through

software
.

These

software

are

called

Public

Key

and

Private

Key
.

Private

Key

is

kept

secret

and

the

Public

Key

is

made

public
.


HASH

FUNCTION

means

an

algorithm

mapping

or

translation

of

one

sequence

bits

into

another,

generally

a

smaller

set
,

known

as

‘hash

result’

such

that

an

electronic

record

yields

the

same

hash

result

every

time

the

algorithm

is

executed

with

the

same

electronic

record

as

its

input

making

it

computationally

infeasible




to

derive

or

reconstruct

the

original

electronic

record

from

the

hash

result

produced

by

the

algorithm


that

two

electronic

records

can

produce

the

same

hash

result

using

the

algorithm

https:// Secured Sites


TLS

/

SSL

(Secure

Socket

Layer

is

now

Transport

Layer

Security)

:

are

cryptographic

protocols

that

provide

security

for

communications

over

networks

such

as

the

Internet
.

TLS

and

SSL

encrypt

the

segments

of

network

connections

at

the

Transport

Layer

end
-
to
-
end
.


These

help

in

secured

data

flow/transactions

on

a

site
.

It

also

allows

to

check

for

hacking

or

unauthorized

intrusion

inside

the

web

network
.


The

TLS

protocol

allows

client/server

applications

to

communicate

across

a

network

in

a

way

designed

to

prevent

eavesdropping,

tampering,

and

message

forgery
.

TLS

provides

endpoint

authentication

and

communications

confidentiality

over

the

Internet

using

cryptography
.

TLS

provides

RSA

security

with

1024

and

2048

bit

strengths
.


In

typical

end
-
user/browser

usage,

TLS

authentication

is

unilateral
:

only

the

server

is

authenticated

(the

client

knows

the

server's

identity),

but

not

vice

versa

(the

client

remains

unauthenticated

or

anonymous)
.


TLS

also

supports

the

more

secure

bilateral

connection

mode

(typically

used

in

enterprise

applications),

in

which

both

ends

of

the

"conversation"

can

be

assured

with

whom

they

are

communicating

(provided

they

diligently

scrutinize

the

identity

information

in

the

other

party's

certificate)
.

This

is

known

as

mutual

authentication
.

Mutual

authentication

requires

that

the

TLS

client
-
side

also

hold

a

certificate

(which

is

not

usually

the

case

in

the

end
-
user/browser

scenario)
.

Unless,

that

is,

TLS
-
PSK,

the

Secure

Remote

Password

(SRP)

protocol,

or

some

other

protocol

is

used

that

can

provide

strong

mutual

authentication

in

the

absence

of

certificates
.


It also includes any new attempt to make security of
IT services stronger and fool proof. Authenticating
various actions taken on
-
line in a secured manner is
the key to it.


Ensuring Security


Security

The

security

features

incorporated

in

the

application

would

ensure

that

all

activities

are

logged,

no

unauthorized

person

has

access

to

data,

all

sensitive

data

is

encrypted

and

system

can

be

restore

in

a

minimal

possible

time

in

case

of

a

disaster

or

system

crash
.


Audit

Trail

The

Solution

has

to

be

so

designed

that

all

the

activities,

transactions

and

changes

in

configuration

are

logged

and

a

log

report

is

made

available

to

the

concerned

people
.

Further,

a

log

is

also

made

available

of

activities

at

the

database

level

thereby

ensuring

that

a

robust

audit

trail

is

always

available

of

all

the

activities

either

at

the

application

level

or

the

database

level
.


Data

Encryption

The

solution

supports

encryption

and

all

the

price

bids

received

against

a

tender

are

encrypted

at

the

database

level
.

Further,

the

login

passwords

of

all

the

users

and

the

suppliers

are

also

encrypted

at

the

database

level
.


Secure

Administrator

Access

To

prevent

an

administrator

from

misusing

his

access

privileges,

the

TMS

requires

two

level

password

verification

before

allowing

an

administrator

access

to

the

admin

module
.

The

first

password

is

provided

by

the

administrator

himself

and

the

second

password

is

provided

by

some

designated

senior

person

within

the

buying

organization
.

The

administrator

will

be

authenticated

on

advanced

technologies

using

biometrics
.


Process

Validation

The

Solution

has

to

be

so

architected

that

a

user

cannot

view

the

commercial

bid

of

a

supplier

till

the

technical

evaluation

of

the

tender

is

complete

and

the

date

&

time

specified

for

the

opening

of

the

commercial

bid

is

due
.


Secured

Socket

Layer

(SSL
)

Certificate

The

solution

would

use


SSL

Certificate

for

communication

between

the

browser

and

the

web

server
.

This

ensures

that

all

the

data

is

encrypted

and

cannot

be

hacked/misused

by

anyone


Unauthorized

Access

-

The

entire

solution

is

to

be

placed

behind

a

firewall

and

intrusion

detection

system

that

protects

it

against

unauthorized

access

and

hackers

Benefits of e
-
Procurement


It

is

a

web

based

process

to

manage

purchases

online,

across

the

entire

requisition

to

payment

cycle
.



A

comprehensive

e
-
procurement

system

typically

includes

three

components
:

information

&

registration,

e
-
purchasing

and

e
-
tendering
.



It

creates

specialized

networks

of

suppliers

on

the

internet

where

one

can

place

request

for

proposals

(RFP)/

post

tender

documents,

exchange

specifications

and

receive

bids

and

approve

quotations
.




It

enables

organizations

to

automate

their

purchasing

process

and

reduce

processing

costs
.




Organizations

can

now

have

access

to

new

strategic

partners,

uncover

new

suppliers

and

streamline

purchasing

processes

while

simultaneously

lowering

the

cost
.




Savings

on

money
,

time

and

labour

that

are

normally

wasted

on

sieving

through

reams

of

paper
.




Adopting

best

practices

which

are

common

all

across

stepping

ahead

to

make

a

globally

accepted

standard

and


setting


procurement

rules

as

per

government

rules

and

latest

orders

on

the

subject
.



It

also

captures

data

that

is

vital

for

creating

more

effective

strategic

supplier

management
;

it

also

produces

reports

on

product

use

and

supplier

performance
.


Thus

the

organization

is

rendered

more

efficient

and

more

productive
.




Centralizing

the

process

for

several

departments,

which

used

to

waste

the

same

time

and

money

on

procuring

similar/same

items
.

It empowers us with the
opportunity to simplify & streamline this process and thus harness
the power of the web to
ensure
savings for
organisations.