Web Conference Web Conference

onon

Global Dialogue on Technology Global Dialogue on Technology

Solutions Solutions

for for

E-ProcurementE-Procurement

Presented byPresented byVIDYADHAR MUTHYALAVIDYADHAR MUTHYALA

Project Manager,IT&C Department, Government of Andhra Pradesh, Project Manager,IT&C Department, Government of Andhra Pradesh, IndiaIndia

Government Procurement Processes

Preparation Execution Securities

Ordering & Payment

Pre-Qualification/Tendering

Catalogue

Reverse auctionPre-Qualification

Tracking Download Clarification Upload OpeningDisclosure

Iden

tific

atio

n of

nee

ds

Cal

l for

bi

ds o

r qu

otes

Sign

ing

of

cont

ract

Rec

eipt

of

prod

ucts

or

serv

ices

Exp

irat

ion

of

guar

ante

e

Pur

chas

e or

der

Contract Management

Tendering (Low Volume, High Value)

Purchasing (High Volume, Low Value)

Identify Supply Needs

Specify Requirements

Acquire Goods or Services

Manage Materials

Use, Disposeand Settle

Update Catalog ProvideSpecifications

Bid, ProcessOrder

MaterialsShipment

ProcessPayment

• e-Requisition• e-Approval• RFI, RFQ, RFP• Tenders

• Reverse Auction• e-PO• e-Release• e-Changes• e-Confirm

• e-documents:• ASN• Ship status• Receipt

• Supplier web report card

• e-Invoice• EFT

• Credit auth.• Debit auth.

• e-Credit/Debit

• e-Catalog• Pricing• Availability• Commit

• e-Configure

Buyer

Supplier

e-ProcurementProcesses

eProcurement Process spectrum

Standard e-GP system & Webpage V1.0

Standard e-GP system & Webpage V1.0

Technical Standards, Architecture, Functionalities & Interoperability

Technical Standards, Architecture, Functionalities & Interoperability

Procurement Law, Regulation & Policies

Procurement Law, Regulation & Policies

Procurement Documentation & Templates V 1.0

Procurement Documentation & Templates V 1.0

Civil Works Processes and Documents

Civil Works Processes and Documents

Products, Works, Services Codes & Identifiers V 1.0

Products, Works, Services Codes & Identifiers V 1.0

Procurement Training & Accreditation V 1.0

Procurement Training & Accreditation V 1.0

Standard systems & processes developed

and maintained nationally

State Governments Optional & Mandated

systems

State Governments Optional & Mandated

systems

National Ministries & Agencies

Mandated Systems

National Ministries & Agencies

Mandated Systems

AABB

DD

GGHH

KK

APAP

CC

Standard Model Approach

E-GP Functional Architecture

5

Suppliers/Bidders

External Service

Providers

Firewall PIX 515e

Internet Cloud

Gate Way router

Internet Data Centers

Servers

L3 Switch

L2 Switch

IDS

L3 Switch

Firewall PIX 515eFailover

VSNL MAN VSNL MAN

E-Procurement Infrastructure DiagramE-Procurement Infrastructure Diagram

E-Procurement Portal Infrastructure SetupE-Procurement Portal Infrastructure Setup

E-Procurement Portal Infrastructure SetupE-Procurement Portal Infrastructure Setup

Procurement Portal•All policies and regulations available•Request hardcopy of documents•Tenders Seek facility•Awarded & Archived contract information•e-documents: Ship status, Receipt

Components of a e-Procurement System

Supplier Registration•Centralized Supplier database•Single Window•Supplier query handling

Indenting•Indent Generation & Approval•e-Requisition•e-Approval

e tendering•Early Bid Advice•Bid Advertising•Bid/Tender Document Download•Bid Addendum Notification•Bid Clarification•Electronic Bid Submission•Bid Tracking•Bid Search

e- Auctions•Bid Registration •e-Bid Document Construction (EBDC)•Bid Lodgement System (BLS)

Catalogue based Procurement•Catalogue search facilities•e-Catalog

•Pricing•Availability

•e-Configure

Bid Evaluation•Auto Bid Evaluation System •Bid Workflow and Data Management •Bid/Contract award•Pending award tracking

e- payments•Online Payment •e-Invoice•National Electronic Fund Transfer•e-Credit/Debit

Contract Management•Online measurement book for works•Delivery monitoring•Payment triggers

MIS Report•Audit trails, access logs•Spend Analysis•Demand Aggregation•Supplier web report card

Approval workflow•Uploads documents and drawings•Digital signatures•RFI, RFQ, RFP•Procurement mechanisms

Requisition Generation

Requisition Approval

Cost Estimation

Requisition Consolidation

Requisition TenderRequisition Tender Bidding Evaluation Bidding Evaluation

Tender Purchase

Bid Submission

Pre-Qualification

Technical Evaluation

Commercial Evaluation

Award of Contract

Bidder ProcessBidder Process**

Tender Creation

Tender Approval

Tender Publishing

Corrigendum

Pre-Bid Meeting

Payment ofEMD

E-Procurement Solution: E-Procurement Solution: Tender ManagementTender Management

RequestRequest&&

SourceSource

BuyBuy &&

PayPay MonitorMonitor

Salient Features - TechnologySalient Features - TechnologyStandards: Application has been strictly developed under CMM-LEVEL 5 & ISO 9001-2000

Certified Software Development Process.

Scalability: Built on .NET framework, hence promoting a neat implementation and

modularity.

Deployment: Based on Microsoft standards

Security: The application supports PKI (Public Key Infrastructure) i.e. usage of Digital

Certificates for Data Encryption and Signing.

Integration with Legacy Systems: The modular architecture can support Connectors and

XML based Services

Maintainability: Application based on .NET framework promotes neat coding standards

making the code manageable

Creates Indent

Selects Items

Enters detailsMechanical Accessories

SparesDelivery Periods

Delivery Locations

Submits for Approval

Next approver Logs in & Checks for pending tasks

Next approver checks the indent & edits if required or

Submits for next approval

Final approver checks the indent & edits if required or

Approves the indent

Final approver Logs in & Checks for pending tasks

Initiator logs in & Checks for pending tasks

C

INDENT / NIT MODULE

C

Initiator Submits for Approval

Next approver Logs in & Checks for pending tasks

Next approver Checks the tender & edits if required or

Submits for approval

Final approver Checks the tender & Edits/rejects/Reviews if required or

Approves

Final approver Logs in & Checks for pending tasks

Final approver Publishes the Tender

Published in E-Procurement portal

Initiator creates TenderTechnical Parameters

are entered/addedTender Details are entered

Bidder logs in using Digital Signature Certificate

Enters Technical, Price bid details

Enters Commercial terms details & attaches required documents

Encrypts &Submits

The Price Bid

Submits the bid

BID SUBMISSION MODULE

Competent Authority logs in

Assigns tender activities to concerned officers)

Initiator Logs in & Completes PQ, Technical & Commercial Evaluation in a Sequential manner

& Submits for next approval

Next approver Logs in & checks PQ, Technical & Commercial Evaluation in sequence &

Submits for next approval

Tender Inviting Authority Checks the evaluation & rejects/reviews or approves the tender

Tender Inviting Authority Decrypts the Tender

Tender is awarded

BID EVALUATION MODULE

6,600 Users at peak hour

Hours No. of Hits No. of Users

09:00 - 09:59 646,166 3,989

10:00 - 10:59 1,267,730 6,253

11:00 - 11:59 1,619,146 6,686

12:00 - 12:59 1,754,186 6,300

13:00 - 13:59 1,499,177 4,896

Total for the day 16,658,745 69,884

Peak Load Statistics from a Live SitePeak Load Statistics from a Live SiteSeptember 2008September 2008

Scalable to High VolumesScalable to High Volumes 580 nos. of tenders closed on 04580 nos. of tenders closed on 04thth Sep 2008 Sep 2008

Security & Authentication

Secured Hosting facility

Web security• SSL technology• Firewalls, Anti Virus, IDS

Two factor authentication• Password• Digital Certificates: IT Act 2000

Bid encryption at data base- Asymmetric public key Cryptographic method.

Audit trail of each activity

Good backup policy

Security audit by independent third party

Time stamping

Access control systems

Web Security…

Secured Socket layer

• SSL ensures security to data packets while transit over internet

• 128 bit encryption of data

• Snooping eliminated.

• Web server Digital Certificate authenticates the ownership of URL

Fire walls to filter unwanted traffic

• Protects services from Denial of Service attacks

• Malicious attacks, worms

Web Security

Intrusion detection system

• All packets are scanned for intrusion activity and malicious packets are dropped before reaching the server.

OS patches updated automatically

Anti-virus

• Real Time Protection Mode

• Application scans all uploads for virus at client end.

• All I/O and uploads are scanned in real time

• Cleans virus or quarantines infected files

• Updates signatures automatically

Two factor authentication

Single Factor (Password) authentication is weak and does not address repudiation issue. Hence, Two Factor Authentication is mandated in E-Procurement portal.

Mandatory Digital certificate authentication for secured login to the system

Digital certificates• Issued by CA authorized by CCA (Controller of Certifying

Authority), India• CA establishes trust chain• Class 2 certificates are issued after validating with documented

data base.• Certificate keys generated in pairs one is made public and other

is private

Bid encryption – Asymmetric public key cryptographic method

The Tender Inviting Authority publishes his public key at the time of NIT (Notice Inviting Tender)

Bidder signs the bid with his Digital Signature Certificate at the time of bid submission

The bid data is encrypted with a random key and random key is encrypted with public key of TIA (Tender Inviting Authority) and stored in data base.

At the time of bid opening the TIA decrypts the random key with his private key

Thank youThank youThank youThank you