e-Procurement Integrity Matrix

(Encompassing some Security/ Transparency

and related Functionality Issues
in
e-Tendering/ e-Procurement
for ensuring Integrity at Application level)

V-2

Courtesy: Transparency International India (TII)

Page 1 of 23
 e-Procurement Integrity Matrix
(encompassing some Security/ Transparency and related Functionality Issues
in e-Tendering/ e-Procurement for ensuring Integrity at Application level)

Preamble:

e-Tendering or e-Procurement is the emerging method for doing Public Procurement

using the internet. While e-tendering is expected to bring greater efficiency in the
procurement process, adequate precautions have to be taken by the Government entity
(which will be performing the task of the Buyer or Purchaser) to ensure that security and
transparency are not compromised in any way while adopting the new internet based
procurement methodology. For this, it is important that the Government entity selects an
e-tendering software or system, which has taken into consideration various security
and transparency related concerns.

In view of the dearth of awareness about the intricacies of e-tendering, and to ensure
that the due diligence by the Government entities is done in a consistent manner, e-
Procurement Integrity Matrix is being provided herein. This matrix brings out the
concerns relating to Security, Transparency and Functionality in e-tendering at the
application level that must be effectively addressed by the e-Tendering solution a
Government entity chooses to use or deploy. The matrix does not intend to prescribe
any specific solution.

While procuring software and/ or services for e-tendering, each Government entity
should ensure that the e-tendering software or services offered by vendors satisfactorily
address the concerns outlined in the matrix, and is fully compliant with the requirements
of this Matrix. The assertions made by the vendor in his bid should be verified through
taking a comprehensive demonstration of the software, and doing related due-diligence
before selection of the vendor. This should be the main eligibility criteria. No other
eligibility criteria should take precedence over the security, transparency and other
requirements outlined in this Matrix.

Sensitive organizations, eg Defence organizations, may consider avoiding use of

e-tendering services through external service providers. Such organizations can
procure e-tendering software with the outlined functionality, and then build, host,
manage and operate their own e-tendering portals.

The e-Procurement Integrity Matrix has been reviewed and validated by leading
Industry/ IT-security experts.

[TII has the permission from its member and the original author, Mr Jitendra Kohli, who is a pioneer and an
innovator in the area of e-tendering for public procurement, to reproduce this work for the benefit of all
organizations and Governments of various countries.

Mr Jitendra Kohli has not given permission for reproduction of his work for commercial gains.

Mr Jitendra Kohli wishes to acknowledge Prof. Pandu Rangan (Professor of Computer Sciences at IIT
Chennai, and a leading cryptography expert) for inspiring him to create the original work]

© Jitendra Kohli

Page 2 of 23
 e-Procurement Integrity Matrix
(encompassing some Security/ Transparency and related Functionality Issues
in e-Tendering/ e-Procurement for ensuring Integrity at Application level)

(Response/ Clarifications should be sought in the format delineated below, from

each bidder who bids for providing e-Tendering (or e-Procurement) System
(Software/ Services)

Important Note:

While inviting bids for e-tendering software/ services, vendors must be asked to furnish
their response to this matrix. Response to each issue/ concern/ requirement mentioned
in this matrix/ questionnaire should be based on the current availability of these features
in the vendor’s e-tendering application software. They should not make assertions
merely by looking at the matrix/ questionnaire. The vendors should be able to prove that,
as on the date of the submission of bids, the e-tendering application software being
offered by them had the required features/ functionality as being confirmed by them in
the response to the matrix. Some relevant Eligibility/ Qualifying Criteria are outlined in
section VIII of this matrix.

(I)
General:

S# General Requirements Confirmation that the offered

System complies with these
requirements
1. While changing over from ‘manual tendering process’ to
‘e-tendering process’, the basic principles of manual
public procurement as given in General Financial Rules
(GFR) of the Govt of India, the Finance Ministry
Guidelines, Guidelines of the Central Vigilance
Commission (CVC), the basic Legal, Security and
Transparency related requirements and corresponding
procedures should not be compromised in the e-tendering
processes. In this regard, and especially in respect of
transparency and security related requirements, the e-
tendering processes should be at least as good as the
manual tendering processes, and if possible better.
2. Depending upon the circumstances of a tender and the
related guidelines, any one of the multiple bidding
methodologies as outlined in section VI (6) of this matrix
may be adopted. The e-tendering system must effectively
cater to all these possibilities without compromising
security and transparency in any manner at any stage,
for any bid part (such as Pre-qualification, Technical,
Financial), while keeping in view the concerns
outlined in sections II, III and IV of this matrix..

Page 3 of 23
 (II)
Concerns relating to Implementation of e-Procurement Systems using PKI-based Bid-
Encryption (ie a system in which Public Key of a Tender-Opening Officer or of any other officer
of the purchase department, or of any person from the service provider’s organization) is used
for bid-encryption, and corresponding Private-Key used for Decryption

Assumptions:

a) In this section it is assumed that bids are encrypted at the bidder’s computer with public-
key as mentioned above, and the encrypted bids, with additional SSL encryption, reach
the e-tendering server through file-upload and/ or filling of online-forms.

Some related Ground Realities (GRs):

The following ground realities have to be kept in view while addressing the concerns listed in the
table given below and while validating the security and transparency aspects of e-tendering
systems.

a. For secure and transparent functioning of the e-tendering system, it cannot be assumed
that there will never be any ‘black sheep’ in the Purchase organization (ie Buyer
organization)
b. For secure and transparent functioning of the e-tendering system, it cannot be assumed
that there will never be any black sheep in the e-tendering Service Provider’s
organization
c. While all efforts must be made to ensure that no spyware is put in the server which can
make clandestine copies of a file or data (encrypted or unencrypted) being uploaded to
the server, and then sending this clandestine copy to a secret destination, the possibility
of such spyware being planted in the web-server cannot be totally ruled out. This
undesirable eventuality could occur due to connivance of the administrators of the
Service Provider, or even through remote injection. For secure and transparent
functioning of the e-tendering system, it cannot be assumed that there will never be such
a possibility of the spyware being planted in the e-tendering server. In this context,
reported occurrences in the last few months (during the year 2008) of spyware being
planted in the servers of the World Bank and the Ministry of External Affairs (Govt of
India) are noteworthy.
d. If the spyware is planted at the kernel level, there may not be any audit trail.
e. Audit Trails (both application level, and Operating system level) are essentially reports.
To that extent it is possible to fudge these. Also, other than application-level audit trail
reports, the other audit trail reports can be quite complex and impractical to analyze for
ongoing operations of this nature. In spite of this, audit trail-reports are useful and should
be there as supporting evidence. However, in a sensitive application of this nature, audit
trails cannot be depended upon as the sole protection against any malafide act.

S# Typical Implementation Concern/ Implication in Has the concern been If ‘Yes’ has
Practices/ Ground e-tendering addressed in the been said in
Realities/ some PKI offered system the previous
Aspects column,
Yes/ No/ N.A. explanation
of how it
has been
done
1. Private Key with 1a. If a clandestine copy of a bid
which decryption is is made as described under GR-
done, is available (c) above before the ‘tender
with the concerned opening event (TOE)’, and if the
officer before the concerned tender-opening officer

Page 4 of 23
 Public Tender (TOE-officer) connives in
Opening Event decrypting the bid before the
TOE, the confidentiality of the bid
is compromised.

1b. The above concern with the

difference that the copy of the bid
is made with the connivance of
the Database Administrator
(DBA).

1c. If the concerned TOE-

officer(s) is/ are absent during the
TOE, how will the bids be
decrypted especially keeping in
view that the private-keys should
not be handed over to anybody
else.
2. Public Key with 2. The easy availability of
which bid-encryption the public key makes the data
is done, is available encrypted with it vulnerable to
publicly. ‘Chosen Plaintext Attack’.
3. Public Key 3. As a result many e-
algorithms are slow. tendering systems which use PKI
for bid-encryption, use mainly an
encrypted online-form for bid
submission, and do not have
facility for an encrypted detailed
bid (eg detailed technical bid as a
file), along with the online form.
As a result, the detailed bid is
either not submitted, or it is
submitted in unencrypted form.

(III)

Concerns relating to situations where bids before being transmitted from the bidder’s
computer are protected with only SSL Encryption, and Database-level Encryption is done
before the bid is stored in the Database Server

Some related Ground Realities (GRs):

The following ground realities have to be kept in view while addressing the concerns listed in the
table given below, and while validating the security and transparency aspects of e-tendering
systems.

a. For secure and transparent functioning of the e-tendering system, it cannot be

assumed that there will never be any ‘black sheep’ in the Purchase organization
b. For secure and transparent functioning of the e-tendering system, it cannot be
assumed that there will never be any black sheep in the e-tendering Service
Provider’s organization
c. While all efforts must be made to ensure that no spyware is put in the server which
can make clandestine copies of a file or data being uploaded to the server, and then
sending this clandestine copy to a secret destination, the possibility of such spyware

Page 5 of 23
 being planted in the web-server cannot be totally ruled out. This undesirable
eventuality could occur due to connivance of the administrators of the Service
Provider, or even through remote injection. For secure and transparent functioning
of the e-tendering system, it cannot be assumed that there will never be such a
possibility of the spyware being planted in the e-tendering server. In this context,
reported occurrences in the last few months (during the year 2008) of spyware being
planted in the servers of the World Bank and the Ministry of External Affairs (Govt of
India) are noteworthy.
d. If the spyware is planted at the kernel level, there may not be any audit trail.
e. Audit Trails (both application level, and Operating system level) are essentially
reports. To that extent it is possible to fudge these. Also, other than application-
level audit trail reports, the other audit trail reports can be quite complex and
impractical to analyze for ongoing operations of this nature. In spite of this, audit
trail-reports are useful and should be there as supporting evidence. However, in a
sensitive application of this nature, audit trails cannot be depended upon as the sole
protection against any malafide act.

S# Typical Implementation Concern/ Implication in Has the concern been If ‘Yes’ has
Practices/ Ground e-tendering addressed in the offered been said in
Realities system the previous
column,
Yes/ No/ N.A. explanation of
how it has
been done
1. Assuming that ‘only 1a. If a clandestine
SSL encryption’ is copy of a bid is made as
applied to a bid while described under GR- (c)
it is being transmitted above in the interim
from the bidder’s period which would be
computer to the before the ‘tender
server, it is a fact the opening event (TOE)’,
role of SSL and if the administrator
encryption is limited connives, the
to the transmission confidentiality of the bid
phase (ie is compromised.
transportation to the
server), and that on 1b. The above concern
reaching the server with the difference that
the SSL encryption is the copy of the bid is
removed. The bid is made with the
now presumably connivance of the
encrypted again with Database Administrator
PKI or Symmetric (DBA) and decryption
Key. Albeit small, done in connivance with
there is an ‘interim the person holding the
period’ before the bid decryption key.
is encrypted again. In
the interim period the
bid is actually in an
unencrypted state
and to that extent
vulnerable.

Irrespective of
whether PKI or
Symmetric Key is

Page 6 of 23
 used for encryption at
Database-level, the
encrypting key is
available/ accessible
to some officer of the
purchase
organization, or an
administrator of the
e-tendering Service
Provider, or the DBA.

The above issues

exist irrespective of
whether only select
data is encrypted, or
the entire database is
encrypted.

(IV)
Clarifications about Symmetric-Key based Bid-Encryption done at the Bidder’s Computer

S# Clarification Sought Response

1. While bidders’ representatives should
be welcome during Online Public
TOE, it should not be mandatory for
them to be present if their bids are to
be opened. Please confirm
2. Explain how the security of the
symmetric key (ie the key used for
encryption of each bid-part) is
ensured, between the period of bid-
submission and the Online Public
TOE, keeping in view the concerns
outlined in section II above.
3. It should be possible for a bidder to
have different keys for bid-encryption
of each bid-part (such as Pre-
qualification, Technical, Financial)
he submits. Please confirm.

NOTE: If the Bid-Encryption process used in the offered e-tendering/ e-procurement software is
not covered by any of the sections II, III and IV above, please provide detailed explanation of
how it is done in a secure manner, while keeping in view the various concerns outlined in
sections II, III, and IV above.

Page 7 of 23
(V)
Concerns/ Clarifications based on s-42(1) of the IT Act 2000 relating to Digital Signatures,
a User Organization’s Administrative Hierarchy, and some related aspects

Note: Some other aspects of the IT Act 2000 are indirectly covered in Section-VI of this matrix.
S# Clarification Sought Response

1. In any large Government or PSU

Purchase organization, there can be
multiple indenting departments,
multiple tendering authorities (ie
entities which can invite tenders in
their name), and tens (and
sometimes hundreds) of officers
involved with different activities
relating to various tenders.
A situation should not arise in the e-
tendering system where due to
limitation of the e-tendering
system, these departments and
officers are not able to themselves
execute their duly assigned roles as
in the manual process, and are
constrained to re-assign/ abdicate
their roles and responsibilities to a
few tech-savvy technicians or the
personnel of the service-provider of
the e-tendering system.

Please confirm that:

a) No such limitations exist in
the offered e-tendering
system, and the system
supports multiple
departments and a
comprehensive hierarchy of
officers which is such that
each officer can continue to
perform his/ her tendering
related role in a secure
manner with full
accountability, and with no
need for any re-assigning of
responsibilities. It is being
clarified that the objective
here is not to provide a full-
fledged virtual office to the
officers, but to provide
adequate facilities within the
application for multiple
officers of multiple
departments to carry out their
respective tendering related
activities with proper security
and full accountability. Roles
relating to various tendering

Page 8 of 23
 activities within each
department, and which could
vary from tender to tender,
would inter alia include –
deciding methodology and
rules pertaining to a particular
tender, creation of tender
notice, approval/ rejection of
tender notice, creation of
corrigendum, approval of
corrigendum, creation tender
document forms, approval of
tender document forms,
overall approval/ rejection of
tender documents, providing
responses to clarification of
tender documents, uploading
minutes of pre-bid meeting,
one or more officers
conducting public online
tender opening event (TOE),
approving minutes of the
public online TOE, short-
listing responsive bidders for
the next stage (where
applicable), managing roles
of various personnel, and
assigning alternative
personnel in case the original
assignees are absent, etc.
b) The offered e-tendering
system has facility, such that
roles with conflict of interest
can be offered to different
persons within the
organization, so that conflict
of interest is avoided.

c) There should be one

authorized person as an
overall coordinator and
representative of that
organization in the e-
tendering system, with
powers to delegate different
roles to different users from
time to time, and all such
role-changes must be audit-
trailed in the application. The
credentials of this overall
coordinator must be verified.

d) There should be provision for

having separate authorized
user (at the corporate level of

Page 9 of 23
 each Buyer organization, ie
external to its tendering
departments) who can
access the application-level
audit-trail (ie audit-log)
reports. Other users of the
organization should not have
access to these reports.

e) Under no circumstances will

it be required for any officer
to hand over his/ her private-
key (used for digital-signing,
or bid-decryption if applicable
in the offered system) to
anyone else – within the
organization, or to anyone in
the service provider’s
organization, or to anybody
else.

Note: The above is

necessary for compliance
with s-42(1) of the IT Act
2000.
2. In any large Supplier/ Vendor
organization, there can be multiple
sales departments which can bid for
different tenders. Also within each
such department there can be many
executives involved with different
activities relating to various tenders.
A situation should not arise in the e-
tendering system where due to
limitation of the e-tendering
system, these departments and
executives are not able to themselves
execute their duly assigned roles as
in the manual process, and are
constrained to re-assign/ abdicate
their roles and responsibilities to a
few tech-savvy technicians or the
personnel of the service-provider of
the e-tendering system.

Please confirm that:

a) No such limitations exist
in the offered e-tendering
system, and the system
supports multiple
departments and a
comprehensive hierarchy
of executives which is
such that each executive
can continue to perform
his/ her tendering related

Page 10 of 23
 role in a secure manner
with full accountability, and
with no need for any re-
assigning of
responsibilities. It is being
clarified that the objective
here is not to provide a
full-fledged virtual office to
the executives, but to
provide adequate facilities
within the application for
multiple executives of
multiple departments to
carry out their respective
tendering related activities
with proper security and
full accountability. Roles
relating to various
tendering activities within
each department, and
which could vary from
tender to tender, would
inter alia include –
procuring tender
documents and related
addenda, seeking
clarification to tender
documents, preparation
and submission of various
bid parts, attending public
online tender opening
event, managing roles of
various personnel, and
assigning alternative
personnel in case the
original assignees are
absent, etc.
b) The offered e-tendering
system has facility such
that roles with conflict of
interest can be offered to
different persons within
the organization so that
conflict of interest is
avoided

c) There should be one

authorized person as an
overall coordinator and
representative of that
organization in the e-
tendering system, with
powers to delegate
different roles to different
users from time to time,
and all such role-

Page 11 of 23
 changes must be audit-
trailed in the application.
The credentials of this
overall coordinator must
be verified.

d) There should be
provision for having
separate authorized user
(at the corporate level of
each Supplier
organization, ie external
to its sales departments)
who can access the
audit-trail (ie audit-log)
reports of the application.
Other users of the
organization should not
have access to these
reports. Even the user
authorized for audit trails
should not have access
bid-submission data till
the tender-opening-event.

e) Under no circumstances
will it be required for any
executive to hand over
his/ her private-key (used
for digital-signing, or bid-
encryption/ decryption if
applicable in the offered
system) to anyone else –
within the organization,
or to anyone in the
service provider’s
organization, or to
anybody else.

Note: The above is

necessary for compliance
with s-42(1) of the IT Act
2000.
3. There could be occasions when an
authorized officer of a Purchase/
Buyer organization is on leave, gets
transferred, resigns or his/ her
services are terminated. One
example where such an eventuality
may arise is if the public key of the
tender opening officer is used for bid
encryption, and his private key
required for bid decryption during the
online tender opening event. There
should be no requirement in the e-
tendering system which may

Page 12 of 23
 necessitate that the private key of
such an officer be handed over to
anybody else for the scheduled
tendering processes to continue
uninterrupted. Please explain how
this is achieved.
4. There could be occasions when an
authorized executive of a Supplier/
Vendor organization is on leave, gets
transferred, resigns or his/ her
services are terminated. There
should be no requirement in the e-
tendering system which may
necessitate that the private key of
such an executive be handed over to
anybody else for the scheduled
tendering processes to continue
uninterrupted. Please explain how
this is achieved.
5. No new digital signing, or login (in
case private key is used for such
purpose in the offered e-tendering
system) should be allowed in the e-
tendering system with a key whose
digital certificate has expired.

However, even if the digital certificate

has expired, it should be possible to
decrypt any data (which was earlier
encrypted using the public key when
it was still valid), and similarly it
should be possible to verify a digital
signature with an expired key (if the
signature was affixed earlier when the
key was still valid). Please confirm.

(VI)
Some Other Functionality/ Security/ Transparency related Requirements of a Manual
Tendering System and Conformance its Availability in the Offered E-Tendering system

S# Some Other Functionality/ Requirement of Corresponding Conformance in the

Security/ Transparency related
Requirements of a Manual
Tendering System
1. A Tender Notice is issued
after internal clearance.
Once a Tender Notice is
published in a newspaper, it
become an authentic record.
facility/ feature in e-tendering offered System
system
a) At a higher level, there
should be clearance (which
is audit-trailed within the
application and digitally
signed) before a Tender
Notice is issued.
b) For authenticity and for
assurance that it has not
been tampered, the
electronic Tender Notice

Page 13 of 23
 (which is an electronic
record), should have an
audit-trail within the
application of its creation/
approval/ posting. Also, the
tender notice should be
digitally signed by an
authorized officer of the
Purchase/ Buyer
organization.

Please confirm.
2. A Corrigendum is issued c) At a higher level, there
after internal clearance/ should be clearance (which
approval. Once a is audit-trailed within the
Corrigendum to a Tender application and digitally
Notice is published in a signed) before a
newspaper, it becomes an Corrigendum is issued.
authentic record. d) For authenticity and for
assurance that it has not
been tampered, the
electronic Corrigendum
(which is an electronic
record), should have an
audit-trail within the
application of its creation/
approval/ posting. Also, the
Corrigendum should be
digitally signed by an
authorized officer of the
Purchase/ Buyer
organization.

Please confirm.
.
3. Once Tender Documents
are published, and sold with
official receipt and serial no.
for each copy sold, these
become an authentic record.
a)For authenticity and for
assurance that it has not
been tampered, the
electronic Tender
Documents (which is an
electronic record), should
have an audit-trail within
the application of its
posting. Also, the Tender
Documents should be
digitally signed by an
authorized officer of the
Purchase/ Buyer
organization.
b) At the time of online sale/
downloading of the tender
documents, official serial
number should be given
along with the receipt.

Please confirm.

Page 14 of 23
4. An Addendum is issued after
internal clearance/ approval.
Once Addendum to Tender
Documents are published,
and distributed, these
become an authentic record
5. Clarification of Tender
Documents. In response to a
bidder’s query, an
authorized officer of the
Purchase/ Buyer
organization responds to the
querist with a copy to all
other prospective bidders
who have purchased tender
documents (without
revealing the identity of the
querist). The response is
signed by the concerned
officer for authenticity.
Pre-Bid meeting. The
minutes of the Pre-bid
meeting are signed for
authenticity by an authorized
officer of the Purchaser/
Buyer organization and
made available to the
prospective bidders.
6. Bid Methodologies/ Formats:
Depending on the
circumstances and nature of
a tender, one of the many
bidding methodologies may
be prescribed by a Buyer,
and the bidder would have to
a) At a higher level, there
should be clearance (which
is audit-trailed within the
application and digitally
signed) before an
Addendum is issued.
b) For authenticity and for
assurance that it has not
been tampered, the
electronic Addendum
(which is an electronic
record), should have an
audit-trail within the
application of its approval/
posting. Also, the
Addendum should be
digitally signed by an
authorized officer of the
Purchase/ Buyer
organization.
Please confirm.
The e-tendering system should
also have such a facility with all
the functionality as described in
the previous column. For
authenticity and for assurance
that it has not been tampered,
the response from the
authorized officer of the
Purchase/ Buyer organization
should be digitally signed by
him.
The e-tendering system should
also have such a facility with all
the functionality as described in
the previous column. For
authenticity and for assurance
that it has not been tampered,
the Minutes should be digitally
signed by an authorized officer
of the Purchaser/ Buyer
organization.
The e-tendering system should
support all the bid-
methodologies/ formats viz a,
b, c, d, e, f, g, h listed in the
previous column without
sacrificing any aspect of
security and transparency
including those listed
Page 15 of 23
 respond accordingly. elsewhere in this matrix/
questionnaire.
a) Single-stage, single-
envelope
b) Single-stage, two-
envelope
c) Two stage (with
facility for
‘technical
conformance’, and
if required, ‘revised
tender
documents’)
d) Two-stage, two-
envelope
e) Where required, the
above may be combined
with a Pre-qualification
stage
f) In some cases, the
Purchaser may allow
submission of one or
more Alternative bids
g) Each bid part (eg
technical, financial) may
be required to be
submitted in a
‘summary format’ along
with a ‘detailed bid’.
The latter could be a
large file.
h) After having
submitted the ‘original’
bid for each bid-part, a
bidder has a right to
submit:
- ‘Modification’ bid
- ‘Substitution’ bid
Or ‘Withdrawal’ bid for
all his bid-submissions.

7. Signing of each page of The e-tendering system should

each bid part
(prequalification, technical,
financial) especially the
‘summary format’ and the
‘detailed’ bid including
modification, substitution,
withdrawal.
The bids are deposited
securely in a locked tender
box, and stored securely till
have the corresponding
facilities without sacrificing any
aspect of security and
transparency including those
listed elsewhere in this matrix/
questionnaire.
- It should not be
possible to open the ‘e-
tender boxes’ till the
specified time has occurred

Page 16 of 23
 the box is opened during the
public tender opening event.
or elapsed, and till all the
authorized Tender-Opening
Officers have formally
instructed the system to do
so with PKI-based Digital
Signatures

- Till the Public Tender

Opening Event, security
related features should be
such that the contents of
the bids which are being
stored cannot be
‘accessed and decrypted’
by even the authorized
officers of the Purchaser/
Buyer or the
Administrators of the
Service Provider (even if
they wish to do so with
malafide intentions).

8. Public Tender Opening Facility for the authorized

Event(s) [Public TOEs] personnel to conduct Public
Online Tender Opening Event
For Transparency, there is with Bidders attending from
an elaborate procedure for remote locations electronically
opening of bids in the with full security procedures.
presence of authorized Tender-Opening Event should
bidders. A few salient be simultaneously viewable by
aspects of this are: all attendees from their
respective locations
a) Authorized
representatives of The e-tendering system should
bidder organizations support all the salient aspects,
who have submitted viz a, b, c, d, e, f, g, h, i as
their bids are entitled listed in the previous column
to be present and without sacrificing any aspect
have to sign in their of security and transparency
attendance. including those listed
b) Each bid is opened elsewhere in this matrix/
one at a time in front questionnaire. As soon as a bid
of the participating is opened, participating bidders
bidders, and the should be able to
concerned bidder is simultaneously download the
entitled to satisfy salient points (ie the summary
himself that his bid information) of the opened bid.
packet is intact and
has not been For (j) keeping in view the
tampered with. nature of the internet, such
c) If Bid security bids may be archived
[earnest money unopened.
deposit (EMD)] is
applicable for a Note: In addition, in cases
tender, then details where some bidders have bid
of the EMD offline (ie manually), and this

Page 17 of 23
 submitted, or has been allowed, then the
exemption claimed following should be ensured:
with basis thereof is
disclosed to the - That the offline bids
participants. are opened first and
d) Salient points of their salient points
each opened bid are entered into the system
read out aloud for before the online bids
the benefit of the are opened. This is all
participating bidders, done in the presence
and to ensure that of the online bidders
no change is made who are
in the bid contents simultaneously
later on with witnessing this
connivance. exercise.
e) Clarifications may be - The compiled/
sought from a bidder integrated data of the
whose bid has been both the online and
opened and record offline bidders should
is made of the query be made available in
and the response. the form of an online
f) Each page of the comparison chart to all
opened bid is the participants.
countersigned
during the TOE itself
(by each tender
opening officer
(typically up to 3) to
ensure that no
change is made in
the bid contents later
on with connivance.
g) After all the bids are
opened and
countersigned by the
TOE-officers, the
minutes of the
meeting (ie TOE)
are to be recorded.
h) Each bid part may
be opened in a
separate tender
opening event in
which only the
authorized bidders
are allowed. This is
supposed to be
done in a very
transparent manner
with proper
scheduling of events
and proper
information to the
concerned bidders.
i) Bid parts which are
due for opening in a

Page 18 of 23
 subsequent tender
opening event are
securely stored till
that event.
j) If in a particular
TOE, it is decided
not to open the bid
of a bidder, then
such bids are
returned opened.

(VII)
Concerns/ Clarifications relating to preventing other Bidders from Bidding in the
e-Tendering Scenario, and Miscellaneous Concerns/ Clarifications

S# Concern/ Clarification Sought Response

1. a) Can the e-tendering prevent

competitors/ tender mafia from
locking the accounts (target
accounts) of other users/ bidders by
deliberately entering incorrect
authentication information against
user-names (which are not secret) of
such bidders/ users?
b) If so, how ?
2. For security reasons, Administrators
of the e-tendering application/ portal
should not have any access to the
passwords of the various users.
Neither should the Administrators be
able to generate passwords for the
users. Please explain how this is
achieved.
3. The Forgot Password feature should
not be based on some questions and
answers which can be guessed by a
competitor/ hacker. Please explain
how this is achieved.
4. There should be facility for
Comprehensive Electronic Audit-Trail
(ie Audit-Log, or Vigilance Reports)
within the application with provision
for Archiving.

Specifically:

i) There should be audit trail

reports for -- each tender of
each Buyer organization, as
well as, non-tender specific
activities (like creation of

Page 19 of 23
 user-hierarchy and role
authorization), which is
viewable only to the
authorized user of that Buyer
organization. Other users of
the organization should not
have access to these audit
trail reports.
ii) Similarly, there should be
audit trail reports for -- each
tender of each Supplier/
Bidder organization, as well
as, non-tender specific
activities (like creation of
user-hierarchy and role
authorization), which is
viewable only to the
authorized user of that
Supplier organization. Other
users of the organization
should not have access to
audit trail reports.
iii) As backup, and as protection
against tampering of audit-
trail reports saved by an
individual organization at its
end, facility should be
available for the authorized e-
procurement application
administrator to have parallel
access to such reports of
both Buyer organizations, as
well as, Supplier
organizations. Furthermore,
information pertaining content
of bids and Bid Submission
[which is sensitive till the
Tender-Opening Event
(TOE)], should not be
accessible to the e-
procurement application
administrator till the start of
the TOE.
iv) The authorized administrator
of the e-procurement/ e-
tendering application should
also have access to audit trail
reports of other
administrators within the
application.
v) The application should not
provide any facility to modify
or delete audit logs, or
suspend logging operations

Please explain how this is achieved.

Page 20 of 23
5. There should be facility for Reports
relating to Tendering-Activities, and
corresponding MIS Reports which are
accessible to the relevant authorized
users of that organization.

Please confirm.

6. As required in a CVC order, the e-

tendering system should have facility
for displaying ‘Award of Contracts’.

7. As mentioned in section-V, it is
important that officers of a Buyer
organization involved in procurement
related activities continue to perform
their related roles without re-
assigning or abdicating
responsibilities. A pre-requisite to
enable officers to perform their roles
is the existence of comprehensive
virtual hierarchy and role-
authorization as outlined in the above
sections.

Another requirement to enable this is

that e-Tendering Systems must
design their user interfaces to be
"user friendly", and that all
information that the user needs to
perform each transaction is available
easily and clearly from the screen
itself. Please clarify how this is
achieved.

8. The e-Tendering application must

be designed, developed and
deployed using reputed and
secure platforms such as --
.DotNet, J2EE etc, that minimize
defects like bugs and
vulnerabilities. It is important to
ensure that during deployment,
only compiled codes of the e-
tendering application software are
used, with further protection to
prevent run-time modifications in
the code. Please clarify how this is
achieved.
9. It should not be possible to
compromise the security of the e-
tendering application, even with
knowledge of its architecture,
design and encryption algorithm

Page 21 of 23
 used. Please clarify how this is
achieved.

(VIII)
Concerns/ Clarifications relating to Bidders making false assertions based on non-
existing functionality in their e-tendering software (Important Eligibility/ Qualifying Criteria)

S# Concern/ Clarification Sought Response

1. References may be given of various
clients who have used the e-
tendering software before the date of
submission of bids. Such references
should state whether or not the e-
Tendering software supplied to each
reference client was capable of
handling each of the following
requirements: composite technical &
financial bids (single stage- single
envelope); technical and financial
bids in separate envelopes (single
stage- two envelope); single stage
two envelope preceded by pre-
qualification.

The e-tendering software for which

references are given should be
compliant with assertions made while
responding to this matrix. In other
words, references should not be
given of those clients and tenders
where some earlier version of the
software (lacking the functionality as
required in this matrix) was offered by
the e-tendering vendor.
2. For qualifying, Bidder should be
ready to give a comprehensive
demonstration of the software to the
evaluating team/ committee. The
e-tendering software which is
demonstrated should be in
accordance with assertions made
while responding to this matrix.
3 Reference should be given of all third
party audits conducted on the
software by empanelled third-party
consultants of ‘Cert-In’, or any other
CISA certified auditors

Note (For Government Entities, which as Buyer/ Purchaser, are planning to procure e-
procurement/ e-tendering software/ services): To encourage competition and new vendors of e-
procurement/ e-tendering software/ services, the Government entity may consider new vendors

Page 22 of 23
if they can authentically demonstrate (with verifiable written proof which can be independently
audited), the availability of software with them which is adequately tested , and satisfactorily
addresses the concerns outlined in this matrix.

V-2

Page 23 of 23