You don't have to worry about the security of your Login ID/Password, as it gets hashed first & then it is stored in the database, unlike other websites where it is saved in a readable format. From hashed password (message digest), one can't decipher the original password, and this makes login credentials fool proof. SHA256 algorithm is used to hash your password, which is the global standard & also recommended in IT Act 2000 of India.
You are assured to 100% full proof security as transactions are enabled on 256 bit SSL secured website. This ensures that all data transactions between server & client computers will always flow in an encrypted manner. A hacker can never snoop at your data in transit, thus guaranteeing you utmost confidentiality & security. This is also a mandatory compliance for all government organizations.
If you are looking for an enhanced level of security then you can opt for our dual authentication feature. Apart from user ID & password authentication, system also verifies if user is holding a valid digital certificate (DC) at the time of Login. As DC is stored in a client's machine, impersonating becomes an impossible task. This security feature is mandatory for every Government organization.
What if after the sourcing event is over, bidder refuse to honour his bid by quoting an excuse that he didn't submit the bid in the first place? Such situation can be avoided by digitally signing the bids. It is mandatory under Indian law for all directors of partnership, private & public limited companies should have digital certificate. Same certificate can be used for signing the bids. This will make all transactions legally valid and irrefutable.
If bidder's bids are stored in a clear text format on eProcurement website, then their system administrator can always read the data. Hence it's recommended that the data be encrypted using buyer's digital certificate. Without having access to buyer's digital certificate, no hacker or software can decipher the encrypted bids. We highly recommend you that you should go for encryption algorithm which gives you the power/key to decipher your bids.
To ensure you get added level of transparency, we provide you a complete audit trail of events. You'll also get access to all the logs, such that event can be recreated & it can be established that no manipulation was done during the auction. We even extend our support to 3rd party auditor that you appoint for independent investigation. We track user's IP, date & time of access and activities like read, add, edit, delete, etc. to give auditors insight to as what all happened.
If you opt for a digital certificate (DC) based encryption, then the data can only be deciphered with your DC's private key. If for some reason you are not available on any given day, than the entire process will come to a halt. However if you can opt for multiple DC encryption where bids are encrypted by a common key generated using 2 or more DC, then any authorized users can open the bid, provided their DC was used in generating that common key.
You can always stay a step ahead of the cartel. If few bidders try to form a cartel with an intention to outsmart the system & try to submit a bid from one location, then you can easily catch them through their IP address, as IP of each & every bidder is stored for the security purpose. IP based restrictive access can also be provided in case of high value transaction. Single transaction exceeding US$ 10 Mn should be enabled with IT restriction.
You can control the roles & rights of each & every user in your organization using this feature. Roles & Rights can be segregated module by module i.e. event creation, monitoring, reports, payments, etc. such that every key person in your organization can be involved in a procurement process. Moreover work flow to process the file/information can also be mapped to the system so that it mimics your organization's hierarchy.