Presentation on theme: "Bangladesh: Introducing"— Presentation transcript:
1 Bangladesh: Introducing e-Government Procurement (e-GP)Abdus Sobhan SikderSecretary, IMED, MOPAmulya K DebnathDirector General, Central Procurement Technical Unit(Washington D.C.; December 10, 2008)
2 Session Key Parts Legislations e-GP readiness & Implementation Status Expected OutcomesChallenges
3 Legislations IT Act 2006 in place IT Rules (at approval stage) E-GP provisions in Public Procurement Act (PPA) & Public Procurement Rules 2008 (PPR)E-GP Guidelines/ Rules (at drafting stage)
4 Legislative Readiness Provisions in Public Procurement Act – 2006 for the uptake of e-GPThe Act includes a specific Section for e-Government Procurement (e-GP). It has fully allowed all kinds of online transactions resulting to online procurement by government agencies.Chapter EightUse of Electronic Processing System in Public Procurement, etc.65. e-Government Procurement1. For carrying out the purposes of this Act, any or all government procurement under this Act may be undertaken using electronic processing system.2. The electronic processing system and the principles governing such system shall be prescribed by the governmentExplanation: For the purposes of this section, ‘Electronic Processing System’ means the online processing of data through a website.Public Procurement Act -2006
5 Legislative Readiness Public Procurement Rules – 2008Public Procurement Rules, enacted from January 31, 2008 clearly spells out the mandatory requirement of publishing the procurement information from different stages of procurement cycle to the CPTU website and also offers the strong basis for online procurement transactions.
6 e-GP Readiness E-GP readiness assessment conducted in 2006 No. ComponentLevel of readiness1Government Leadership32Infrastructure and Web ServicesHuman Resource Planning4Standards5Planning and Management2 & 36Private Sector Integration7Policy8Systems9Legislation and Regulation3 & 3
7 e-GP Implementation Status Public Procurement Reform Project II (PPRPII) has one specific component to introduce e-GP on a pilot basis with the central database in the Central Procurement Technical Unit (CPTU), the nodal procurement policy unit of the Government .Existing MIS (PROMIS) of CPTU has few features of e-GP (IFB publication, contract award publication, etc.)Existing MIS will be enhanced to form first phase of e-GP for its piloting in four key target agencies (RHD, LGED, BWDB & REB)
8 e-GP Implementation Status Contd…. Hardware for four target agencies and connectivity for selected procuring entities of those agencies are under procuremente-GP system is under design/ development stage, with features in conformity with MDB GuidelinesSelected Procuring entities’ staff will undergo e-GP training.Piloting of e-GP by June 2009
11 Modules in e-GP SystemCentralized Registration of Contractors/ Suppliers/ ConsultantsWorkflow Managemente-Tendering (e-Publishing/e-Advertisement, e-Lodgement, e-Evaluation, e-Contract award)e-Contract Management (e-CMS)e-PaymentsProcurement Management Information System (PROMIS)
12 Security Features Presentation Layer Security Login/Password ( as Unique ID)CAPTCHA : Verification code has to be entered as appeared in the ‘CAPTCHA’ and this is used to avoid automatic creation of users and to ensure that users are created manually.Session level securityTransmission/Transaction Layer SecuritySecured Socket Layer (SSL – 128 bit encryption)Domain/Server level Session securityElectronic Signature/ Digital Signature based authenticityApplication Layer SecurityWeb services will be used to access different processes and services offered by different modules of the applicationsMessage will be transferred using XML packets through SOAP.Automated virus scanRAID 5 - Striping disks for performance and fault tolerance.RAID - Redundant Array of Independent DisksRAID LevelsRAID 0 - Speed (Widely Used)RAID level 0 is disk striping only, which interleaves data across multiple disks for performance. Widely used for gaming, RAID 0 has no safeguards against failure.RAID 1 - Fault Tolerance (Widely Used)Uses disk mirroring, which provides 100% duplication of data. Offers highest reliability, but doubles storage cost. RAID 1 is widely used in business applications.RAID 2 - SpeedInstead of single bytes or groups of bytes (blocks), bits are interleaved (striped) across many disks. The Connection Machine used this technique, but this is rarely used because 39 disks are required.RAID 3 - Speed and Fault ToleranceData are striped across three or more drives. Used to achieve the highest data transfer, because all drives operate in parallel. Using byte level striping, parity bits are stored on separate, dedicated drives.RAID 4 - Speed and Fault ToleranceSimilar to RAID 3, but uses block level striping. Not often used.RAID 5 - Speed and Fault Tolerance (Widely Used)Data are striped across three or more drives for performance, and parity bits are used for fault tolerance. The parity bits from two drives are stored on a third drive and are interspersed with user data. RAID 5 is widely used in servers.RAID 6 - Speed and Fault ToleranceHighest reliability because it can recover from a failure of two disks, but not widely used. Similar to RAID 5, but performs two different parity computations or the same computation on overlapping subsets of the data.RAID 10, RAID Speed and Fault ToleranceRAID 10 is RAID The drives are striped for performance (RAID 0), and all striped drives are duplicated (RAID 1) for fault tolerance.RAID 100 is RAID It adds a layer of striping on top of two or more RAID 10 configurations for even more speed.
13 Security Features (continued…) Database Layer SecurityBitwise encryption while streaming to and from database (bid box)Confidential data like identity information will be tagged by MD5 for integritySQL injection proof data access codes will be writtenHardware Layer Security2 layer Firewalls to protect e-GP System access from InternetDatabase will be kept in Intranet IP class behind firewall and application server will be kept in Public IP classDatabase will be clusteredHard drive will use RAID 5 hot swappable storage technologyDaily Data backup process will be automatedMirror server will be hostedWorkflow based SecurityOnly authorized and authenticated users will have access to specific level of workflow.Procuring Entity will have rights to manage users as per their needs
14 Expected OutcomesCentralized database of Public Procurement Community (Procuring entities and Contractors/ Suppliers/ Consultants)Standard way of carrying out the procurement with Standard document templatesEfficiency gain with the Procurement Workflow still keeping the same or with minimum optimizationCompliance to the PPA-2006 & PPR-2008Effective Monitoring and Evaluation Platform
15 Future ChallengesBidding Communities Preparedness and Readiness (infrastructure & HR)Finalization of e-GP guidelines/ rulesEnroot Trust on online transaction and e-Signature