e-Tendering

 by J. P. Singh, Professor (Mech.)

Indian Railways eProcurement System

• The official portal of Indian Railways, for procurement of:

• Goods,
• Works & Services,
• Sale of Materials, and
• Leasing of Assets

• Through the process of

• E-Tendering,
• E-Auction or
• Reverse Auction.
Indian Railways eProcurement System

• The site is developed and maintained by CRIS using the

latest technology and security features. Salient security
features deployed include:
• Asymmetric cryptography,
• PKI enablement,
• digital signature,
• 256 bit 'VeriSign' Extended SSL
IREPS
Indian Railways eProcurement System
Developments
• IT Act 2000
• Statute acknowledging and supporting the framework
• PKI (Public Key Infrastructure)
• CCA, CAT, CA, RA
• CVC Guidelines
• Guideline Assurances
• Policy making
• Railway’s procurement procedures
• Incorporating existing procedures
Benefits Realized
• Improved image and transparency of the buying organization
• Savings in cost of purchase
• A study of “Northern Railway Tender Opening Cell” revealed that they are able to handle
increased number of tenders only with three staff as against eight to ten staff required in
old manual tendering system”.

• Reduced Paper work

• Improved decision-making
• Chances of clerical mistakes eliminated

• Audit trail
• Reduction in procurement cycle
• the time interval between publication of tender and closing of the bid has been reduced by an
average of ten days. Further, time required in compilation of comparative statement of
financial and techno commercial bids and its checking by the associated finance has been
reduced from average of 26 days to NIL

• 24*7 availability
• Wider choice of suppliers
Challenges & Issues
• Providing interface with MMIS
• Managing bidder database
• Standardization of processes
• Addressing the issue of diverse requirements and local practices

• Change management
• affecting power shift in the organization

• Educating users
• Purchasers & Bidders
• dedicated helpdesk

• Managing security issues

• STQC from Department of Information Technology, Government of India

• Regulatory Compliance
• SHA1 to SHA256
• increase in length of public /private key with effect from Jan 01, 2012
Prerequisite
• Basic knowledge of Computers
• Use of Browsers, their types
• Google Chrome
• Opera/Safari
• Mozilla Firefox
• Internet Explorer
• Microsoft Edge

• Regular updating of Java

Indian Railways eProcurement System

An umbrella portal for

• E Tender
• E Tender (Goods & Service)
• E Tender (Works)
• E Auction
• iMMIS
Software & Hardware Requirement
• The detailed guidelines regarding software & Hardware requirements are
laid down in a separate manual titled Getting Your System Ready for IREPS
Application.

• Manual can be downloaded through the Learning center link available in

the left navigation bar of the home page of IREPS application
(www.ireps.gov.in).

• Hardware Requirement Processor – Intel Pentium P IV, Intel Pentium

i3/i5/i7, or equivalent Ram- 2 GB or more (Recommended 4 GB) Digital
Signing Certificate (DSC) - Class III

• Software Requirement Operating System- Windows 7 or Later Browser-

Internet Explorer- Version 9 or Later/ Mozilla Firefox Latest Version (32
bit) JRE (Java Runtime Environment) - Latest Update (Free download)
Token Driver for Digital Signing Certificate (Provided by supplier of DSC)
The Initial Setup
• Setting up of machines
• Good computers (free from virus/malwares)
• Latest Java (32 bit)
• Exception of “https://www.ireps.gov.in/” in java security control
panel
• Use of Internet Explorer
• Enable ActiveX controls (in safe mode/prompt mode)
The Initial Setup
• Procurement of Digital Signature Certificates (DSC)
• Requirement of Class III certificates
• RB policy for procurement
• Good practice (for use for validity of 2 years)
The Initial Setup
• Setting up organization
• Nomination of Local administrator/Nodal officer
• Creation of departments, users & posts
• Nomination of Officers for operation (Uploading, Opening, TC)
• Uploading the public key of organization (nodal officer)
• Linking with Finance department
• Setting up of iPass ID No.
Admin Module
• IREPS application calls for extensive administration responsibilities
to be handled by registered administrators from railways.
• These administrators have roles divided amongst them based on
their location and authority.
• EPS Administrator and Department Administrators are two
types of administrators who look after all the administrative
functions and also maintain the application on an ongoing basis
Help Desk
The Help Desk is the module of the EPS application which provides
the facility to Contractors, Railway users and others to get help if
they face any problem at the time of using the application, or if they
have any query regarding the application.

This module tracks the log of all queries raised by different users and
log of replies sent by help desk users to the raisers
Department Admins
• Depending on the Functions, Privileges and Responsibilities, Railway
users are divided into two categories namely:
• Department Administrators and,
• Standard Railway Users

• The application also allows a unit to have more than one

department admin. Officials of grade Jr. Scale and above can only
be made department admins
Role of Department Admins
• Each railway department (Engineering, Mechanical, Electrical, S&T etc.)
within an administrative or functional setup of Indian Railways (Zone/PU
Hqrs., Divisions, Workshops, Maintenance depots, Stocking depots etc.) is
registered as a separate unit on IREPS Portal.
• These units are known as IREPS departments. Each such IREPS
department has a department administrator for performing administrative
tasks like Management of Users/ Sections/ Posts/ Condition Masters/
Document Masters/ Item Directories, Assignment of Functions to posts,
Nomination of officials for opening of tenders etc.
• Creation of standard users, posts, and assignment of functions etc. have to
be done by the department admin.
Admin Functions
• Manage Sections: Each IREPS department is divided into sub-units
called sections.
• An official of a unit can only create tenders within the sections assigned to
him.
• Furthermore, the user can access all the draft tenders of all the sections
assigned to him, whether created by him or any other official of the unit. This
allows segregation of work of different officials of the unit.

• Manage Posts: This functionality allows the department admins to

create new posts, and edit the attributes of posts like sections, work
areas, functions, address and contact details etc.
• Interface for creation and management of posts can be accessed through the
Manage Posts link in the Admin functions section on Railway User Home page.
Admin Functions
• Create Users: This functionality is meant for creation of User
account of individual users

• Update Department Details: This functionality is meant to update

the address and contact details of the unit, and the Tender Calling
Authority in whose name tenders are being called by the unit.

• Upload Encryption Certificate: This utility is meant for attaching the

public key of the Digital Encryption Certificate of the unit with the
profile of the unit. Thereafter this public key automatically gets
attached with each tender issued by the unit.
Admin Functions
• Link Finance Department: Every IREPS department is required to
have an associate finance department linked with it for processes
like tender opening etc. This is done through the Link Financial
Department interface.

• Tender Opening Schedule: This link is available in the left navigation

block, and is meant for nominating officials for opening of tenders.
Apply for DSC & DEC
• Through normal NS indenting process, & Registered vendors
Preparing the System
• Use IE (latest version) or Mozilla Firefox (latest version)
• Enable ActiveX plugins
Enable Activex Plugins
Install Java Runtime Environment
• Update OS
• Install latest JRE 32 bit version
• Add exception to ireps.gov.in in Java Control panel / Security
Installation of Token Driver & Software
• Made by Watchdata
Preparing the System (Contd…)

• Create Department, Section & Posts

• Create User
• Export & upload the public key of each user
• Upload Public key of Encryption Certificate
• Link Finance department
• Update Tender opening Schedule
Login by Standard Railway User
• Standard Railway users whose user account has been created by the
Department Admin, and who have got the E-Mail for system generated
password can login by clicking on the Login button on the Home page
(www.ireps.gov.in) and choosing the option E-Tender as shown below:
Home Screen
NIT Module
• The NIT module contains the process of NIT (Notice Inviting
Tender):
• Tender Document Creation and Publishing,
• Corrigendum Creation and Publishing,
• Pre-Bid Queries and Responses against these Queries
NIT Module Tabs
• NIT Header

• Schedule

• Item Breakup

• Eligibility Criteria

• Compliance

• Documents

• Firms

• Publish Tender
BID Module
• Bidding, Evaluation, etc.: The Bid module contains the process of
payments for Tender Document Cost (TDC) and Earnest Money
Deposit (EMD),
• Submission of Techno-Commercial and Financial Bids, Uploading of
Documents,
• Tender Box Opening,
• Generation of Comparative Statements, Automatic Ranking of Bids
and Creation of Briefing Notes.
• All firms who get themselves registered on the IREPS website
through an online registration process, and who are authorized to
bid against a tender can submit their bid against the tender through
the IREPS application
Searching Tenders

• Once logged on, we can view any Tender over IR

View Various Reports

Tender Document

Corrigendum

View Offers

Commercial Tabulation Financial Tabulation

We don’t have to logon just to view tenders
Still Under Development
• Recently added aspects of ireps
My Tenders (Home Page)
• Under Finalization (as Convenor/ Acc. Authority)
• TC Minutes Pending (I’m Not Convenor)
• TCRs Pending for My Acceptance
• Tender Cases Referred to Me for Assistance
• My Finalized Tenders
• My Upcoming TC Minutes
• Search My Tender
• My Finalized Tenders – Refunds Pending
• Refunds Awaiting My Approval
Assigning Tenders
• Pre-nominated by Admin (Post management)
• Assigning convener
• Assigning Member(s)
• Re-assigning Tenders
Selecting multiple and re-assigning Tenders
My Tenders – Under Finalization

• Tender document (T) • Payment report

• Corrigenda issued (C) • Online
• Financial tabulation • Tender Decision
• Techno Commercial tabulation • Manual Tender Decision
• Bids received against the tenders
Tender decision (home page)
Tender decision mode & Decision type
Selecting TC members
Adding favourites
Tender decision (Top sheet)
Tender decision (Payments)
Seek secretarial assistance
TC meeting
TC meeting letter
Upcoming TC meetings
• My Tenders page

• TD home page
Previously finalized tender decisions

• Acceptance date • Action

• Acceptance type • View TC Minutes/ Acceptance Note
• TCR Actions
• Recommendations Type
• Supplementary Tender Decision
• Decision • Pending Actions
• Pending Actions
Convener Options
• Withdrawn / Superseded drafts
• Mark Case as Finalized
Convener Options
• Discard Draft

• Withdrawal of TC minute version

Preparation of TC minutes/acceptance note
TC minutes (top sheet)
TC minutes (general)
TC minutes (payments)
TC minutes (quantity)
TC minutes (quantity)
TC minutes (briefing note)
TC minutes (eligibility)
TC minutes (discussion on offers)
TC minutes (discussion on offers)
TC minutes (discussion on offers)
TC minutes (rates)
TC minutes (recommendations)
TC minutes (recommendations - rates)
TC minutes (recommendations)
TC minutes (recommendations-passover)
TC minutes
TC minutes (status)
Finalization of acceptance note / TD home page
Sharing and signing of TC minutes
Sharing and signing of TC minutes
Signing / returning of TC minutes by members
Signing / returning of TC minutes by members
• Bottom portion of TC minutes
Submission of TC reco. to accepting authority
Options for accepting authority
Options for accepting authority
Post acceptance
TCR actions
• Issue of Letter of Acceptance
• Issue of Negotiation Letters
• Opening of revised / negotiated bids submitted by the bidder
• Viewing of tabulation statement for negotiated bids
• Fixing of date of opening of financial bids (for 2 packet tenders)
• Incorporating the modification instructions as per the acceptance
Issue of LOA
Issue of LOA
Issue of LOA
Issue of LOA
Issue of LOA
Issue of LOA
Prepare negotiation letters
Prepare negotiation letters
Prepare negotiation letters
• Date of Negotiations
• Closing Date for Bid Submission
• Purpose of Negotiations
• Venue of Negotiations
• Remarks
• Validity of Original Offer
• Validity of Revised Offer
Prepare negotiation letters
Prepare negotiation letters
Opening of negotiated bids
Opening of negotiated bids
Opening of negotiated bids
Encryption
• Encryption is a process of converting readable data into
unreadable characters to prevent unauthorized access.
• It is treated like any other data (it can be stored, sent, etc.)
• To read the data, the recipient must decrypt, or decipher, it into a
readable form.
Encryption
• The unencrypted, readable data is called plaintext.
• The encrypted (scrambled) data is called ciphertext.
• An encryption algorithm, or cypher, is a set of steps that can convert
readable plaintext into unreadable ciphertext.
Encryption
 An encryption key is a set of characters that the originator of the
data uses to encrypt the plaintext and the recipient of the data
uses to decrypt the ciphertext.
 With private key encryption, also called symmetric key encryption,
both the originator and the recipient use the same secret key to
encrypt and decrypt the data.
 Public key encryption, also called asymmetric key encryption, uses two
encryption keys, a public and a private.
◦ A message generated with a public key can be decrypted only with the
private key.
Encryption
 Some operating systems and e-mail programs allow you to
encrypt the contents of files.
 Programs such as pretty Good Privacy (PGP) can be used as well.
 A digital signature is an encrypted code that a person, Web site,
or organization attaches to an electronic message to verify the
identity of the message sender.
 It consists of the user’s name and a hash of all or part of the
message, which is a mathematical formula that generates a code
from the contents of the message.
Encryption
• Many Web browsers offer 40-bit, 128-bit, and even 1024-bit encryption,
which are even higher levels of protection since they have longer
keys.
• A Web site that uses encryption techniques is known as a secure
site, which use digital certificates along with a security protocol.
Digital Certificates

• A digital certificate is a notice that guarantees a user or a Web

site is legitimate.
• A certificate authority (CA) is an authorized person or company that
issues and verifies digital certificates.
Transport Layer Security
• Transport Layer Security (TLS) a successor to Secure Sockets Layer (SSL),
provides encryption of all data that passes between a client and an
Internet server.
• Both ends require a certificate and prevents perpetrators from
accessing or tampering with communications
• TLS protected websites typically begin with https, instead of http.
Transport Layer Security
Secure HTTP
• Secure HTTP (S-HTTP) allows users to choose an
encryption scheme for data that passes between a client
and server.
• It is more difficult than TLS to use, but it is also more
secure.
Assurance Levels
• Class I
• This provides a basic level of assurance relevant to environments where there are risks and
consequences of data compromise, but they are not considered to be of major significance.

• Class II
• This level is relevant to environments where risks and consequences of data compromise
are moderate. This may include transactions having substantial monetary value or risk of
fraud, or involving access to private information where the likelihood of malicious access is
substantial.

• Class III
• This level is relevant to environments where threats to data are high or the consequences
of the failure of security services are high. This may include very high value transactions or
high levels of fraud risk.

• Aadhar eKyc-OTP
• This level is relevant to environments where OTP based Aadhaar-eKyc authentication is
acceptable method for credential verification prior to issuance of DSC. Certificate holder's
private keys are created on hardware and destroyed immediately after one time usage at
this assurance level.
THANK YOU