BSA, the Software Alliance along with Data Security Council of India (DSCI), released their latest study- “Security considerations in software procurement by government agencies in India”.
The study takes a detailed look at the Indian government’s and its various agencies’ existing software procurement policies and outlines global best practices for software procurement. It aims to help streamline the central and state governments’ procurement processes and encourage the use of properly licensed software to minimise security threats.
Currently, a comprehensive legal framework or mandatory policy guidelines for driving software procurement by government agencies is absent. Central and state governments have evolved their own laws and regulations which treat the process of software procurement differently and often do not address security requirements.
“As we continue to digitise government services for increased transparency and convenient citizen services, the quantum of data and information residing with the government and its agencies has grown drastically. Maintaining data confidentiality and security has, thus, gained precedence,” said Anurag Singh Thakur, Chairman, Parliamentary Committee on IT while unveiling the report.
Some of the other recommendations include that the government should mandate incorporation of information security requirements in the procurement of software by government agencies including central and state agencies through an appropriate policy and legal framework. Secondly, the government must include detailed security requirements in the RFI / RFP process for procuring software.
Further, assessment of software security through its entire lifecycle from design and development to testing and maintenance against international standards as well as elimination of counterfeit and unlicensed software from the software supply chains will reduce security vulnerabilities.
The study findings are based on background research coupled with expert inputs from senior government officials across various government departments and agencies, consultants, vendors and system integrators.