KDMC offers secure G2C services
Today most enterprises across the country have an online
presence. Government bodies like the Kalyan-Dombivli Municipal Corporation are
also taking the online route with e-governance projects. Dominic K reports.
The Kalyan-Dombivli Municipal Corporation (KDMC) wanted to introduce Web-based
services for those residing within the corporation limits. It wanted to ensure
that the services had well-documented security policies. The same was achieved
through outsourcing the security service needs to SecureSynergy, which included
vulnerability assessment and penetration testing.
It wanted to create a dependable secure IT system-driven corporation
with a high level of transparency, accountability and citizen servicing standards.
The KDMC initiated its journey in e-Governance in 1999, with the General
Body deciding to go in for total computerisation of the corporation with a holistic
The project was carried out under the guidance of experts
from IIT, VJTI, NCST and TIFR. The entire e-Governance solution was provided
by Mumbai-based ABM Knowledgeware. This project was initiated in mid-2000 and
executed in May 2002.
Since the entire project was Web-based, the KDMC officials under the leadership
of Subhash Patil, System Manager, KDMC, decided to implement and undergo process
and policy changes that would help the corporation to be ISO 270001 certified.
Citizen Facilitation Centres
From payment of taxes to application for new water supply
connection, application for birth / death certificate to application for any
other service or just for registration of any civic complaint, the Citizen Facilitation
Centres (CFCs) have now become a single-touch point-of-contact for all the citizens
to interact with KDMC. It enables hassle-free interactions for citizens. It
also encourages transparency because citizens can monitor their service applications
/ complaints at every stage.
There are in all six CFCs currently in various ward offices of KDMC and all
of them are connected online with the central servers. It offers over 90 corporation
services across the counters.
|Birth / Death Certificates
|New Water Connections
|Water Bill Payments
|Property Tax Bill Payments
|Inward Letters Accepted
|As on April 25, 2006
Enterprise Information Portal
For IT savvy citizens, KDMC decided to stamp its presence over the Web at www.kdmc.gov.in.
The Web site offers dynamic linkage with the live database along with useful
information for citizens on corporations geographical & historical
perspective as well as details on tourist spots, information on corporations
administration and political wings along with details on functioning of the
Citizens can pay property and water taxes through the portal. This can be executed
through HDFC, IDBI or ICICI bank. Citizens can also apply for services or can
register civic complaints, check the status of their complaints or their application
for any service and tax dues status. Further, all the forms required for various
services are downloadable from the portal. Citizens can also check what supporting
documents are needed to avail of a service. The presence of KDMC over the Web
offered faster assistance to the citizens but it also made the corporation data
vulnerable to those with malicious intent.
Security audit and testing
KDMC has undertaken computerisation since 2002 and provides all citizen services
through ICT-based services. This made the KDMC dependent on data and other IT
assets and thus it felt a need to third-party security audit. It was decided
by the corporation to assign SecureSynergy to undertake this audit and to prepare
security policies for them. SecureSynergy was also responsible for the complete
security audit and policy implementation.
The database server is Oracle 9i release 2, deployed on Sun Solaris. Web Server
is IIS (Internet Information Services), deployed on Windows 2003. To secure
the database, KDMC deployed a disaster recovery secondary database server using
Oracle DataGuard. Incoming Internet traffic is secured and filtered using a
The backbone of KDMCs e-Governance services is formed by two E450 Sun
servers. These two servers form the pillar of its IT hardware infrastructure
and are used to run the database and other applications. They are further supported
by a server for authentication. KDMC has also established a disaster recovery
database server at Dombivli division office for disaster recovery. The software
development activities are carried out at a full-fledged development centre
at the Kalyan headquarters.
All the departments at KDMC are integrated through a WAN of around 240 computers.
Four ward offices are connected by 100 Mbps fibre optics, while one ward office
has been connected using Radio Frequency. The entire network is connected to
the external world of Internet through 256 Kbps leased line.
The backend integration of all the departments with CFCs ensures that a citizens
application or complaint is immediately available to the officer concerned on
The highlight of the service, committed to provide time-bound service delivery
to the citizens, is the strict implementation of processes and systems at all
the departments. This includes a colour code system, which helps officers to
identify how much time is left with them to scrutinise an application.
IT security challenges
Inspite of multiple hurdles and challenges, efforts have been made from
day one to give priority to information security since we believe that is one
of the most important aspect of good governance, informs Patil.
SecureSynergy helped KDMC to initiate some of the major practices and processes
which will, over a period of time help them achieve ISO 270001 standards compliance.
SecureSynergy was also responsible to execute Penetration Testing (PT) and Vulnerability
The processes include establishment of disaster recovery database server, defined
data backup policies, restricted access to important IT assets like server room,
switch room, centralised anti-virus solution, and no access to floppy drive
/ CD drive at the client level.
People internal or external to the organisation can break the security either
intentionally or unintentionally. Realising the same, the employees were asked
to undergo training on security.
The initial training was conducted by SecureSynergy. It was attended by identified
IT Security Policy (ITSP) co-ordinators at each department level. These ITSP
co-ordinators were educated on various aspects of security policy implementation
and were made responsible for imparting the necessary knowledge to others in
their respective departments.
These co-ordinators form a single point-of-contact for the adherence of security
policy in various departments within the corporation. Any default to adherence
of the security policy is considered a serious offence. KDMC is in the process
of finalising the penalty action on such default and waiting for the requisite
approval for the same.
Future roadmap chalked
The corporation plans to introduce human resource management system which shall
enable KDMC to efficiently use its manpower and bring down the establishment
related cost on the KDMC budget.
Geographical Information System (GIS) which will help the corporation to support
and monitor tax collection, complaint management and various services like building
permissions, completion certificates, water connections, and trade and market
licences. GIS will also enable the designing of drainage and storm water networks.