Archives || Search || About Us || Advertise || Feedback || Subscribe-
-
Issue of November 2006 
-

[an error occurred while processing this directive]

  -  
 
 Home > Case Study
 Print Friendly Page ||  Email this story

KDMC offers secure G2C services

Today most enterprises across the country have an online presence. Government bodies like the Kalyan-Dombivli Municipal Corporation are also taking the online route with e-governance projects. Dominic K reports.

The Kalyan-Dombivli Municipal Corporation (KDMC) wanted to introduce Web-based services for those residing within the corporation limits. It wanted to ensure that the services had well-documented security policies. The same was achieved through outsourcing the security service needs to SecureSynergy, which included vulnerability assessment and penetration testing.

Objectives

It wanted to create a dependable secure IT system-driven corporation with a high level of transparency, accountability and citizen servicing standards. The KDMC initiated it’s journey in e-Governance in 1999, with the General Body deciding to go in for total computerisation of the corporation with a holistic step-by-step approach.


Subhash Patil

The project was carried out under the guidance of experts from IIT, VJTI, NCST and TIFR. The entire e-Governance solution was provided by Mumbai-based ABM Knowledgeware. This project was initiated in mid-2000 and executed in May 2002.

Since the entire project was Web-based, the KDMC officials under the leadership of Subhash Patil, System Manager, KDMC, decided to implement and undergo process and policy changes that would help the corporation to be ISO 270001 certified.

Citizen Facilitation Centres


Anil Menon

From payment of taxes to application for new water supply connection, application for birth / death certificate to application for any other service or just for registration of any civic complaint, the Citizen Facilitation Centres (CFCs) have now become a single-touch point-of-contact for all the citizens to interact with KDMC. It enables hassle-free interactions for citizens. It also encourages transparency because citizens can monitor their service applications / complaints at every stage.

There are in all six CFCs currently in various ward offices of KDMC and all of them are connected online with the central servers. It offers over 90 corporation services across the counters.

Various services delivered through CFCs
Service Name Services Delivered
Assessment Related Services 11,961
Birth / Death Certificates 96,980
Food Licences 3,338
Market Licences 6,958
New Water Connections 17,031
Water Bill Payments 612,619
Property Tax Bill Payments 390,100
Complaints Accepted 74,233
Inward Letters Accepted 184,350
Other Services 49,099
Total 14,46,669
As on April 25, 2006

Enterprise Information Portal

For IT savvy citizens, KDMC decided to stamp its presence over the Web at www.kdmc.gov.in. The Web site offers dynamic linkage with the live database along with useful information for citizens on corporation’s geographical & historical perspective as well as details on tourist spots, information on corporation’s administration and political wings along with details on functioning of the corporation.

Citizens can pay property and water taxes through the portal. This can be executed through HDFC, IDBI or ICICI bank. Citizens can also apply for services or can register civic complaints, check the status of their complaints or their application for any service and tax dues status. Further, all the forms required for various services are downloadable from the portal. Citizens can also check what supporting documents are needed to avail of a service. The presence of KDMC over the Web offered faster assistance to the citizens but it also made the corporation data vulnerable to those with malicious intent.

Security audit and testing

KDMC has undertaken computerisation since 2002 and provides all citizen services through ICT-based services. This made the KDMC dependent on data and other IT assets and thus it felt a need to third-party security audit. It was decided by the corporation to assign SecureSynergy to undertake this audit and to prepare security policies for them. SecureSynergy was also responsible for the complete security audit and policy implementation.

The database server is Oracle 9i release 2, deployed on Sun Solaris. Web Server is IIS (Internet Information Services), deployed on Windows 2003. To secure the database, KDMC deployed a disaster recovery secondary database server using Oracle DataGuard. Incoming Internet traffic is secured and filtered using a hardware firewall.

IT Infrastructure

The backbone of KDMC’s e-Governance services is formed by two E450 Sun servers. These two servers form the pillar of its IT hardware infrastructure and are used to run the database and other applications. They are further supported by a server for authentication. KDMC has also established a disaster recovery database server at Dombivli division office for disaster recovery. The software development activities are carried out at a full-fledged development centre at the Kalyan headquarters.

All the departments at KDMC are integrated through a WAN of around 240 computers. Four ward offices are connected by 100 Mbps fibre optics, while one ward office has been connected using Radio Frequency. The entire network is connected to the external world of Internet through 256 Kbps leased line.

The backend integration of all the departments with CFCs ensures that a citizen’s application or complaint is immediately available to the officer concerned on his PC.

The highlight of the service, committed to provide time-bound service delivery to the citizens, is the strict implementation of processes and systems at all the departments. This includes a colour code system, which helps officers to identify how much time is left with them to scrutinise an application.

IT security challenges

“Inspite of multiple hurdles and challenges, efforts have been made from day one to give priority to information security since we believe that is one of the most important aspect of good governance,” informs Patil.

SecureSynergy helped KDMC to initiate some of the major practices and processes which will, over a period of time help them achieve ISO 270001 standards compliance. SecureSynergy was also responsible to execute Penetration Testing (PT) and Vulnerability Assessment (VA).

The processes include establishment of disaster recovery database server, defined data backup policies, restricted access to important IT assets like server room, switch room, centralised anti-virus solution, and no access to floppy drive / CD drive at the client level.

Security training

People internal or external to the organisation can break the security either intentionally or unintentionally. Realising the same, the employees were asked to undergo training on security.

The initial training was conducted by SecureSynergy. It was attended by identified IT Security Policy (ITSP) co-ordinators at each department level. These ITSP co-ordinators were educated on various aspects of security policy implementation and were made responsible for imparting the necessary knowledge to others in their respective departments.

These co-ordinators form a single point-of-contact for the adherence of security policy in various departments within the corporation. Any default to adherence of the security policy is considered a serious offence. KDMC is in the process of finalising the penalty action on such default and waiting for the requisite approval for the same.

Future roadmap chalked

The corporation plans to introduce human resource management system which shall enable KDMC to efficiently use it’s manpower and bring down the establishment related cost on the KDMC budget.

Geographical Information System (GIS) which will help the corporation to support and monitor tax collection, complaint management and various services like building permissions, completion certificates, water connections, and trade and market licences. GIS will also enable the designing of drainage and storm water networks.

 
     
- <Back to Top>-  
Untitled Document
 
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.