Government

KDMC secures G2C services

Subhash Patil

The Kalyan-Dombivli Municipal Corporation (KDMC) wanted to introduce Web-based services for those residing within corporation limits. It wanted to ensure that the services had well-documented security policies. The same was achieved through outsourcing its security to SecureSynergy including vulnerability assessment and penetration testing.

Objectives

KDMC wanted to create a dependable secure IT system-driven corporation with a high level of transparency, accountability and citizen servicing standards. The e-Governance project began in 1999, with a General Body decision to go in for total computerisation.

The project was carried out under the guidance of experts from IIT, VJTI, NCST and TIFR. The entire e-Governance solution was provided by Mumbai-based ABM Knowledgeware.

Since the entire project was Web-based, officials under the leadership of Subhash Patil, System Manager, KDMC, decided to implement process and policy changes that would help the corporation get certified for ISO 270001.

Facilitation Centres

From paying taxes to applying for a water supply connection, birth or death certificate, or any other service or even to register a civic complaint, the Citizen Facilitation Centres (CFCs) have become a single-touch point-of-contact for all the citizen-KDMC interactions.

As of now there are six CFCs in the KDMC’s ward offices and all are connected to the central servers offering over 90 corporation services.

Enterprise Portal

For IT savvy citizens, KDMC decided to setup its presence on the Web at www.kdmc.gov.in. The Web site offers dynamic linkage with a live database along with useful information for citizens on corporation’s geographical and historical perspective as well as details on tourist spots, information on the corporation’s administration and political wings along with details on the functioning of the corporation.

Audit and Testing

KDMC has undertaken computerisation since 2002 and provides all citizen services through ICT. This has led to the KDMC becoming dependent on data and other IT assets and thus it felt a need to go in for a third-party security audit. The corporation picked SecureSynergy to undertake this audit and to prepare security policies for it. SecureSynergy was also responsible for implementing the policies that it devised.

The database server is Oracle 9i release 2, deployed on Sun Solaris. The Web server is IIS (Internet Information Services) on Windows 2003. To secure the database, KDMC deployed a disaster recovery secondary database server using Oracle DataGuard. Incoming Internet traffic is secured and filtered using a hardware firewall.

IT Infrastructure

The backbone of KDMC’s e-Governance services is formed by two Sun E450 servers that are used to run the database and other applications. They are further supported by a server for authentication. KDMC has also established a disaster recovery database server at Dombivli division office for disaster recovery. All the departments at KDMC are integrated through a WAN that links 240 computers. Four ward offices are connected by 100 Mbps fibre optics, while one ward office has been connected using Radio Frequency.

The backend integration of all departments with CFCs ensures that a citizen’s application or complaint is immediately available to the officer concerned on his PC.

The highlight of the service, committed to provide time-bound service delivery to citizens, is the strict implementation of processes and systems at all departments. This includes a colour coding system, that helps officers identify how much time is left with them to scrutinise an application.

IT Security Challenges

“In spite of multiple hurdles and challenges, efforts have been made from day one to give priority to information security since we believe that it is one of the most important aspects of good governance,” informs Patil.

SecureSynergy helped KDMC to initiate practices and processes which will, over a period of time help it comply with ISO 270001. SecureSynergy was also responsible for Penetration Testing (PT) and Vulnerability Assessment (VA).