KDMC secures G2C services
The Kalyan-Dombivli Municipal Corporation (KDMC) wanted to
introduce Web-based services for those residing within corporation limits. It
wanted to ensure that the services had well-documented security policies. The
same was achieved through outsourcing its security to SecureSynergy including
vulnerability assessment and penetration testing.
KDMC wanted to create a dependable secure IT system-driven corporation with
a high level of transparency, accountability and citizen servicing standards.
The e-Governance project began in 1999, with a General Body decision to go in
for total computerisation.
The project was carried out under the guidance of experts from IIT, VJTI, NCST
and TIFR. The entire e-Governance solution was provided by Mumbai-based ABM
Since the entire project was Web-based, officials under the leadership of Subhash
Patil, System Manager, KDMC, decided to implement process and policy changes
that would help the corporation get certified for ISO 270001.
From paying taxes to applying for a water supply connection, birth or death
certificate, or any other service or even to register a civic complaint, the
Citizen Facilitation Centres (CFCs) have become a single-touch point-of-contact
for all the citizen-KDMC interactions.
As of now there are six CFCs in the KDMCs ward offices and all are connected
to the central servers offering over 90 corporation services.
A colour coding system helps
officers identify how much time is left to scrutinise an application
For IT savvy citizens, KDMC decided to setup its presence
on the Web at www.kdmc.gov.in. The Web site offers dynamic linkage with a live
database along with useful information for citizens on corporations geographical
and historical perspective as well as details on tourist spots, information
on the corporations administration and political wings along with details
on the functioning of the corporation.
Audit and Testing
KDMC has undertaken computerisation since 2002 and provides all citizen services
through ICT. This has led to the KDMC becoming dependent on data and other IT
assets and thus it felt a need to go in for a third-party security audit. The
corporation picked SecureSynergy to undertake this audit and to prepare security
policies for it. SecureSynergy was also responsible for implementing the policies
that it devised.
The database server is Oracle 9i release 2, deployed on Sun Solaris. The Web
server is IIS (Internet Information Services) on Windows 2003. To secure the
database, KDMC deployed a disaster recovery secondary database server using
Oracle DataGuard. Incoming Internet traffic is secured and filtered using a
The backbone of KDMCs e-Governance services is formed by two Sun E450
servers that are used to run the database and other applications. They are further
supported by a server for authentication. KDMC has also established a disaster
recovery database server at Dombivli division office for disaster recovery.
All the departments at KDMC are integrated through a WAN that links 240 computers.
Four ward offices are connected by 100 Mbps fibre optics, while one ward office
has been connected using Radio Frequency.
The backend integration of all departments with CFCs ensures that a citizens
application or complaint is immediately available to the officer concerned on
The highlight of the service, committed to provide time-bound service delivery
to citizens, is the strict implementation of processes and systems at all departments.
This includes a colour coding system, that helps officers identify how much
time is left with them to scrutinise an application.
IT Security Challenges
In spite of multiple hurdles and challenges, efforts have been made from
day one to give priority to information security since we believe that it is
one of the most important aspects of good governance, informs Patil.
SecureSynergy helped KDMC to initiate practices and processes which will, over
a period of time help it comply with ISO 270001. SecureSynergy was also responsible
for Penetration Testing (PT) and Vulnerability Assessment (VA).