Home >> Publications >> ICT Procurement >> Strategic Guide to e-Procurement >> Infrastructure Considerations

Strategic Guide to e-Procurement

Infrastructure Considerations

Security

Security associated with implementing e–procurement requires the same careful consideration as any other IT–related system. The level of protective security required will be determined by:

• the type and sophistication of the e–procurement system
• use of web server technology
• the type of data and level of confidentiality required
• the level of associated threat and risk to the online environment.

Protective security activities should form an integral part of the your planning. Security should not be treated as an isolated activity. It should be part of an agency’s culture integrated into its corporate structure, practices and planning activities. Personnel should be made aware of the agency’s security policy and guidelines and of their specific responsibilities.

The Australian Commonwealth Protective Security Manual (PSM) directs government agencies to consider security implications of their electronic information systems and to devise policies, practices and procedures to protect resources appropriately.

The PSM requires that agencies comply with the Australian Government Information and Communications Technology Security Manual (ACSI 33) for the protection of information held on ICT systems. Compliance with relevant legislations or law (Commonwealth, State or local) is also required.

Consideration should be given to how ICT security is managed, documented
and implemented.

Agencies should consider:

• their threat and risk assessment
  • consider the types of transactions conducted and identify the associated risk such as fraud and theft
  • determine the magnitude and likelihood of the threat and risk occurring
  • develop measures to manage and mitigate the threat and risks
• their security policy and framework documentation review or development
• system security plan
  • detail the level of security architecture and policies required for the system and each interconnection
• the role and the responsibilities of managers, administrators and users in relation to ICT Security
• security standard operating procedures
  • instructions to system users, administrators and managers on the procedures for maintaining a secure system
• review and audit controls.

Security issues relating to hardware, software and access control may include:

• physical security of communications equipment, servers and workstations
• hierarchy of control and access:
  • determine who will have access to the data and what level of access is required
  • will the data be used outside the agency and how it will be used
  • are security clearances required
  • are passwords required
• contracted service providers:
  • where are they located, is the provider in a different country and who’s
    law prevails
  • does the provider sub contract to other providers/carriers?

A range of firewall products, gateways, authentication mechanisms, access control mechanisms and encryption facilities can be used to protect systems and data. The choice and complexity of protective security measures are numerous and can sometimes be expensive. You need to ensure that the protective security measures are appropriate to the level of risk identified.

The Australian Government Information Management Office provides further information about security and links to other resources.

Interoperability

Historically, an agency would implement one system at a time. For example financial, procurement, human resources and business units would work independently of each other to install and manage these systems and tools. Managing multiple, non–integrated systems promotes duplication of effort and excessive costs.

Interoperability allows different applications and systems to perform functions while communicating to exchange data with one another, or operating seamlessly. This can occur within one agency or across multiple agencies.

With e–procurement, this seamless operation is critical to ensure:

• service level information is available for ordering and invoicing requirements
• the data from purchase orders is updated in the general ledger
• the supplier details are available for payment by the accounts processing area
• the details of the goods and services purchased are available for later spend analysis.

Regardless of the selected platform, each product has generic strengths and weaknesses. Some of the strengths in e-procurement products include:

• web based e-procurement systems are generally seen as being easy to use for even casual users
• integration with FMIS/ERP systems is usually smooth and comprehensive
• there are numerous connectivity options available for connecting to suppliers including email, fax, and Internet tools
• the systems provide effective tools for loading and managing supplier catalogues
• many transactional e–procurement systems have a strong workflow approval process which enables clear authority levels to be implemented.

Common weaknesses across e–procurement systems include:

• systems may be designed for an overseas market and may not fit the Australian marketplace, e.g., Goods and Services Tax (GST) compatibility
• searching catalogues and locating the correct item can be difficult when there are thousands of separate Stock Keeping Units (SKUs) in the catalogue
• integrating invoicing with the FMIS/ERP system can be difficult
• the purchasing of Services as opposed to Goods is still challenging for most providers as items such as legal services, consulting, and complex printing may not fit easily into the ‘catalogue’ model and may require specialised solutions.

Back to top

A Stock Keeping Unit (SKU) is a unique item which is held in inventory with a specific number so it can be tracked

To ensure interoperability of an e–procurement system with other systems it is important to determine what interdependencies each system may have with the other. This can be achieved through open discussions with stakeholders in each area involved.

Some initial discussion points are listed below.

What is the current environment? Environment is used as a broad term and refers to all aspects including (but not limited to) applications, systems and tools, the network configuration, stakeholders, users, related strategies, policies and procedures.

What resources are shared? Resources refer to labour (within the business unit, corporate services and IT), facilities, equipment, data, and bandwidth.

Do strategies, policies or procedures overlap? E-procurement involves many areas of an organisation like finance (negotiating and paying suppliers), IT (implementing and maintaining online systems and tools), Human Resources (access to personnel data for workflow) and business units (end users). These different units may have related strategies to support the agency, but policies and procedures tend to be localised.

Therefore, strategies, policies and procedures of these areas need to be reviewed and sometimes revised to support e–procurement.

What standards and protocols are used to store and transfer data? When selecting an e–procurement system interoperability with internal financial and HR applications and systems will ensure shared data is accessible by all units. Externally, the e–procurement system may also need to pull data from a supplier’s product catalogue or punch out to a supplier’s website. It is also important to work closely with suppliers to understand their capabilities and limitations.

Go to Australian Government Technical Interoperability Framework for more information.

Supplier Portals

An extranet is a website that allows external parties access to an internal system or network

A supplier portal is a secure, internet site that is developed by the buying organisation to provide a comprehensive access point to supplier-related information. It may also be referred to as the buying organisation’s ‘extranet’ site.

Suppliers can logon to the portal to communicate and transact with the buying organisation. The supplier portal enables suppliers to complete transactional and payment activities such as receiving PO’s, sending acknowledgements that they can supply the necessary goods or services, creating Advance Shipping Notices (ASNs), submitting invoices and tracking invoice progress.

Some buying organisations provide additional information on their supplier portal, such as frequently asked questions for suppliers, standard terms and conditions and processes to be followed when dealing with the organisation.

The advantage of the supplier portal is that it is available to any supplier who has access to the internet and uses simple web browser technology. A disadvantage is that it may require suppliers to re–key the details of the PO into their sales order system manually rather than having an automatic interface into their system. This depends on the interoperability between the supplier’s and buyer’s systems.

More advanced buying organisations prefer supplier portals to other connectivity methods such as faxing. A supplier portal can be custom–built or bought from a software provider. The web site should be engaging, informative and user–friendly, and require an ongoing commitment of resources to design, implement and maintain. To be effective, the supplier portal must integrate with other Agency back–end systems and processes. This may add to the cost and complexity of the portal.

Connectivity

Supplier connectivity refers to how buyers connect with suppliers to transmit POs and receive invoices. With the introduction of fax machines and other technologies such as Electronic Data Interchange (EDI) and Extensible Markup Language (XML), connectivity has expanded to include electronic–based documents, PC–faxing, scanning and other Business to Business (B2B) methods (i.e., Supplier Portals).

Suppliers are wary of expensive e–commerce connections which have not been able to deliver the promised returns to justify the investment when the volume of transactions is insufficient.

Smaller suppliers generally have a lower level of technical capability, and may not be able to devote the same level of resources to e–commerce initiatives as larger organisations.

Because connectivity works two–ways, buyers and suppliers can benefit from communicating their needs and requirements to the other before implementing costly infrastructure or process changes.

General issues with supplier connectivity are that few suppliers have the same level of investment in systems and tools as the buying organisations. With less sophisticated systems, there may be fewer options for uploads and data interfaces which means that a ‘lowest common denominator’ approach becomes more practical. This tends to be email and spreadsheets to which nearly all suppliers have access. This basic level of electronic supplier connectivity can provide some benefits, but for higher volume suppliers the more advanced data interface methods of CSV or XML formats are recommended.

Electronic Data Interchange (EDI)

Electronic Data Interchange (EDI) is a form of electronic commerce that supports computer to computer communications. EDI systems communicate via the transfer of files in a standard format between trading partners using secure electronic communication links. EDI provides high speed electronic communication but requires a significant investment and technological capability.

EDI Electronic Data Interchange is a form of electronic commerce that supports computer to computer communications

Some organisations are now replacing their EDI communication links with newer, cheaper internet-based systems.

---

Contact for information on this page: ICT Procurement

---

Back to top