Ref. No. : NIC(DOC-Sec.Aud)-2022-1 Date : 01.11.

2022

To,

Mr.

DDDD

Department of Commerce

Ministry of Commerce

Subject: Regarding Appointing Auditor for Security Audit of Software Inhouse Developed/3 rd Party
in the Department of Commerce

Dear Sir,

Commerce Informatics Division of NIC is involved in design, development, implementation and

maintenance of various trade related applications/ systems/databases and eGovernance
applications and websites of Department of Commerce which includes: -

1. Trade database systems:

a) India’s Monthly Trade based Harmonized Classification for Commodities (MEIDB)
b) Export – Import Data Bank (EIDB)
c) Monthly Foreign Trade Statistics of India for Principal Commodities and Countries (FTSPCC)
d) System for Foreign Trade Performance Analysis (FTPA)
e) India's Trade at a Glance.

2. e-Governance systems:
a) VIP Reference Monitoring System
b) Conference Room Booking System (CRBS)
c) Equipment Complaint System (ECS)
d) Electronic Requisition System for Stationery Items (ERSSI)
e) Uploading OM/Office Orders/Notices/ Circulars
f) Pre-Budget Proposals Compilation System etc

These systems have been developed over a period of time by NIC resources internally in old
technology. These Application are currently running on Local Server located in Vanijya Bhawan
Intracommerce which has become obsolete. Thus, all the applications have be shifted to cloud for
further operation. There was need to redevelop all these applications in current technology
environment and get them security audited to obtain clearance certificate for hosting on cloud as it
is mandatory as per CERT-in. So far following applications are already redeveloped using outsourced
manpower hired by DoC under the guidance of NIC officers: -

1. India’s Monthly Trade based Harmonized Classification for Commodities (MEIDB)

2. Export – Import Data Bank (EIDB)
3. System for Foreign Trade Performance Analysis (FTPA)
4. Conference Room Booking System (CRBS)
In addition to that following New projects had been developed on request of the Department:

1. PMO Reference Monitoring System

2. Portal for Online Application Submission and Monitoring for Recruitment of Young
Professionals for the Department of Commerce
3. Schemes Monitoring Systems of Department of Commerce
4. Intranet Portal of Department of Commerce

In view of the above, we have to obtain cyber security audit clearance certificate of above 8
developed applications, 7 underdeveloped and to be developed time to time on the request by
Departments, it is proposed that the Department may appoint a Cyber Security Auditor for getting
3rd Party Security Audit Clearance Certificate of all the applications developed in the Department.

With regards,

Yours Sincerely,

(Mohammad Saleemuddin Khan)

Technical Director