Session 5: Standards in eProcurement

1. E-Procurement for Improving Governance A World Bank live e-learning event addressing the design and implementation of e-procurement infrastructure Session 5: Standards in eProcurement

2. Topics Standards in eProcurement • In this session, you will review: • Context for eProcurement Business Model Standards Decisions • The general case for standards • The specific case for standards within eProcurement • Standards to consider for different phases of eProcurement • Reality check on standards adoption • Recommendations to consider. Select Next to continue

3. Private Sector Systems Budgeting Bid/Proposal Preparation Financial management Indent management Catalog management Contract management Order management Asset management Invoicing Functional Scope of an eProcurement System Processing Center Public Sector Systems Transaction Facilities System integration/ Collaboration E-Catalog Purchasing E-Reverse Auction E-Tendering Buyer/Seller Support Facilities Publication / Search / Disclosure Facilities Select Next to continue

4. WHY STANDARDS? Why do we Need Standards? Prevent failures Increase efficiency of complex operations Introduce order and predictability in electronic exchanges Reduce risk Increase trust Select Next to continue

5. Enhance B2G/G2G connectivity and interoperability Generate trust in electronic experience Enhance competition and inclusion Enhance efficiency and flexibility of public procurement function Enhance cooperation and transparency Facilitate evolution and innovation Increase return, reliability of investments Avoid vendor lock-in How standards can help eProcurement How Standards can help eProcurement Systems Select Next to continue

6. Standards for eProcurement System Specification/Construction Architecture (SOA,WOA ) Quality (CMM) Development Methodology (UML, RUP) Workflow (BPMN, UMM, BPSS) Networking (TCP/IP) Select Next to continue

7. Key Standards for Disclosure Facilities Identification (UN-SPSC, GPC, CPV, eCl@ss ) eProcurement SystemDisclosure Model legislation (UNCITRAL, EC Directives 2004/17/EC and 2004/18/EC ) Laws/Regulations Business opportunities Formatting(ODF, PDF, OOXML) Bidding documents Contract awards Select Next to continue

8. Standards for eProcurement System Support Facilities eProcurement System: User Support Facilities Communication(SMTP/Imap) Identification (UN-SPSC, GPC, CPV, eCl@ss ) Supplier registration & alerts Reference prices Research support Electronic payments ePayments (SET, IFX, ISO 2022..) Supplier Registry Registration (DUNS) Select Next to continue

9. Standards for eProcurement System Data Centers Site security (RFC 2196) IT Service Management (ISO/IEC 20000) Network security (ISO/IEC 18028-1 ) Computer security ISO/IEC 15408 Reliability (HTTP-R) Directory Service (LDAP, DSML) eProcurement Data Processing Center Select Next to continue

10. Standards for eProcurement Transaction Systems Information security management (ISO/IEC 27001) System integration/ Collaboration Facilities Information Security Controls (ISO 17999) E-Catalog Purchasing Reliability (WSR) E-Reverse Auctions Information Security Testing (OSSTMM) E-Tendering Select Next to continue

11. Key Standards for e-Reverse Auctions E-Reverse Auction Facilities Communication (Imap) Select Next to continue

12. Standards for eProcurement Phase IIa – eTendering Systems Authentication (X509, XML DSig, XKMS) Traceability (ISO 13335 ) Encryption (SSL, XML Encryp) Select Next to continue

13. Standards for eProcurement Phase IIb – eCatalog Purchasing Systems Publication (UDDI) Interoperability (WSDL, BPEL) Reliability (HTTP-R, WS-R) Documentation(UBL, C-CATALOG) Secure Access (SAML, XACML) Messaging (SOAP) Select Next to continue

14. Standards for System Integration/Collaboration Facilities (Phases III and IV) Interpretation (DSDL, Relax NG) Web Services (WS*) Interoperability/Collaboration(ebXML, WS-I Profiles, WSCI, BPEL) Private Sector Systems Public Sector Systems Registration of Services (UDDI) Provisioning(SPML) EGP System Web Security (WS Security, SAML, XACML) Select Next to continue

15. Mandated already by many governments (India, UK, Canada, EU, Phil, Brazil…) and recommended by most. Embraced in varying degrees by large vendors (IBM, HP, Oracle…) Adoption of Open Standards is: Open Standards • However, from 2006 MDB survey of eProcurement systems in 14 leading countries*… • No one allows ODF documents. • Only 6 use UNSPSC. • Only 4 use XML, and only one uses ebXML for interoperable electronic business • Only 4 use SOAP, 3 use UDDI, only 1 uses WSDL and none use BPEL, WS-Security, WSCI • However, most use digital certificates and asymmetrical encription for authentication. *Argentina, Australia (State of New South Wales), Brazil, Chile, Finland, Hong Kong, India (Indian Railways), Italy, Mexico, Norway, Romania, Singapore, South Korea, The Philippines Select Next to continue

16. Summary / Recommendations Recommendations to Consider • Adopt an open standards policy for all eProcurement- related work. Refer to standards by name (“or substantially equivalent”) in SRSs and SLAs. • Investigate and if possible adopt ebXML family of standards (ISO 15000) for all eProcurement-related work. • Adopt SOA and Web services as the architectural standards for eProcurement. • Adopt a business process modeling standard (BPMN or UMM) and use to document functional requirements of eProcurement systems, even if procuring a COTS solution. It will serve well in acceptance testing and in avoiding vendor lock-in. Select Next to continue

17. Summary / Recommendations Recommendations to Consider • Reserve Digital signatures and PKI for strong authentication and signing of legally-enforceable documents. For other purposes, experiment first with simpler methods (encryption, two-factor authentication). • Assign a person to watch and recommend standards. This may be done centrally for whole government. • Consider OSS products as they often implement and promote open standards. • Strongly consider adopting international classification/description standards (UN SPSC, CPV, GTIN or similar) instead of a home-grown alternative. Select Next to continue