Security features when registering on the Central Supplier database
By Werner van Rooyen, Director of HowToTender (Pty) Ltd which specializes in tender consulting and tender training.
One of the hottest topics in the South African tender environment is the Central Supplier Database (CSD). If you want to do business with the South African Government, you must be registered on the Central supplier Database.
Once you start registering on the Central Supplier Database (CSD) it is noticeable how many security features there are. The database starts of by requesting you to supply a very high-level password. The password must inter alia contain capital letters, numbers as well as special characters. There are numerous other security features but the CSD website list the following seven features that address identity proofing:
- When registering on the CSD, not only is the email address confirmed but also a One Time Pin (OTP) sent as an SMS to the cell phone number provided when registering. This is called an 'Out of Band' method of adding an additional layer of identity proofing.
- When a new bank account is added or any existing bank accounts edited, an OTP will be sent to the supplier's preferred contact as well as a notification e-mail informing the preferred contact that changes were made to the supplier's banking information. Email notifications are also sent when changes are submitted. Both are implemented to endeavour to protect the supplier against malicious practices.
- The use of a CAPTHA functionality limit robots and crawlers to access certain areas of the CSD application.
- The CSD furthermore implemented role-based access control per user per supplier and thus only the supplier's user(s) have access to the supplier information. The CSD does not have an administrative module and thus no single user can be a CSD administrator and access supplier information using the application.
- All passwords are encrypted on the CSD database. Any additional users the main user creates only have secondary privileges which means those additional users are not able to create other users which ensures that control remains with the main user.
- The communication channel between the CSD servers and the client's browser implements SSL security which means the communication is encrypted and various other additional technical aspects have been implemented to limit other security breaches such as hacking.
- The Supplier Summary Registration report can only be accessed by other users if you decide to share both your supplier number and security code with them.
As one can see the security is comprehensive. Ensure that you are well prepared when you start the registering process.
To learn more about this and many other tender conditions attend our “Become a Tender Expert” 2-Day workshops presented in Johannesburg, Pretoria, Durban, Port Elizabeth, and Cape Town. Book and pay online at https://howtotender.co.za/tender-expert-form/
Contact us at wernervr@howtotender.co.za should you require more information.
You can also purchase a Tender Manual (Handbook) on our website https://howtotender.co.za/ which is a step by step guide how to respond to a South African Tender. It includes examples of completed SBD forms.
