7 security features when registering on the Central Supplier database
At the moment the hottest topic in the South African tender environment is the Central Supplier Database (CSD). If you want to do business with the South African Government in the near future you will have to register.
Once you start working on the Central Supplier Database it is noticeable how many security features there are. The database starts of by requesting you to supply a very complicated password. The password must inter alia contain capital letters, numbers as well as special characters. There are a number of other security features but the CSD website list the following seven features that secure identity proofing:
- When registering on the CSD, not only is the email address confirmed but also a One Time Pin (OTP) sent as an SMS to the cell phone number provided when registering. This is called an 'Out of Band' method of adding an additional layer of identity proofing.
- When a new bank account is added or any existing bank accounts edited, an OTP will be sent to the supplier's preferred contact as well as an e-mail notification confirming that changes were made to the supplier's banking information. Email notifications are also sent when changes are submitted. Both of these are implemented to protect the supplier against malicious practices.
- The use of a CAPTHA functionality limits robots and crawlers to access certain areas of the CSD application.
- The CSD furthermore implemented role based access control per user per supplier and thus only the supplier's user(s) have access to the supplier information. The CSD does not have an administrative module and thus no single user can be a CSD administrator and access supplier information using the application.
- All passwords are encrypted on the CSD database. Any additional users the main user creates will only have secondary privileges, meaning they will not be able to create other users. This ensures that control remains with the main user.
- The communication channel between the CSD servers and the client's browser implements SSL security which means thas communication is encrypted and various other additional technical aspects have been implemented to limit other security breaches such as hacking and spam.
- The Supplier Summary Registration report can only be accessed by other users if you decide to share both your supplier number and security code with them.
As you can see the security is comprehensive and complext. Ensure that you are well prepared with all the necessary required info when you start the registering process.
Learn to earn