1. Introduction
This document aims to define the practices used in the operation and management of ComprasPT public e-procurement platform.
2. Practices Statement
2.1. The principles described in the legislation in force are respected, namely:
- Non-discrimination, free access, interoperability, compatibility, confidentiality, integrity, non-repudiation, availability and security, as well as other related principles.
2.2. The rules and legal dispositions introduced by the Public Contracts Code (PCC) and the applicable ancillary legislation are strictly complied.
2.3. It is ensured all technical and support conditions necessary for the operation of electronic formalities related to the public procurement procedures of any contracting instruments or procedure defined by the Public Contracts Code (PCC).
2.4. The platform does not act as an autonomous entity in the public procurement procedures.
2.5. As far as technical terms and the compliance of the synchronisation rules needed to the transfer of the required data are concerned, interconnection is assured with:
- Public Procurement Portal, named “Portal dos Contratos Públicos”;
- Portuguese electronic official journal, named “Diário da República Eletrónico”, through a protocol with the Portuguese Mint and Official Printing Office “Imprensa Nacional-Casa da Moeda, S.A. (INCM)”.
2.6. The user interface is totally available in English at www.compraspt.com. Additionally, it is also possible to access and visualise the content of the electronic platform in Portuguese. It is also provided the following information:
- Technical support contacts;
- Technical requirements;
- Guides for solving problems (frequently asked questions, technical requirements, warnings, among others that are appropriate).
2.7. The platform provides activity reports when requested by the contracting entity.
2.8. All the information that composes a proposal, an application or a solution is encrypted at the prior moment of loading to the platform.
2.9. The rules for codification are complied in accordance with the legislation in force.
2.10. Proposals codification is created automatically by the electronic platform:
- The electronic platform provides a computer application that allows the interested parties to encrypt and locally affix an electronic signature to proposal files, on their own computer, at the time of loading;
- When the interested parties upload a proposal file on the electronic platform, it shall be already encrypted and signed using a qualified electronic signature.
2.11. The automatic notifications are sent:
- Directly through an area specifically created for this purpose on the electronic platform;
- Through electronic mail. ComprasPT is not responsible for the non-receipt notifications sent through an external electronic mail.
2.12. In order to fulfill the principles of the legislation currently in force, it is ensured the strong authentication of users through Qualified Digital Certificates, or the authentication through the use of a Digital Certificate:
- Any and all access to the platform is carried out through the use of a digital certificate;
- Authentication certificates issued by ComprasPT, Multicert, DigitalSign, GTS - Global Trusted Sign, CEGER, and Citizen Card are recognised. In addition, and after validation, any other that may be included in the document of the Portuguese National Security Authority, “Autoridade Credenciadora Nacional”: “List of Trusted List information as notified by Member States”;
- Validation mechanism of users' certificates is based on the corresponding certificate and its certification chain.
2.13. As the electronic signature is granted, the requirements established in the legislation in force are complied:
- All documents are submitted on the electronic platform through the use of qualified electronic signature certificates (digital certificates issued by a certifying body of the Portuguese State Electronic Certification System (ECEE), “Sistema de Certificação Eletrónica do Estado (SCEE)”);
- The consultation of digital signatures details can be carried out directly in ComprasPT platform. Mechanisms, which in real time make it possible to ascertain the integrity and validity of digital signatures, are also available;
- All documents uploaded on the electronic platform, as well as all communications, are digitally signed.
2.14. The chronological validation is granted, thereby meeting the requirements established in the legislation in force:
- A timestamp is affixed to all transactions subject to deadlines in order to ensure the date of their completion. The consultation of the details of timestamps issued can be carried out directly on ComprasPT platform. Mechanisms, which in real time allow to verify the integrity and validity of timestamps issued, are also available;
- Pursuant to paragraph 5 of Order no. 10563/2014, the acceptance of chronological validation certificates from entities registered in the TSL of the National Safety Agency is advertised on the central page www.compraspt.com and at the time of use, on the electronic platform.
2.15. The encryption and decryption are granted, thereby meeting the requirements established in the legislation in force:
- All the information that composes the proposals, applications or solutions is encrypted directly on the economic operator’s computer in the moment before uploading this information to ComprasPT platform;
- The documents loaded on platforms are encrypted through the use of asymmetric encryption based on the use of key exchange;
- The interested parties encrypt their documents with the public key of the certificate referred in the previous number.
2.16. All accesses, as well as all transactions made by platform users, are recorded in an audit file. Audit files are digitally signed, and a temporary seal is affixed to it as a guarantee of its authenticity, integrity and date of creation. These audit files are also intended for the digital preservation provided for in the legislation in force and, as such, they may be used in any dispute situation in the service of economic operators and contracting authorities.
2.17. The platform provides technologies that allow to perform technical and compliance audits.
2.18. The platform appoints a security auditor accredited by the National Security Office to carry out its activity.
2.19. The security auditor referred in the preceding paragraph shall draw up a compliance document attesting the compliance of the electronic platform with the norms of this gate. The compliance document includes the description of tasks and the identification of technical human resources profiles that operate platforms, the detailed technical description of the systems and architectures of the electronic platform and a safety report attesting the conformity of the platform.
2.20. For the purpose of maintaining the platform in the exercise of the activity, the safety auditor prepares an annual safety report, which shall be sent to the supervisory entity by March 31 of each calendar year.
2.21. In case of denunciation or termination of the electronic platform service agreement, the managing entity of ComprasPT platform ensures the delivery of the information. All elements related to public procurement procedures, either completed or in progress, as well as all audit files, are transferred for the purpose of custody to the respective contracting entity(ies), ensuring the access conditions and documents reading and other information.
2.22. Regarding digital preservation and archiving, the platform assures the procedures currently in force, being available to implement new practices that may be determined in the future by the competent entities.
2.23. Audit files are daily organised and compiled, digitally signed with the affixing of a timestamp, as a way to ensure their authenticity, integrity and date of creation. These files ensure the digital preservation provided for in the legislation in force.
PDF version, here.
