Skip to content

Information Security and Confidentiality

Information Security and Confidentiality :

Considering the sensitivity of data in GST system, there is a great focus on information security aspects of the system i.e. Confidentiality, Integrity, Availability and nonrepudiation etc. There are many key components included in the Information security Architecture of the system:

a) Core GST System will not be directly exposed to internet

b) Multi-layered security architecture with some best of the breed technologies & products – DDoS, Network & Application Firewalls, NIPS, HIPS, Anti-APT, dedicated Encryption devices, DB encryption, SIEM, IDEM and PIM solutions

c) Access to GST system through Secured tunnel & will have additional layer of control through Two Factor Authentication (2FA) e.g. OTP for critical transactions

d) Any data transfer from GST System to State system / other system to be done in encrypted format

e) Real-time collection & monitoring of System logs

f) Periodic Vulnerability Assessment, Penetration Testing, security and other audits through third party auditors

g) Certification done against key well-regarded and popular standards e.g. ISO 27001, ISO 20000, ISO 22301

In the GST system being developed by GSTN the requirements of confidentiality and security are being addressed by classifying information in the following four categories

Level Description Examples
Level 1

(Public)

 Information that is available to all GST system users without any restrictions (i) GST web public content

 

(ii) GSTIN, Status, Name
Level 2

(Internal)

 Information is available to only a sub-set of internal users from GSTN & SP (i) Configuration parameters

(ii) Rules

(iii) Application Logs etc.
Level 3

(Confidential)

 Level 2 restrictions plus Information is sensitive needs to be protected through Encryption or through other data masking techniques (i) Sensitive data and personal information (Bank account details, PAN, Aadhaar number)

 

(ii) Personal information such as Mobile number, Address, Email id

 

(iii) Invoice data, Tax returns details, Ledger entries
Level 4

(Secret)

 Information that

available to only very few

(1 or 2) users.

 (i) Passwords

 

(ii) Digital signature, Encryption keys

 

 

(iii) Highly confidential Govt communication

 

 

GST-Goods and Service Tax | Raunak Jain |

Leave a Reply