The appropriate Government may specify different types of special stationery, with accompanying security features for forms, applications, licenses, permits, certificates, receipts of payment and such other documents as part of Electronic Service Delivery.
IT Rules 2011: Electronic Service Delivery Guidelines
Rule 8: Audit of the Information System and Accounts of service provider and authorised agents
(1)The appropriate Government may cause an audit to be conducted of the affairs of the service providers and authorised agents in the State at such intervals as deemed necessary by nominating such audit agencies.
(2) The audit may cover aspects such as the security, confidentiality and the privacy of information, the functionality and performance of any software application used in the electronic service delivery and the accuracy of accounts kept by the service providers and authorised agents.
(3) The service providers and the authorised agents shall provide such information and assistance to the audit agencies nominated by the appropriate authority, to comply, with the directions given by the audit agencies and to rectify the defects and deficiencies pointed out by the audit agencies within the time limit specified by the audit agency.
(4) All service providers and the authorised agents shall submit a due declaration for protecting the data of every individual transaction and citizen and any unauthorised disclosure to anyone without the written consent of either the individual or the appropriate Government shall be debarred from providing such a service any further and the provisions of section 45 of the Act shall be applicable in such cases.
Rule 7: Responsibility of service provider and authorised agents for financial management and accounting
The appropriate Government may direct every service provider and authorised agent to keep an updated and accurate account of the transactions, receipts, vouchers and specify the formats for maintaining accounts of transactions and receipt of payment in respect of the electronic services delivered and the said records shall be produced for inspection and audit before an agency or person nominated by the appropriate Government.
Rule 6: Procedure for making changes in a repository of electronically signed electronic records
(1) The appropriate Government may either suo moto or after receiving an application from an interested party, make or order to make an appropriate change in a repository of electronically signed electronic records along with recording the reasons for making such a change.
(2) Any change effected to any record in a repository of electronically signed electronic records and any addition or deletion of a record from such repository shall be electronically signed by the person who is authorised to make such changes along with the time stamps of original creation and modification times.
(3) The appropriate Government may determine the manner of electronically signing the event of deletion of a record from the repository of electronically signed electronic records.
(4) The appropriate Government may also determine the manner of provisioning secure access to the repository of digitally signed electronic records.
(5) The appropriate Government may also determine the requirements for maintaining audit trails of all changes made to repository of digitally signed electronic records.
Rule 5: Creation of repository of electronically signed electronic records by Government Authorities
(1) All authorities that issue any license, permit, certificate, sanction or approval electronically, shall create, archive and maintain a repository of electronically signed electronic records of such licenses, permits, certificates, sanctions or approvals, as the case may be, online with due timestamps of creation of these individual electronic records.
(2) The appropriate Government may specify the manner of creating, establishing, archiving and maintaining the repository of electronically signed electronic records referred to in sub-rule (1).
(3) The authorities may electronically sign the electronic records of such licenses, permits, certificates, sanctions or approvals for each record or as a whole for a specific duration and shall be responsible in administering them online.
(4) The appropriate Government may specify the security procedures in respect of the electronic data, information, applications, repository of digitally signed electronic records and information technology assets under their respective control and that security procedures shall be followed by the Head of the Department and the signing authorities.
Explanation.- The expression “security procedures” referred to in sub-rule (4) shall include requirements for the storage and management of cryptographic keys, restrictions for downloading the certificates on to browsers, and of complying with the requirements of certifying authorities.