This article describes a requirement that has emerged amongst PostRFP's clients working in the public (government) sector. A solution to meet this requirement is proposed.
If this requirement applies to your business, or if you have a special interest in this field, please feel free to add a comment - the proposal will be amended as appropriate.
Enable privileged users in a Buyer organization to “lock” and “unlock” a Project such that non-privileged users cannot view respondent’s answers when the Project is “locked”.
Before the internet, buyers would receive tender (RFP) submissions by post. Not all submissions would be received at the same time. Therefore there would be a risk that sensitive information (e.g. price quotes) could be passed back to bidders that had yet to submit their bid, granting them an unfair advantage. These concerns are especially strong in government institutions where public money is being spent.
To mitigate this risk the following steps have been widely adopted:
- Bid envelopes would not be opened until after the deadline for submissions had passed.
- Only one privileged individual in the buyer organization would be permitted to open bids.
- The time and date of bid opening would be logged in a register and witnessed
PostRFP Current Implementation
PostRFP already supports the first step outlined above. A “Project” in PostRFP has a setting - “Hide Responses until Deadline”. This setting causes bidders' responses to be hidden until after the Project's deadline for submissions has passed.
Step 3 - recording the date and time of “opening” (unlocking) is easily implemented via standard audit event logging.
The challenge is to map step 2 to an online environment.
PostRFP Proposed Implementation
A new property will be added to a Project : “locked” true or false (default: false).
System logic will be changed so that Respondent’s answers are not visible if the Project is locked.
Locking the Project
Any user with “Create Project” permissions will be able to “Lock” a Project. This would typically be done when a Project is created.
Unlocking the Project
A new permission “Can Unlock Project” will be introduced. This permission will exist only in a new Role - “Contract Manager” (not in “Administrator”).
- Only users with “Can Unlock Project” permission will be able to unlock a Project
- When a project is unlocked an audit event will be created
We aim to complete discussion of this proposal by Tuesday 17th March and to implement it on live servers by the beginning of April