RTI Telangana website not working; information flow takes a hit

Hyderabad: For the last few months, the RTI Telangana website has been down due to a delay in obtaining a Security Audit Certificate (SAC).

An RTI reply filed by city-based activist Kareem Ansari revealed that due to the time taken to obtain a Security Audit Certificate (SAC), the website is not working.

Every web application requires a Security Audit Certificate (SAC) before granting public access as per the SDC Policy.

Giving details, the ITE&C department said that an RTI web application must undergo an annual Security Audit conducted by a third-party agency. During this audit, the agency identifies potential vulnerabilities in the application.

Addressing the identified vulnerabilities is an essential step to ensure that the web application remains secure and its integrity is maintained. If these vulnerabilities are not properly addressed, the application may be at risk of being exploited by attackers, which could lead to data breaches, service disruptions, or other security incidents.

Once the identified vulnerabilities have been fixed, the third-party agency will complete the security audit and issue a SAC. This certificate serves as official proof that the web application meets the required security standards. With the SAC submitted, the website can now operate smoothly with public access, ensuring that it is protected against potential security threats.

The completion of this process not only fulfills regulatory requirements but also enhances the trust and confidence of users who interact with the web with the application. The officials also highlighted that SAC was the specific issue that caused the website to be down.

Disclosing the details of obstacles that are hindering the process of getting the website back up and running, the officials said that during the Security Audit Process, the third-party agency identifies vulnerabilities, and the vendor responsible for the web application may require additional time to address and fix these issues.

This delay is a necessary part of the process to ensure that all security concerns are thoroughly resolved before the application can be certified as secure. The time taken by the vendor to fix the vulnerabilities is crucial to prevent any potential security breaches. After this, the third-party agency will issue the Security Audit Certificate, allowing the web application to be granted or continue with public access.

Regarding specific actions that need to be taken to restore the website, the officials said that restoring a website after a security audit involves several steps, particularly when vulnerabilities have been identified and need to be addressed. Below are the specific actions to restore the website and ensure its secure operation:

i. Fixing identified vulnerabilities

ii. Re-testing and verification

iii. Obtaining the SAC

iv. Restoring public access implementing ongoing security

v. Implementing ongoing security measures

vi. Document the process.

By following these steps, the website can be securely restored and maintained, minimizing the risk of future security incidents, the officials added.