1 Certificados Digitais de Autenticação
1.1 What is a Digital Certificate?
A Digital Certificate is the electronic means used to unequivocally identify a person on a platform or digital system. Its closest counterparts are an identity card (BI) or legal entity/tax registration number (NIPC) currently used to identify individuals and entities, respectively.
Digital Certificates are specified by an international standard (ITU-T x.509 v3) indicating the format and rules that must be used in their issue and management.
1.2 What are the main functions of a Digital Certificate?
The Digital Certificate's main functions are electronic identification (replacing the identity card or other identification document), signing (replacing signatures in documents) and encryption (to protect confidential information). Digital Certificates incorporate a series of functions to replace paper resources currently used to ensure the authenticity of electronic processes.
1.3 What does a Digital Certificate contain?
A Digital Certificate has 3 main parts: the personal data of its bearer, a private cryptographic key and a public cryptographic key, uniquely tied to the private key.
All Digital Certificates are signed electronically by a Certification Entity, ensuring that these 3 parts belong uniquely and exclusively to the person to whom the certificate relates.
1.4 What is a Certification Entity?
A Certification Entity is an entity that issues Digital Certificates and ensure that they belong to the person who was accredited during the issue process. The Certification Entity is responsible for ensuring the authenticity of the information shown in each certificate.
1.5 Why can a Digital Certificate be accepted as a reliable means of identifying a person?
Decree Law no. 290-D/99 and Decree Law no. 62/2003 govern the use of Digital Certificates via electronic signatures, thus providing probative value to documents signed by these means. In this way, all documents or processes signed electronically are legally valid, and may be used in the same way as a document signed on paper.
1.6 I have been using the platform for some time with just a username and password. Why am I now being asked for a Digital Authentication Certificate?
Decree Order 701-G/2008 of 29 July 2008, establishing the mandatory use of digital certificates for authentication, entered into force on 1 January 2009.
|
Decree Order 701-G/2008
Article 26: Authentication of user identity
1. All users must be identified on electronic platforms through the use of digital certificates.
2. For authentication purposes, users may employ their own digital certificates or certificates provided by the electronic platforms.
4. Electronic platforms will be equipped to provide exclusive user access to the platforms through strong authentication based on the use of digital certificates. |
In other words, as from 1 January 2009, strong authentication became mandatory to access electronic public contracting platforms.
1.7 I am an econstroi customer. Will I need digital certificates to continue to use the platform?
Yes, if you wish to access information on public contracting in your private area. If you only wish to access information on private markets, digital certificates are not required to authenticate and sign documents.
1.8 What are the features of the Vortal Digital Authentication Certificate?
PIn order to access public contracting information in their private area at Vortal’s electronic contracting platforms, users must authenticate themselves at the platform with a Vortal digital authentication certificate.
Vortal digital authentication certificates are advanced certificates with the following features:
1. User accreditation: Vortal uses the request process for Vortal digital certificates to accredit its users, thus ensuring that each user’s identification data is correct.
2. Non-transferability: Every digital certificate issued by Vortal is individual and non-transferable.
3. Exemption from charge: Digital certificates issued by Vortal are free with the proper completion of the request form.
4. Standard: Vortal digital certificates are issued in accordance with standard ITU-T x.509 v3 (international standard specifying the technical requirements of a digital certificate).
With these combined features, Vortal has made it mandatory for all users of its platforms to have a Vortal digital authentication certificate.
1.9 How can I get my Digital Authentication Certificate?
Vortal digital authentication certificates can be obtained directly via Vortal’s electronic contracting platforms.
You may request one in the following ways:
• Existing Vortal customers:
o Through the login with authentication window, by choosing the “Request Certificate” option and properly completing the form.
oThrough your user maintenance area, by selecting the "certification – request Vortal digital authentication certificate" menu and properly completing the form. • New Vortal customers:
o The Universal Access sign-up process includes a Vortal digital authentication certificate request for the entity’s first user.
o Other users may request digital certificates using the process described above for platform users. Vortal digital authentication certificates will be issued at no charge within 5 to 10 business days of receiving the properly completed and signed request form.
Vortal will allow users to access information with simple authentication until 31 January 2009. However, as from 1 February 2009, strong authentication with a digital certificate will be mandatory.
1.10 How does the Vortal Digital Certificate creation process work?
The entire process of creating cryptographic keys and certificates is done at the applicant’s computer. At no time does Vortal have access to the private components of your certificate.
During the certificate creation process, a digital certificate requisition is generated and sent to Vortal. Through this requisition, Vortal subsequently validates the entity and user data.
Following validation of the data and accreditation of the user and entity, Vortal, through its certification entity, signs the digital certificate requisition, which is made available on Vortal’s electronic platforms for subsequent installation.
1.11 Now that I have a Vortal Digital Authentication Certificate, can I use it in other applications?
Although Vortal Digital Certificates are compatible with all processes using the same standard (X.509 v3), Vortal issues them solely and exclusively to authenticate the users of its electronic platforms, with no support for any other uses.
1.12 I already have a Vortal digital authentication certificate. Do I need any other certificates?
Vortal maintains a high degree of care with its customers’ information. The user accreditation and digital certificate issue processes are carried out according to the highest international standards to ensure maximum security for the users of its platforms, in keeping with Vortal’s ISO27001 information security certification.
However, the entry into force of Decree Order 701-G/2008 imposes specific rules for the signing of procedures, applications, proposals and solutions.
Since Vortal is not a qualified certification entity, the advanced digital certificates it issues are only valid on Vortal’s platforms for the purposes of authenticating and encrypting documents.
Therefore, if your platform activities will involve signing procedures or proposals, you will need to obtain a qualified certificate If you will not be performing any of these proposal signature approval activities, you will only need to obtain a Vortal digital authentication certificate.
1.13 How many Vortal Digital Certificates can my entity have?
Users, not entities, have associated digital certificates. Therefore, users of the platform must have at least one certificate to authenticate themselves on the platform.
The only limitation imposed by Vortal is that the first digital authentication certificate issued for your entity must be issued by Vortal. From this moment, each user is given a Certificate Management area, where they may associate other digital authentication certificates on Vortal’s platforms.
1.14 What care should be taken with my Vortal Digital Certificate?
Each user must take on the responsibilities and care inherent to digital certificates, in accordance with the General Conditions for Issue and Use of Vortal Digital Certificates that are accepted when requesting them.
Vortal recommends that users make a backup copy of the certificate, at the end of the process, for use in other computers and to ensure that it is not lost while it remains valid.
If you encounter problems or have questions about any of these processes, Vortal has manuals to help you, which are available in your personal area. You can also contact our Customer Management team on business days from 9:00-19:00 GMT.
1.15 Can anyone else access my Vortal Digital Certificate?
In order to prevent access to your digital certificate by third parties, it is essential to remove it from any computer that may be shared with third parties.
It is important to remember that the Vortal Digital Certificate is used to authenticate you on Vortal's electronic platforms.
If someone accesses your Digital Certificate and obtains your password, they will be able to authenticate themselves on the platform in your name, and you will be responsible for all the acts performed by this person.
1.16 I have lost my Vortal digital certificate. What should I do now?
You should immediately cancel your certificate (this can be done online with the certification entity).
You should also request a new certificate to be able to continue to authenticate yourself on Vortal’s electronic platforms.
2 Qualified Digital Certificates
2.1 What is an electronic signature?
According to Decree Law 290-D/1999, an electronic signature is "the result of electronic data processing that may constitute an exclusive, individual right, and that may be used to recognise the authorship of an electronic document to which it is affixed, so that:
i) It unequivocally identifies the owner as the author of the document;
ii) Its affixation to the document depends solely on the owner’s will;
iii) Its connection to the document allows the detection of any and all subsequent changes to its content.
" The same law states that a digital certificate is an "electronic signature process based on an asymmetric cryptosystem comprised of an algorithm or series of algorithms, through which a pair of exclusive, interdependent asymmetric keys is generated (one private and one public), allowing the owner to use the private key to declare authorship of the electronic document to which the signature is affixed and agreement with its content, and allowing the recipient to use the public key to determine whether the signature was created using the corresponding private key, and whether the electronic document was changed after the signature was affixed."
2.2 How do electronic platforms guarantee security levels comparable with the traditional contracting process?
Traditional public contracting procedures follow a series of controls ensuring transparency in the purchasing process. The Public Contract Code requires that all of these controls be maintained on the platforms used by awarding entities, upholding the same guarantees of transparency needed in the traditional process.
These controls exist on Vortal’s electronic platforms to ensure even greater security than that imposed on the traditional process. Using timestamps and digital certificates, controls have been implemented to ensure that only the selection boards established by the awarding entity have access to proposals on the scheduled date and time.
2.3 I have a digital certificate issued by a Certification Entity from the Government Electronic Certification System. Do I need any other certificates?
Yes. You will need a Vortal digital authentication certificate for authentication purposes on Vortal’s platforms. If you wish, you can go to Certificate Management and associate your user with your digital certificate issued by a certification entity from the Government Electronic Certification System, and use this certificate to log in.
No other certificate is needed for signature purposes. Digital certificates issued by certification entities from the Government Electronic Certification System follow all of the requirements to be considered equivalent to a qualified digital certificate of representation.
2.4 I am already a Vortal customer. What do I need to do to obtain a Qualified Digital Certificate?
Vortal does not issue qualified digital certificates, since it is not accredited to do so. However, thanks to a partnership with the company DigitalSign, Vortal offers its users the means to obtain qualified digital certificates of representation through this company, under highly competitive terms.
To request your qualified digital certificate of representation from DigitalSign, go to “Certificates” – "Qualified Digital Certificates of Representation".
Since these special terms are only for Vortal customers, you must log in to the platform to request your certificate, then follow the instructions on the form.
2.5 What is the advantage of a qualified digital certificate of representation compared to an ordinary qualified digital certificate?
"Qualified Digital Certificates” are issued by an accredited certification entity, and provide proof of ownership of a natural person. A "Qualified Digital Certificate of Representation" is a qualified digital certificate, as described above, including information on the owner’s organisation/company and respective powers of representation.
The qualified digital certificate’s representation directly links the signatory to his/her position and authorisation to sign in the electronic contracting platform, eliminating the need for the bidder to submit an official electronic document, with the representative’s authorisation and signature, to the platform, pursuant to Article 27 (3) of Decree Order 701-G/2008.
2.6 What features are associated with the use of a qualified digital certificate of representation?
| Features associated with the qualified digital certificate of representation |
Qualified Digital Certificate of Representation |
Qualified Digital Certificate |
Vortal Digital Authentication Certificate |
| Qualified electronic signature ensuring document integrity |
 |
|
|
| Automatic legal recognition of electronic signature in Portugal and the entire European Community (Directive 1999/93/EC) |
|
|
|
| Fulfilment of legal requirements of the Public Contract Code for signing electronic documents (Articles 18 and 27 of Decree Order 701-G/2008) |
|
|
|
| Identification of a legal representative’s status |
|
|
|
| Signing and encryption of e-mails |
|
|
|
| Non-repudiation of documents, signatures and messages |
|
|
|
| Secure authentication in systems, including public tender platforms |
|
|
|
| Integration with multiple software platforms (X.509 V3 standard certificate format) |
|
|
|
| Strong protection with private key (Smart Card and EAL4+ certified tokens) |
|
|
|
| Secure, unequivocal electronic identification of a person |
|
|
|
| Storage of multiple certificates in a single card |
|
|
|
| Automatic recognition of the Digital Certificate by web browser |
|
|
|
2.7 Which certification entity issues qualified digital certificates of representation?
Qualified digital certificates of representation are issued by DigitalSign, in partnership with British Telecommunications plc, an accredited entity according to Directive 1999/93/EC more information.
- British Telecommunications plc (BT) is an accredited entity by entities in the United Kingdom through tScheme.
- The European Commission’s recognition of BT’s accreditation is available online at the Commission’s website:
- Article 4 of Directive 1999/93/EC of 13 December states:
Article 4
Internal market principles
1. Each Member State shall apply the national provisions which it adopts pursuant to this Directive to certification-service-providers established on its territory and to the services which they provide. Member States may not restrict the provision of certification-services originating in another Member State in the fields covered by this Directive.
2. Member States shall ensure that electronic-signature products which comply with this Directive are permitted to circulate freely in the internal market.
-
Article 38 of Decree Law 290-D/99 of 2 August, as amended by Decree Law 62/2003 of 3 April, which transposes to the national legal system Directive 1999/93/EC of the European Parliament and of the Council of 13 December, states:
Article 38
Certificates from other States1. Qualified electronic signatures certified by a certification entity accredited in another Member State of the European Union will be legally equivalent to qualified electronic signatures certified by a certification entity accredited pursuant to the terms of this law. 2. Qualified certificates issued by a certification entity which is subject to a supervision system in another Member State of the European Union will be legally equivalent to qualified certificates issued by a certification entity established in Portugal. 3 — Os certificados qualificados emitidos por entidades certificadoras estabelecidas em Estados terceiros são equiparados aos certificados qualificados emitidos por entidade certificadora estabelecida em Portugal desde que se verifique alguma das seguintes circunstâncias:
a) A entidade certificadora preencha os requisitos estabelecidos pela Directiva n.º 1999/93/CE, do Parlamento Europeu e do Conselho, de 13 de Dezembro, e tenha sido credenciada num Estado membro da União Europeia;
b) O certificado esteja garantido por uma entidade certificadora estabelecida na União Europeia que cumpra os requisitos estabelecidos na directiva referida na alínea anterior;
c) O certificado ou a entidade certificadora seja reconhecida com base num acordo internacional que vincule o Estado Português. 4 — A autoridade credenciadora divulgará, sempre que possível e pelos meios de publicidade que considerar adequados, e facultará aos interessados, a pedido, as informações de que dispuser acerca das entidades certificadoras credenciadas em Estados estrangeiros. 5 — É igualmente aplicável às entidades referidas nos n.os 1, 2 e 3 que exerçam actividade em Portugal a obrigação de registo a que se refere o n.º 2 do artigo 9.º, por forma a garantir a demonstração de que estas se encontram plenamente equiparadas às entidades certificadoras nos termos do presente decreto -lei. 6 — A obrigação de registo referida no número anterior é extensível às entidades nacionais que prestem serviços de certificação electrónica com recurso a certificados qualificados emitidos pelas entidades referidas nos n.os 1, 2 e 3.
-
Timestamps (chronological validation) are issued by Certipost, and are recognised by the Belgian authorities as qualified timestamps, valid under Directive 1999/93/EC throughout the entire European Union, pursuant to the same terms and conditions described above.
- http://www.mineco.fgov.be/information_society/e-signatures/list_e_signature_fr.pdf
|
2.8 What physical mediums exist to support qualified digital certificates?
Various approved physical mediums can support qualified digital certificates. The various options available (USB token or Smart Card, the latter requiring a USB reader, PCMCIA or ExpressCard) can be consulted at the vortalGOV platform’s user sign-up page, or at http://www.digitalsign.pt/.
2.9 What is the procedure for obtaining a qualified digital certificate of representation?
The procedure for obtaining a qualified digital certificate of representation is very simple:
1. At Vortal’s platforms, follow the qualified digital certificate subscription process at the "Qualified Digital Certificates of Representation", page under the “Certification” menu;
2. At the end of the process, print out the subscription form and pay using the “Multibanco” (ATM machine) reference provided;
3. The printed form must be signed and notarised (or equivalent);
4. The form and requested supporting documents should then be sent to:
DigitalSign – Certificadora Digital, Lda.
Largo Pe. Bernardino Ribeiro Fernandes, 26
4835-489 Nespereira – Guimarães 5. Once the properly completed documents have been received, with notarised signature and cleared payment, the certification entity will issue and send the certificate.
Any questions regarding the qualified digital certificate of representation request process should be sent directly to DigitalSign’s Customer Service Department via e-mail suporte@digitalsign.pt, fax (253 560 639) or telephone (253 560 650/1).
2.10 What is the deadline for issuing the certificate?
The minimum deadline for issuing the qualified digital certificate of representation is 2 business days (after the receipt of properly completed documents, with notarised signature and cleared payment).
Vortal estimates 5-10 business days from the time of requesting the certificate to receipt:
• 1-2 days to complete the certificate request form, sign/notarise the form and make payment
• 1-3 days to send the documents to DigitalSign
• 2 days for DigitalSign to verify the documents and issue the certificate (e-mail access codes to applicant and send certificate to the applicant's address)
• 1-3 days to receive and install the digital certificate
NOTE: The above time periods are only estimates. The longer the user takes to complete his/her tasks (notarisation of legal representation and sending documents to DigitalSign), the longer the certificate issue process will take.
DigitalSign will not be responsible for any delays when sending certificates to users, as this is the responsibility of the Portuguese Postal Services (CTT).
2.11 I already have a citizen’s card (cartão do cidadão). Do I need to obtain a qualified digital certificate of representation?
Current legislation (Decree Order 701-G/2008, Article 27) only requires that the digital certificate used to sign documents in electronic contracting platforms be a qualified digital certificate.
|
Decree Order 701-G/2008
Article 27: Electronic signatures
1. All documents uploaded to electronic platforms must be signed electronically using qualified electronic signature certificates.
2. For electronic signature purposes, the entities referred to in Article 26 (3) must use digital certificates issued by a certification entity from the Government Electronic Certification System.
3. When a digital certificate cannot directly link the signatory to his/her position and authorisation to sign, the interested entity must submit an official electronic document, with the representative’s authorisation and signature, to the platform. |
However, Article 27 (3) of Decree Order 701-G/2008 states that if the digital certificate cannot determine the signatory’s position and authorisation to sign, an official electronic document must also be attached, issued by an official entity or by the legal representatives of the entity in question, acknowledging the representative's power to sign documents on behalf of the entity, whenever a certificate is used under these conditions.
If you have a qualified digital certificate of representation, you will not need to attach any additional documents when you use it to sign documents on electronic platforms, since it already incorporates the user’s powers of representation. This feature of the qualified digital certificate of representation eliminates the risk of disqualifying the proposal due to the lack of official attached documentation, or due to errors in matching the signature to the official document authorising it, ultimately making it a lower-risk solution.
2.12 Can I use the qualified digital certificate on other electronic contracting platforms?
Yes. The qualified digital certificate furnished by DigitalSign (whose certification entity is British Telecom) can be used on any other electronic contracting platform, or for any other purpose associated with digital certificates.
2.13 How much does a qualified digital certificate of representation cost?
Vortal’s promotional agreement with DigitalSign offers subscriptions for qualified certificates, under highly competitive terms, for €125* (the current retail price is €145*, not including the PAC50 chronological validation package).
This price includes:
- Company and owner accreditation;
- Qualified digital certificate, including the first annual fee;
- Affidavit of signatory representation: directly links the signatory to his/her position and power to bind the company, eliminating the need to submit an official electronic document, with the representative’s authorisation and signature, to the platform for every procedure;
- Complimentary Smart Card reader, or package subscription discount for another physical medium;
- Complimentary PAC50 chronological validation package, valued at €40.
NOTE: This credit package is valid exclusively for use on Vortal’s electronic platforms until 31 March 2009, and includes the affixation of all timestamps required during this time.
* Plus VAT at the legal rate in force (20%).
2.14 Can I get better terms if I purchase the qualified digital certificate directly from DigitalSign?
No. Vortal and DigitalSign have concluded an agreement offering special terms to Vortal platform users. DigitalSign’s retail price for qualified digital certificates of representation is €100. In addition to the certificate, a Smart Card or other cryptographic device and Smart Card reader (retail price of €30) must be purchased. At DigitalSign, the cost of the digital certificate + Smart Card reader + chronological validation package is €170 (in the first year). The special price of €125 offers a 22% discount compared to DigitalSign’s retail price (48% with the chronological validation credit package, not included in DigitalSign’s retail price).
NOTE: The qualified digital certificate sold by DigitalSign for €75 is not a qualified digital certificate of representation, and does not include the cost of the Smart Card reader.
2.15 How often are payments due for qualified digital certificates of representation?
Subscriptions for qualified digital certificates of representation are annual. Every two years, the certificate’s owner and his/her status as a representative must be re-accredited.
Annual subscription fees for qualified digital certificates of representation cost €100.
2.16 I want to sign proposals submitted by a consortium of companies. What should I do?
Vortal recommends that all members of the consortium create a power of attorney authorising the consortium leader to sign proposals on the consortium’s behalf. This power of attorney should be attached to the proposal at the time of its submission, and the proposal should be signed on the platform by a user of the consortium leader authorised to represent the entity in question.
2.17 How many qualified digital certificates can my entity/company have?
Users, not entities, have associated digital certificates, and there is no limitation of any kind imposed by Vortal’s platforms. Typically, all users who sign documents and/or exchange messages with other economic operators at Vortal’s electronic contracting platforms should have access to a qualified digital certificate.
2.18 What care should be taken with my Qualified Digital Certificate?
The main care that should be taken with your digital certificate includes the following:
- If you lose your Smart Card or token, you should immediately cancel your certificate (this can be done online with the certification entity);
- Keep your PIN/PUK codes in a safe place: cryptographic devices are accessed via the PIN code, and several failed attempts may block access;
- Avoid formatting the card/token: since the certificate and corresponding cryptographic keys are generated and stored in the card/token, there is no backup copy (prohibited by law) – the formatting tools should only be used when your certificate has expired or been cancelled;
- Avoid physical damage to the digital certificate’s support medium: as explained earlier, the keys are unique, and any physical damage to the card/token may make it unusable.
The re-issue and replacement of certificates have associated fees.
2.19 Can anyone else access my Qualified Digital Certificate?
Qualified digital certificates are issued and stored in cryptographic devices (Smart Cards or tokens), and are thus protected (via a PIN code) against improper access and/or use.
Therefore, no additional care is needed if your PIN is kept secret and the card/token is in your possession at all times.
2.20 I have lost my qualified digital certificate. What should I do now?
You should immediately cancel your certificate (this can be done online with the certification entity, at http://www.digitalsign.pt/).
Signatures will only be legally invalid after the certificate cancellation request.
You should also request a new certificate to continue to work on Vortal’s electronic platforms.
2.21 How can I renew or cancel my Qualified Digital Certificate?
Renewals and cancellations can be done online with the certification entity, at http://www.digitalsign.pt/. In the case of renewals, you will receive an e-mail alert before your certificate expires.
3 Timestamps
3.1 What does the chronological validation service involve?
"Chronological validation" is a statement from a certification entity confirming the date and time of an electronic document’s creation, transmission or receipt.
Chronological validation is a requirement under current legislation.
|
Decree Order 701-G/2008
Article 28: Chronological validation
1. All documents uploaded to electronic platforms will be subject to the affixation of timestamps issued by a certification entity that provides chronological validation services.
2. All acts that, under the terms of the CCP, must be performed within a specific time period will be subject to the affixation of timestamps issued by a certification entity that provides chronological validation services.
3. Certification entities providing chronological validation services must comply with the provisions of legislation applicable to certification entities that issue qualified certificates.
4. Electronic platforms must save, and associate with their procedures, all timestamps originating from documents or transactions. |
To obtain this validation, the platform sends a cryptographic code to the certification entity, which returns digital proof (timestamp), duly signed, guaranteeing the legal date and time. The certification entity only has access to the cryptographic code, thus ensuring data confidentiality.
3.2 How do timestamps work?
A timestamp is a public mathematical process (modelled after the electronic signature) using digital certificates and a reliable third party (an entity outside of those submitting proposals and the awarding entity) that guarantees the date and time of a given action’s performance.
On electronic contracting platforms, it guarantees, among other things, the submission date of bidders’ proposals, and that proposals are only opened at the time determined by the selection board.
Vortal’s electronic public contracting platforms also provide a clock in users’ work areas, which displays real time at any given moment.
3.3 If the platform already has a chronological validation service, why do I need to use qualified third-party chronological validation?
According to Article 28 of Decree Order 701-G/2008, chronological validation must be done by a "certification entity that provides chronological validation services" in compliance with "the provisions of legislation applicable to certification entities that issue qualified certificates."
Since Vortal is not certified to issue qualified digital certificates and qualified chronological validation, these services must be performed by another entity certified to this end.
Vortal does comply with its portion of applicable legislation, i.e. saving timestamps affixed to the documents and transactions from which they originated.
3.4 Isn’t the use of electronic platforms free? Why do I have to pay for timestamps?
Vortal does ensure the free use of its electronic platform. However, in view of legal requirements associated with this activity, Vortal does not perform the chronological validation service, which is handled by another entity certified to this end.
3.5 At what times does the affixation of chronological validation occur in the platform?
According to Article 28 of Decree Order 701-G/2008, chronological validation must be affixed every time a bidder submits an application, solution or proposal, attaches a document or exchanges a message with the awarding entity (all acts that must be performed within a specific time period).
Similarly, chronological validation is also affixed every time an awarding entity publishes a procedure (or new version of a procedure) or exchanges a message with economic operators.
3.6 Which certification entity is responsible for the chronological validation service?
Chronological validation on Vortal’s electronic platforms is performed by Certipost, which is recognised by the Belgian authorities and the European Commission as an issuer of qualified timestamps, valid under Directive 1999/93/EC throughout the entire European Union.
3.7 How much does the chronological validation service cost?
The service is paid for according to the company’s (bidder’s) use of Vortal’s electronic contracting platforms, and is purchased as a chronological validation credit package.
The packages’ costs are as follows:
| Total package credits |
Package price |
Credit unit cost |
| PAC50: 50 credits |
60,00 € |
1,20 € |
| PAC120: 120 credits |
120,00 € |
1,00 € |
| PAC205: 205 credits |
180,00 € |
0,90 € |
Each type of procedure will have a variable number of timestamps (due to the existence of more or fewer proposals, documents, clarifications, amendments, etc.).
A "chronological validation credit" scheme has been created to facilitate the control of timestamp consumption on the vortalGOV platform. Chronological validation credits ensure that all the necessary timestamps are affixed for each type of procedure:
| Type of procedure |
Chronological validation credits used |
| Direct contracting |
1 |
| Public tender |
5 |
| Restricted tender with pre-qualification |
5 |
| Negotiation procedure |
5 |
| Competitive dialogue |
5 |
For example, whenever a bidder responds to direct contracting, 1 credit will be subtracted; whenever a bidder responds to a public tender, 5 credits will be subtracted, and so on.
Until 31 March 2009, as part of a promotional campaign, the chronological validation service will be complimentary for all Vortal customers. As from this date, entities using Vortal’s platforms must purchase chronological validation packages
3.8 How can I control the consumption of chronological validation credits?
Chronological validation credits are controlled by company/bidder. Whenever a chronological validation package is purchased, the corresponding number of credits will be added to the current account card available in users’ work areas.
Whenever a user from the company/bidder responds to a public procurement procedure, the corresponding number of credits will be subtracted. The current account card will itemise the procedures responded to and number of credits used.
3.9 Can I use my chronological validation credit package on other electronic contracting platforms?
Every electronic contracting platform must ensure that all transactions performed are affixed with a timestamp when required by law.
The affixation of timestamps does not depend on an explicit user action; rather, it is ensured by applications to avoid errors and bidder disqualification.
In this way, the chronological validation service is activated by the platform’s applications whenever a company/bidder has chronological validation credits for this purpose. These credits are managed at Vortal’s electronic platforms, and cannot be used for chronological validation on other platforms.
3.10 Can I choose the entity to furnish my timestamps?
Sim, é possível seleccionar o fornecedor de selos temporais entre a lista de fornecedores homologados pela Vortal.
3.11 I am an econstroi customer. Do I also have to purchase chronological validation credit packages?
You will only need to purchase these packages if you wish to respond to public procurement procedures. Chronological validation credit packages are not needed to operate in private markets.
4. What is ISO 27001 certification?
4.1 What is ISO 27001 certification?
ISO 27001 is an internationally recognised standard for information security management, based on continuous improvement and the PDCA (Plan, Do, Check, Act) administrative model. This methodology considers all security risks and incidents, corporate changes and business goals on an ongoing basis.
Certification in this standard demonstrates that organisations have a system for managing information protection, with mechanisms tailored to their needs and circumstances.
4.2 What is an Information Security Management System?
It is an integrated security control system that can be implemented in any organisation. The system consists of a set of protection mechanisms of a technological, procedural, structural and human nature.
It aims to ensure confidentiality, information integrity and business continuity, and to reduce the impact of potential security incidents.
In addition to ISO 27001, organisations pursuing certification should strive for conformity with a best practices guide comprised of 133 controls, divided into 11 domains, as laid out in ISO 27002. .
4.3 Who created ISO 27001?
Originally, the standard was created by a committee from the British Standards Institution (BSI), including representatives from various industrial and service sectors.
A number of countries such as Australia, Brazil, Germany, Norway, the United Kingdom and the United States have contributed to its latest versions. The ISO 27001 standard is harmonised with other standards such as ISO 9001, ISO 14001 and ISO 20000 (ITIL).
4.4 How are companies certified in ISO 27001?
The certification process is carried out through independent audits conducted by companies accredited to this end.
Additional information: IAF and EA
Accreditation Bodies: UKAS and IPAC
Certification Bodies: BSI, DNV, Bureau Veritas, TUV and SGS
4.5 Which companies have already been certified?
Currently more than 4,000 companies have been certified throughout the world, the majority in Japan, the United Kingdom and India. Some certified companies include Ericsson, Nextel and T-Systems in Spain, Telefónica, Unisys and CIP (Interbank Payments Chamber) in Brazil, as well as Vortal, TV Cabo and Jogos Santa Casa in Portugal.
|