Source-grounded governance posture
Designed to align with GIGW 3.0 guidance on accessibility, usability, content quality, security, and performance.
Governance / deployment
This page is intentionally cautious. It describes alignment targets and deployment posture without claiming live certification, live integration, or live hosting.
Wording discipline
The prototype uses phrases such as “Designed to align with…,” “Prepared for…,” and “Can be deployed within…” to avoid compliance overclaim.
Designed to align with GIGW 3.0 guidance on accessibility, usability, content quality, security, and performance.
Prepared for deployment within state-controlled hosting environments, including MeghRaj-aligned or NIC/NICSI-style cloud setups.
Prepared for security review and VAPT-style assurance workflows that commonly rely on CERT-In empanelled audit capacity.
Security scope
This makes the boundary explicit: the prototype is local and non-persistent today; a live workflow would require controlled hosting, identity, logging, and review controls.
The current build is a static frontend. Uploaded files stay in the browser session only. There is no database, no background service, and no live connection to Startup Haryana or any other departmental system.
For a live deployment, keep the workflow inside a state-controlled hosting environment, align UI and lifecycle practices with GIGW 3.0, and place application infrastructure within NIC / MeghRaj-style hosting arrangements.
Role-based access, audit logs, encryption in transit and at rest, data retention policy, and security review through a CERT-In-aligned audit process should be non-negotiable before any live workflow data is handled.
It should not auto-approve, silently alter official records, pull unrelated departmental data, or send workflow files to external services without explicit government approval and deployment design.
Implemented in the prototype
Prepared for later implementation