Compranet, the platform on which all purchases and contracts made by the federal government are made, is operating without support, that is, without the technical tools to solve a system crash, and also without maintenance of licenses or updated software, which places it at risk of hacking and failures. This, because the contract that provided these services ended on December 31 and so far the Ministry of Finance (SHCP) has not hired another provider.
Bravosolution Mexico was the company in charge of the operation of Compranet for the last 12 years, but due to the lack of payments, since October 2022 it informed the SHCP that it would not renew the contracts for this year. Therefore, at the end of the 2022 contracts, it withdrew its technical staff and handed over the credentials to access the unit.
As of January 1 of this year, the Treasury began to take charge of the system through which 470 purchasing processes were carried out per day, but, according to suppliers, it is operating with intermittencies for the registration of purchasing procedures, failures in access as suppliers and in linked sites such as the page of the government’s purchasing units.
Political Animal requested an interview with the Treasury on the subject, but did not receive a response.
The secretariat had planned a renewal of Compranet but, according to its projections, it would be ready until March of this year, so it needed Bravosolution Mexico to provide the service at least until the first quarter. However, the company did not agree to extend its services or make a new contract.
Through a letter of December 24, Bravosolution Mexico formalized before the Treasury that “the licenses of Sophos Firewall and Oracle database, together with all hardware and software support, maintenance and reporting services will end on December 31, 2022,” warns the document obtained by Political Animal.
These were contracts ADN-41-023/2022 for the “standard maintenance service to perpetual licensing of the software of the modules that make up Compranet” and ADN-41-024/2022 for the “comprehensive on-site technical support service for the operation of Compranet and its corresponding disaster recovery scheme”.
In the letter, the company adds: “Without a Sophos Firewall license in place, Compranet’s firewall system will crash, causing the software to be inaccessible until a new license is applied or the firewall is disabled. It is hereby communicated that at the end of the term of the Oracle database license, the Ministry of Finance will default for the use of the database unless said secretariat obtains its own license from Oracle.
However, when reviewing the contracts that the Treasury has made since December to date, it has only made one contract on Compranet, the direct award AA-006000998-E394-2022 for the “Oracle cloud infrastructure and platform service for Compranet”, on December 23, 2022. It is a service for its new platform, but not for the version that was left without a provider.
Suppliers consulted by Political Animal They warn that since December they have had problems participating in the processes and, even, due to technical problems, the dependencies have had to suspend the competitions.
In a review of the tenders to make purchases and contracts published by the government on the platform, there are only 142 processes published so far this year, despite the fact that the platform registers an average of more than 400 per day.
Compranet was in charge of the Secretariat of Public Function (SFP), but the administration of President Andrés Manuel López Obrador decided to transfer it to the Treasury, under the argument of the centralization of purchases in that dependency.
The importance of the platform is that it is the only system through which the federal government can make purchases and contracts, and where competing companies can make their proposals, request clarifications or ask questions without interacting with officials, which reduces risks of corruption.
However, for the first time since its inception in 1996, Compranet collapsed and was out of operation for 17 days in July 2022.
Read more: Compranet resumes operations after more than a week suspended due to failures
Since then, technical problems attributable to the supplier company have been noticed, but the Treasury and its owner, Rogelio Ramírez de la O, learned of the platform’s problems since December 2021.
The failures were due to the fact that “it is not given seguperiodic backup to the backups that are made of the information and there is no alternative for storing and backing up the information other than the one managed in Compranet”. Therefore, “the historical and current information contained in Compranet is managed without the established controls”, which was considered a “high risk” within the dependency.
This was established in the Risk Management Work Program (WWTP), a quarterly report where all agencies report on the risks that could prevent them from meeting goals and objectives, and that they deliver to the SFP.
The document — obtained by Political Animal through transparency— was prepared on December 21, 2021 and was signed by Secretary Ramírez de la O; the senior officer, Thalía Lagunas, and Gabriel Flores, general director of Financial Resources, although the report was delivered in 2022.
Read: The Secretary of the Treasury was alerted to the failures in Compranet seven months before the collapse of the platform
What we do at Animal Político requires professional journalists, teamwork, dialogue with readers and something very important: independence. You can help us keep going. Be part of the team.
Subscribe to Animal Político, receive benefits and support free journalism#YoSoyAnimal
