CPC(TDS) Information Security Advisory to Tax Deductors

Date of communication: 21/12/2016

Dear Deductor,

The Centralized Processing Cell (TDS) offers you a variety of value-added services through its web-portal TRACES . As you are aware, these services can be availed after registering on TRACES with a unique User ID and Password. In provision of its services, CPC (TDS) exchanges with its end-users a variety of sensitive TDS related information pertaining to the Tax Deductors and Deductees. Therefore, Data Security and Integrity forms the core of CPC (TDS) Information Security Management System, which is certified with ISO 27001 global standard.

As you handle TDS related sensitive information on the web-portal TRACES every day, your partnership in Information Security endeavors of CPC (TDS) cannot be overemphasized. It is, therefore, imperative that your privileged access to our systems needs to be handle diligently and with due care. To further emphasize this, CPC(TDS) has certain recommendations for you, as follows:

  • Your User ID and Password are the most sensitive information, misuse of which can lead to tampering of confidential TDS related information, your own sensitive data and Deductee related confidential information. If a password is hacked or stolen, it can result in information security breach, leading to undesirable consequences, including privacy violations.
  • You are therefore, suggested to exercise caution in use of log-in credentials at TRACES, which should not be disclosed to any unintended or unauthorized individuals. If shared, the person using log-in credentials shall also be liable to consequences.
  • To delegate TDS related activities, TRACES has provided facility for Admin and Sub-users to facilitate authorised Sub-users to carry out activities on TRACES and submit to the Admin user. The Admin user has the right to approve the activities of the Sub-users.
  • Secure your password with at least 8 characters’ length and a combination of Lower Case, Upper Case, Numeric Characters and Special characters.Do not write your password on notepads or the whiteboard at your desk.
  • Keeping sensitive information such as passwords in emails, folders & files on the computer can be risky. If the email or computer account is hacked, then the perpetrator could misuse the passwords, steal money from your bank accounts, misuse your email account or credit/debit card to access sensitive information from your machine.
  • Do not use the same password for different accounts.Using the same password for more than one account is similar to carrying one key that unlocks your house, car, office and safety deposit box. One lost key could let a mischievous unauthorised user unlock all doors.
  • It is therefore, not only advised to refrain from sharing the log-in credentials, but also to avoid using the log-in credentials of any person other than the Authorised Person appointed by the deductor, for carrying out any activity on TRACES.
  • You are requested to similarly treat Digital Signature Certificate with utmost security, as the User ID and Password on TRACES.

Please note that the “Authorised Person” is referred to as “Person Responsible” in accordance with Section 204 read with Section 200 of the Income Tax Act, 1961 and other relevant provisions for deduction of tax.

We are extremely sure that you will partner with CPC(TDS) in establishing a secure ecosystem by abiding to the Security guidelines of CPC(TDS). CPC (TDS) is committed to provide best possible services to you.


Source: TRACES

Leave a Reply

Your email address will not be published. Required fields are marked *