Agile Procurement Management at IGTP

A purchasing management application with visibility and transparency

IGTP has a digitalized purchasing request system based on a well-known electronic signature platform with a workflow in which each request must go through a series of approvals before being processed by the Purchasing Unit. IGTP has sought help from Infinitum Digital to define and develop a specific application that improves the purchasing process and meets the following characteristics.

The process, initiated by the request of any IGTP member, must gather detailed information about the purchase, supplier data, individuals assigned for authorizations, as well as the justification of the need (including the ability to attach documents to the request).  

The automated workflow that arises notifies each authorizer by email in each of the validation phases, assigned with a purchase request to sign and approve, or deny, for which in that case they must inform the reason that the requester can consult.

It is very important that the system complies with internal regulations and procedures, as well as with current legislation. Therefore, requesters must explicitly accept that they meet the established requirements in the Purchasing Protocol and in the Law of Public Sector Contracts.

One of the main challenges is to equip the system with elements that allow for total visibility and transparency of the approval and processing process of requests (the status of their requests once they have been sent), and to avoid the generation of incidents associated with obtaining information about the status of orders.

Modular software architecture based on Symfony

The application architecture has been designed and developed as a custom development solution using Symfony, the high-performance framework based on PHP, prioritizing security, traceability, and operational efficiency, following the specifications for the technological stack:

• Centralized authentication (SSO): to ensure secure and simplified access, the application integrates with IGTP's Single Sign-On (SSO) system. By using standard protocols (SAML), identity management is centralized, allowing users to access with their corporate credentials, reinforcing security and eliminating fragmented password management.
• Workflow engine (Symfony Workflow Component): implementation of a finite state machine that orchestrates the lifecycle of each request. This component ensures that transitions between states (request, responsibility signing, final validation) are watertight and rigorously follow the programmed business logic.
• Security and access control (RBAC): once authenticated via SSO, the system applies role-based access control. This links the user's identity with their specific permissions within the IGTP hierarchy, ensuring that only authorized profiles can sign or validate requests according to their rank.
• Asynchronous notification system: using Symfony Mailer, the system triggers automatic alerts to those responsible after each status change. These notifications ensure that the signature flow does not stop, keeping the Purchasing Unit proactively informed.
• Modern frontend with Twig and Tailwind CSS: the interface combines the power of the Twig template engine with the agility of Tailwind CSS. The result is a seamless user experience (UX), fully adapted to the corporate identity and optimized for displaying complex data on any device.
• Decoupled component architecture: the modular philosophy of Symfony facilitates code maintenance and ensures that the system is scalable. This allows for the future integration of new services (such as third-party APIs) without compromising the stability of the system's core.

The solution: a secure, transparent, and compliant purchasing system

Infinitum Digital has conceived and developed an application with an intuitive, efficient, and flexible process, allowing transparent tracking of purchasing requests, meeting legal requirements and adapting to the specific needs of IGTP:

1. Integration with intranet and automatic data capture:

• The new system is ready to integrate into IGTP's intranet.
• The requester's data is automatically informed through SSO, preventing the user from having to manually enter them.

2. Email domain restriction:

• All emails associated with authorizations belong to the @igtp.cat domain.

3. Authorization flow and digital signature:

• Implementation of a phased authorization flow, with each responsible signing in their turn.
• Inclusion of a digital signature control section of all those responsible within the request, as well as in compliance documentation of the legal regulations.
• Implementation of a temporary alternative authorization system if the digital signature causes delays.

4. Automation of authorization assignments:

• Automatic assignment of the corresponding authorizer by informing their name or email matched with the IGTP's active user directory.
• Ability for a signatory to, within the same validation process, reassign the purchase request to another person as long as they have the same role to sign and authorize it.

5. Flexibility in modifying orders:

• Implementation of the functionality to add comments and attach documents to the request by those responsible for signing the authorization.
• Provide visibility of the different status changes of the request to all those involved in the approval process.

6. Notifications and tracking:

• Automatic email sending to each responsible party to notify them about pending requests.
• Sending reminders if a responsible party does not act on the request within 24 hours.
• Requirement for justification in case of rejection and with notification to the requester.
• Possibility for the requester to inquire about the status of their request at any time through a simple control panel.
• Once the request is approved, sending notification to the requester with a direct link to the request with all authorization and signature evidences.