Wednesday, December 24, 2025
Latest:
delhihighcourt

TRUSTED INFO SYSTEMS PRIVATE LIMITED vs INDIAN COMPUTER EMERGENCY RESPONSE TEAM & ANR.

Information

* IN THE HIGH COURT OF DELHI AT NEW DELHI
Date of decision: 20th NOVEMBER, 2023
IN THE MATTER OF:
+ W.P.(C) 7508/2021
TRUSTED INFO SYSTEMS PRIVATE LIMITED ….. Petitioner
Through: Mr. Tarang Gupta and Mr. Kartikeya Sharma, Advocates.

versus

INDIAN COMPUTER EMERGENCY RESPONSE TEAM & ANR. ….. Respondents
Through: Mr. Vikram Jetly, CGSC with Ms. Shreya Jetly, Advocates and Mr. Rajesh Suri, Law Officer

CORAM:
HON’BLE MR. JUSTICE SUBRAMONIUM PRASAD
JUDGMENT
1. The present writ petition under Article 226 of the Constitution of India has been filed by the Petitioner seeking issuance of an appropriate writ, order or direction quashing the results dated 20.10.2020 and 15.3.2021 issued by the Indian Computer Emergency Response Team with respect to the Online Practical Skill Test held as part of the renewal process for empanelment of Cyber-Security Firms as Information Technology Security Auditing Organizations where the Indian Computer Emergency Response Team awarded the score of 65% to the Petitioner in the Online Practical Skill Test conducted in September, 2020 and 70% in the Online Practical Skill Test conducted in January, 2021 as part of the empanelment process, and has put an embargo on the Petitioner from being empanelled with Respondent No.1 for a period of 1 year.
2. Shorn of any unnecessary details, the facts leading to the instant petition are as follows:-
a. The Petitioner herein is engaged in the business of rendering services in the field of Information Technology, Governance, Information Security, Cyber Security, Cyber Risk Management for the past two decades. The Petitioner has also been rendering services of Information Technology Security Auditing since May, 2002 and has been empanelled as an IT Security Auditing Organization with the Indian Computer Emergency Response Team (CERT-IN) for period of three years from 2016-2019.

b. The Petitioner participated in the empanelled process for the empanelment as an IT Security Auditing Organization with the Respondent No.1 and were required to undertake an Online Practical Skill Test (OLPST) and a Personal Interaction Session with the Technical Evaluation Committee (TEC) of the Respondent 1 herein as part of the process thereafter.

c. The Indian Computer Emergency Response Team (CERT-IN), i.e., Respondent No.1 herein conducted the Online Practical Skill Test (OLPST) from 14.09.2020 and 16.09.2020 as per the Rules of Engagement, 2020 whereby the participating organizations were directed to the test the services running at port 8081 and find out all possible vulnerabilities and the possible penetrations in the test-bed. The Petitioner submitted the report of the Online Practical Skill Test after completion on 22.09.2020.

d. The Petitioner was thereafter communicated the results of the Online Practical Skill Test vide the impugned result dated 22.10.2020 whereby the Petitioner was apprised of the fact that it has achieved a score of 65% as opposed to the desired result of 90% which is required to advance for the stage of personal meeting by the Technical Examination Committee. The representative of Respondent No.1 also informed the Petitioner that it had missed out on two operating system related vulnerabilities which according to the Petitioner was beyond the scope of test.
e. It is stated that the Petitioner gave representations to the Director General of CERT-IN protesting against the illegal inclusion of operating system related vulnerabilities, which expanded the scope of the test without giving notice to the Petitioner. It is further stated that CERT-IN published list of 33 empanelled organizations pursuant to the test held from 14.09.2020 to 16.09.2020 and list of another empanelled organization was published on 06.11.2020. It is stated that there was no test conducted by ICERT from 01.11.2020 to 06.11.2020. It is stated that on 06.11.2020 one more organization was included without any justification.

f. The Petitioner herein made a representation to Respondent No.1 to communicate the specific vulnerabilities that the Petitioner failed to identify in the test report submitted on 22.09.2020 and to review the assessment of the Petitioner’s report. The Petitioner also sought the setup of a Virtual Interactive Session between the Petitioner and the Respondents owing to the COVID-19 pandemic to understand the extent of the of the vulnerabilities which were missed by the Petitioner.

g. On 07.01.2021, the Petitioner was allowed a second attempt at the Online Practical Skill Test as per the Rules of Engagement, 2021 scheduled from 21.01.2021 to 23.01.2021 and the report after the completion of the test was submitted by the Petitioner on 30.01.2021. Respondent No.1 published the impugned result dated 15.03.2021 which apprised the Petitioner of the result of the OLPST held in January 2021 where the Petitioner was able to identify 70% of the vulnerabilities and penetrations on the online test-bed.

h. It is stated that on 15.03.2021, a list of 48 empanelled organizations was brought out and three more organizations were added to the previous list of 45 empanelled organizations on 22.02.2021. Thereafter, on 08.05.2021, another list of 58 empanelled organizations was published adding 10 more organizations excluding the Petitioner. On 27.07.2021, total 96 organizations were empanelled (including 38 organizations to the previous list of 58 empanelled organizations). It is stated that no further test has been conducted by the CERT-IN from 21.01.2021 to 23.01.2021.

i. A representation was made by the Petitioner to the Respondents wherein the details of the vulnerabilities missed by the Petitioner were sought again along with a copy of the “Master List” as prepared by Respondent No.1 for conducting the Online Practical Skills Test scheduled from 21.01.2021.

j. The representation of the Petitioner has not been addressed. The Petitioner has approached this Court by filing the instant writ petition stating that the Petitioner has been wrongfully ignored and the evaluation process undertaken by the CERT-IN for the test held by it from 14.09.2020 to 16.09.2020 and from 21.01.2021 to 23.01.2021 is completely arbitrary and non-transparent.

3. Notice was issued in the writ petition on 02.08.2021. Pleadings are complete.
4. It is the contention of the Petitioner that CERT-IN had wrongly and illegally included the operating system related vulnerabilities in the ‘Master List’ prepared by it for the tests conducted in the year 2020 and 2021 and the same did not form part of the scope of tests. The primary contention of the Petitioner is that the Respondents failed to communicate to the Petitioner the alleged vulnerabilities missed out by the Petitioner in the tests conducted by the CERT-IN despite giving numerous representations and the Petitioner is being unfairly overlooked.
5. The relevant portion of the Rules of Engagement reads as under:-
“6. Empanelment of the new organizations is a four step process followed by background verification & clearance by suitable Government agency, as given below:

Step-1: Submission of Application Form (in the prescribed format) for empanelment of the organization for 3 years w.r.t the year of empanelment, subject to complying with terms & conditions of empanelment, along with the following Annexures:

Annexure I: Background verification certificate from the organization Annexure II: Consent Form Annexure III: Undertaking by the organization on code of conduct Annexure A: Detailed information regarding last 5 information security audits carried out by organization during the last 3 years and copy of any two IT Security Audit Reports out of these five.

Step-2: The organizations will be given two virtual images in DVD having some applications installed with the known vulnerabilities and possible penetrations built for the off-line in-house practical skills test, which they can test at their premises and should report at least 90% of known set of vulnerabilities and successful penetrations. Organization scoring 90% or more, on the basis of assessment of report, will be considered for Step 3. The organization will be given maximum two attempts to appear in offline PST.

Step 3: On being successful in Step 2, the qualified organizations will have to take an online practical skills test i.e. VA/PT PST and target a test-bed of known vulnerabilities and possible penetrations. Challenges will be declared in real time over IRC channel to the participating organizations. Organizations will be required to submit VA & PT report to CERT-In. Organization scoring 90% or more, on the basis of assessment of report, will be considered for step-4 i.e. Personal Interaction Session. The organization will be given maximum two attempts to appear in VA/PT PST.

Step-4: For the purpose of Personal Interaction Session, the TEC will meet in Delhi as well as in Bangalore to interact with the organizations who have qualified in step 3. This may include
• Face to face meeting / Interaction with auditor team of suitable size.
• The team must have persons from the technical personnel informed to CERT-In as per the information form submitted to CERT-In.
• Interpretation of vulnerabilities and means of exploit by the auditor organization Technical Competence verification at CERT-In or IISc Bangalore as deemed necessary.”

6. On 19.10.2022, learned Counsel for the Petitioner submitted that the Petitioner would be satisfied if Indian Computer Emergency Response Team (CERT-IN) arrange for a discussion with relevant officials of CERT-IN and the representatives of the Petitioner in relation to the issues which are raised in the instant writ petition. The Petitioner was permitted to request the CERT-IN making clear that the disclosures made therein shall be kept strictly confidential. It is apparent that nothing fruitful has come out.
7. Learned Counsel for the Petitioner submitted that the Petitioner was empanelled to provide services of auditing, including vulnerability assessment and penetration testing of computer systems, networks and applications of various organizations of the Government for the previous block years of 2016-2019. The council submitted that the empanelment of the Petitioner was extended up to 31.10.2020 and was empaneled with the Respondent as an IT Auditor until the undertaking of the Empanelment Procedure of 2020.
8. Learned Counsel for the Petitioner submitted that by the virtue of the Petitioner being previously empanelled, it had to undergo only the Steps 3 and 4 of the empanelment process, which would be to undergo the Online Practical Skills Test, and upon proper qualification, the Personal Interaction Session with the Technical Evaluation Committee would be conducted for the purpose of future empanelment.
9. Learned Counsel for the Petitioner vehemently argued that as per Rule 3 of the Engagement Rules 2020 and 2021, the Petitioner should be provided the Master List for ensuring transparency in the empanelment procedure. The Rule 3 of the Engagement Rules reads as follows
“3. Evaluation Criteria

A master list of vulnerabilities will be prepared and finalised by CERT-In, for test setup before the commencement of test. Evaluation will be done on the basis of exercise (VA/PT) report submitted by the participating organization and monitoring/ log analysis of the activities of participant by CERT-In team.

Performance of organization will be evaluated against master list of vulnerabilities.

Organizations are required to score 90% or more by identifying and verifying vulnerabilities against master list for qualifying for the next round of empanelment (i.e. Personal Interaction Test).

Maximum two attempts are allowed to qualify VA/PT PST, failing which organization can reappear after cooling period of one year.

For empanelled organisations, compliance to quarterly submission of “Framework for Assessing Vulnerabilities and Audit Landscape” data may also be considered for evaluating performance of organisation.”

10. Learned Counsel for the Petitioner contends that as per the aforementioned Rule, Respondent No.1 is supposed to maintain a “Master List” which consists of a list of vulnerabilities as appearing on the test-bed for the Online Practical Skills Test, which will be used to evaluate the performance of the participating organizations. Learned Counsel for the Petitioner submits that the Master List is an important component of the empanelment procedure, which is finalised by Respondent No.1 before commencement of the Online Practical Skills Test. He contends that the scope of the test, including all vulnerabilities which are to be detected by the IT Audit Organizations are included in the Master List. He submits that the production of Master List should be done to promote transparency amongst the participating organizations to ensure that there is no arbitrary actions on behalf of the testing authority.
11. Learned Counsel for the Petitioner brought on record various vulnerabilities that was found by the Petitioner which was verified with the list of the vulnerabilities provided to the Petitioner by Respondent No.1 vide e-mails dated 13.09.2020 and 14.09.2020. Learned Counsel for the Petitioner has brought on record the reports submitted by the Petitioner pursuant to the Online Practical Skills Test, which included a list of identified vulnerabilities with a proof of concept. The report submitted for the OLPST conducted in September, 2020 on IP Address 1.7.142.220:8081 highlights that the Petitioner was able to identify 382 vulnerabilities which included taking complete control and ownership of the test bed. The report submitted for the OLPST conducted in January, 2021 on IP Address 220.158.173.35 provides that Petitioner identified and verified 398 vulnerabilities running on the port. He contends that after clarifying the scope of the audit tests on multiple occasions, Respondent No.1 is including vulnerabilities outside the scope of the test. Learned Counsel for the Petitioner contends that the vulnerabilities identified and verified were all the vulnerabilities present on the respective ports. He, therefore, argues that to understand the extent of the deficiency in the test report submitted by the Petitioner, a copy of the Master List as finalized by Respondent No.1 should be provided to the participating organizations.
12. Learned Counsel for the Petitioner submits that various representations were made to the Respondent No.1 between 20.10.2020 and 24.10.2020 seeking a re-evaluation of the report submitted by the Petitioner and the Master List prepared by the Petitioner for the Online Practical Skills Test conducted in September, 2020. He contends that despite multiple representations, the Petitioner was not provided with an opportunity to be re-evaluated or provided with a list of vulnerabilities or the Master List which would enable it to verify their report with the list of vulnerabilities as reflected in the Master List.
13. Per Contra, learned Counsel for the Respondents has made submissions justifying the actions taken by the Respondents. Learned Counsel for the Respondents submits that the number of vulnerabilities selected in the Master List and the number of vulnerabilities correctly reported by the Petitioner was informed to the Petitioner vide e-mail dated 20.10.2020. He pointed to the material on record which establishes that the Respondent No.1 herein informed the Petitioner that out of the 20 vulnerabilities in the test-bed, the Petitioner was able to only identify 13 vulnerabilities scoring a total of 65% in the OLPST conducted in September, 2020 which was below the qualification requirement of 90%. He provided that in everyday practice for any audit organizations, they are tasked with identifying all the vulnerabilities to secure the system for the purposes of vulnerability assessment. It is provided that the IT Audit Organizations are sought to identify vulnerabilities similarly in a Black-Box Environment, and it is the prerogative of the participating organization to identify all the flaws in the test-bed.
14. Learned Counsel for the Respondents submits that in the Online Practical Skills Test for the renewal of empanelment held in September 2020, the Petitioner was only able to identify 65% of all the vulnerabilities along with the proof of Concept against the qualifying benchmark of 90%. He further submits that due to the nature and the importance of the test, the Rules of Engagement, 2020 provide for a second attempt for participating organizations. He relied on Step 3 of the empanelment procedure of the Engagement Rules which provides for a maximum of two attempts to appear for the VA/PT Practical Skills Test.
15. Learned Counsel for Respondents contends that as per the Engagement Rules 2020 and 2021, the Petitioner was provided two opportunities to qualify in the Online Practical Skills Test again in the test held between 21.01.2021 and 23.01.2021. He submits that despite both the opportunities provided to the Petitioner in September 2020 and in January 2021, they were unable to identify the minimum number of vulnerabilities in the given test-bed and could not generate proof of concept of the vulnerabilities as per the rules. It has been submitted that to the same effect, the Petitioner was debarred for a period of 1 year as a “cool-off” period as provided for in the engagement rules.
16. Learned Counsel for the Respondents contends that the empanelment process of the Respondents No.1 is a continuous exercise and the test-beds which were used for the empanelment procedure in question will also be used for future assessments. He further provided that such test-beds are only renewed every 3 years and the disclosure of the Master List of vulnerabilities prepared for the Online Practical Skills Test conducted in September, 2020 and January, 2021 will lead to an ineffective and meaningless empanelment tests as any persons aware of the list will be able to qualify for the next step in the empanelment process.
17. Learned Counsel for the Respondents contends that the empanelment procedure is a multi-step procedure which includes varied level of difficulties for participating organizations. He states that this has been the case to ensure that organizations which do not possess the requisite technical competency should not be part of the panel for the audit of important governmental organizations as they may lead to threats to national security. He submits that failure of the Petitioner in both the Online Practical Skills Test demonstrates the Petitioner’s inability to upgrade its technical skills, capabilities and methodologies for the purposes of an IT Audit. He submitted that the nature of the Information Technology services demands a constant up-gradation in the skills of the Petitioner to deal with cyber-security threats, and the same is not static but dynamic in nature. Since there are important public authorities which are dealt with by the IT Audit Organizations, it is imperative for the participating organizations to continue to upgrade their skills and not rely on the Respondents to maintain their competency. It is contended that the cool-off period is prescribed in the engagement rules for a period of 1 year to allow the rejected organizations to upgrade their skills and manpower, and the mandatory cool-off period should not be treated as a negative step.
18. Learned Counsel for the Respondent submits that the scope of the evaluation was provided to all participating organizations alike and the scope of the test was not expanded to include operating system related vulnerabilities and all the vulnerabilities in the Online Practical Skills Test were the same as the ones that were communicated. He submits that the vulnerabilities which were communicated to the participating organizations were the same vulnerabilities which formed part of the Master List.
19. Learned Counsel for the Respondents submits that the contrary to the averment of the Petitioner, the Petitioner was accorded treatment which was accorded to all other similarly placed IT Organizations and no re-evaluations and test beyond the purview of the engagement rules was undertaken. He states that material on record shows that empanelled list was dynamic in nature and the list of empanelled IT Organizations was duly updated as and when the participating organizations were empanelled. He contends that owing to various delays, on part of the participating organizations in submission of details for the purposes of upload on the website of Respondent No.1, the list of the empanelled organizations kept being updated.
20. Learned Counsel for the Respondents elaborated by pointing out to the procedure for empanelment and explained that there are various stages of approvals required by the participating organizations to be empanelled including clearances issued by the concerned government agency. He submits that it is only after this verification, Respondent No.1 can upload the name of the approved organizations, and such, delays were observed in the process. He submits that, therefore, the Petitioner cannot claim arbitrariness and re-evaluations on the basis of other organizations qualifying for empanelment within the purview of the procedure envisaged in the Rules of Engagement.
21. Heard learned Counsel for the parties and perused the material on record.
22. It is established that the Petitioner had participated in the Empanelment Procedure with the Respondent No.1 herein and had to undergo only Steps 3 and 4 of the Empanelment procedure under the Engagement Rules, 2020. Learned Counsel for the Petitioner contended that in the Online Practical Skills Test conducted between 14.09.2020 and 16.09.2020, the Petitioner was able to identify a total of 382 vulnerabilities on the provided test-bed which according to the Petitioner were all the vulnerabilities provided on the port 8081 within the scope of the test. Learned Counsel also contended that despite the clarifications sought by the Petitioner regarding the scope of the test and finishing the test as per the provided clarification, the Petitioner were telephonically informed by Mr. Ashutosh Bahuguna about some missed vulnerabilities which went beyond the scope of the test.
23. The Petitioner herein is a Cyber-Security organization engaged in the services of providing IT Audit and Cyber Security services to various other firms. The Petitioner organization was empanelled by the Respondents No.1 for the same purposes between 2016 and 2019 which was further extended to 2020. The Petitioner had to follow the procedure laid down in the Guidelines for applying to CERT-IN for Empanelment of IT Security Auditing Organizations (Engagement Rules) which allowed for the re-empanelment of the Petitioner post the successful competition of an Online Practical Skill Test and a Personal Interaction Session with the Technical Evaluation Committee (TEC) of the Respondent No.1. The Petitioner thereafter participated in the Online Practical Skill Test on two occasions, held in September 2020 between 14.09.2020 and 16.09.2020, and one held in January, 2021 between 21.01.2021 and 23.01.2021 and failed to qualify for either of the tests. From the material on record and the submissions by the parties, it is established that the Petitioner underscored on the test, scoring a total of 65% in the test of September 2020 and scoring a total of 70% in the test of January, 2021 which was below the minimum qualification score as set by the CERT-IN.
24. The Petitioner is aggrieved by the results of the Online Practical Skill Test approached this court seeking the quashing of the results of Petitioner in both of the Online Practical Skill Tests and directing the respondents to re-evaluate the results of the Petitioner.
25. This Court after observing the counter-affidavit filed by the Respondent No.1 and the submissions made by the Respondents is of the view that the averment of the Petitioner regarding the non-grant of reevaluation is unfounded. This Court after perusing the engagement guidelines for empanelment is of the view that there is no procedure envisaged under the Rules of Engagement 2020 and 2021 for re-evaluation of reports submitted by the Petitioner pursuant to either the Offline In-House Practical Skill Test and the Online Practical Skill Test.
26. Material on record discloses that under Rule 11 of the Engagement Rules 2020 and 2021 two attempts are provided to the participating organizations to ensure that there will be uniformity and the participating organizations aggrieved with test results can undertake the test again. Rule 11 of the Engagement Guidelines reads as:
“After 2 (two) unsuccessful attempts in either offline in-house practical test or online VA/PT PST the organisation may apply as a fresh candidate after cooling off period of one year.”

27. A perusal of the material on record discloses that the process of empanelment adopted by the Respondents is extremely technical. The Court cannot be expected to sit on appeal over decisions taken by experts and substitute its own conclusion with one arrived at by the experts.
28. The Apex Court in Secy. (Health) Deptt. of Health & F.W. & Anr. v. Dr. Anita Puri & Ors., 1996 (6) SCC 282, while dealing with the selection done by a Public Service Commission of doctors has observed as under:-
“9… It is too well settled that when a selection is made by an expert body like the Public Service Commission which is also advised by experts having technical experience and high academic qualification in the field for which the selection is to be made, the courts should be slow to interfere with the opinion expressed by experts unless allegations of mala fide are made and established. It would be prudent and safe for the courts to leave the decisions on such matters to the experts who are more familiar with the problems they face than the courts. If the expert body considers suitability of a candidate for a specified post after giving due consideration to all the relevant factors, then the court should not ordinarily interfere with such selection and evaluation. Thus considered, we are not in a position to agree with the conclusion of the High Court that the marks awarded by the Commission was arbitrary or that the selection made by the Commission was in any way vitiated.”

29. Similarly, the Apex Court in Dalpat Abasaheb Solunke & Ors. v. Dr. B S Mahajan & Ors., 1990 (1) SCC 305, has observed as under:-
“12. It will thus appear that apart from the fact that the High Court has rolled the cases of the two appointees in one, though their appointments are not assailable on the same grounds, the court has also found it necessary to sit in appeal over the decision of the Selection Committee and to embark upon deciding the relative merits of the candidates. It is needless to emphasise that it is not the function of the court to hear appeals over the decisions of the Selection Committees and to scrutinize the relative merits of the candidates. Whether a candidate is fit for a particular post or not has to be decided by the duly constituted Selection Committee which has the expertise on the subject. The court has no such expertise. The decision of the Selection Committee can be interfered with only on limited grounds, such as illegality or patent material irregularity in the constitution of the Committee or its procedure vitiat- ing the selection, or proved mala fides affecting the selection etc. It is not disputed that in the present case the University had constituted the Committee in due compliance with the relevant statutes. The Committee consisted of experts and it selected the candidates after going through all the relevant material before it. In sitting in appeal over the selection so made and in setting it aside on the ground of the so called comparative merits of the candidates as assessed by the court, the High Court went wrong and exceeded its jurisdiction.”

30. After perusing the material on record and the submissions made by both the parties, this Court is of the view that there was no infirmity with the decision of the Respondent No.1 in not allowing a reevaluation of the report submitted by the Petitioner on 22.09.2020 given the procedure to provide two attempts to qualify in the Online Practical Skill Test. Further, allowing the re-evaluation of the Petitioner in absence of a procedure and norms of the CERT-IN will lead to unnecessary administrative delays, as the same had not been done for any participating organization since the inception of the empanelment procedure by CERT-IN.
31. With regards to the Master List prepared by the Respondent No.1, this Court perused the material on record and the assistance provided to the Court by learned Counsel for the parties. This Court was apprised of the fact that a Master List is prepared by Respondent No.1herein for the purposes of conducting qualifying tests for the purposes of Empanelling Cyber-Security Firms for the purpose of an IT Audit of Governmental Agencies and other public offices. The Master List, therefore, consists of all vulnerabilities that are present in the test-bed of the Offline Practical Skill Test and Online Practical Skill test undertaken by the participating organizations as part of Step 2 and 3 of the Empanelment process.
32. Material on Record also shows the Master List is prepared by the Respondent No.1 through following an intensive process, and the Master List of vulnerabilities encompasses the techniques of setup and details of the test-bed environments which are used for developing the tests. The master list of vulnerabilities is prepared through compiling actual vulnerabilities and penetration possibilities that have been witnessed in previous IT Audits conducted by CERT-IN of governmental agencies and other public authorities. It had therefore been argued that disclosure of the Master List will not only result in the tests themselves being meaningless and ineffective hereon forward, but will also adversely affect the Cyber-Security and integrity of various governmental organization.
33. This Court after perusing the material on record and the submissions by the Petitioner and the Respondents herein is of the opinion that the by withholding the master list, Respondent No.1 is ensuring that the sanctity of the IT Operations of important ministries and the other public authorities is not interfered with. As established, the Master List prepared by the Respondents herein is a list of vulnerabilities which forms the scope of the tests laid down under the Guidelines for Empanelment of IT Organizations for IT Audit of Governmental Organizations, and is therefore an important document, not only for the purposes of the test, but also for the integrity of the IT Systems of the concerned organizations. It has also been established that the same master list contains vulnerabilities which were witnessed through IT Audits, and other vulnerabilities that have propped up owing to the development of technology. Considering that the future empanelment procedure as well the future test-bed of vulnerabilities in the Offline Practical Skills Test as well as the Online Practical Skills Test may include vulnerabilities from the current master list, this court is of the opinion that disclosure of Master List to the Petitioner will have an adverse effect not only for the security of the governmental organizations in questions but also on the entire empanelment procedure.
34. On 19.10.2022, on a request by the Petitioner, this Court instructed the Respondent No.1 to arrange for a discussion between the two parties. The relevant portion of the Order dated 19.10.22 reads as under:-
“Learned counsel for the petitioner on instructions states that their representatives would be satisfied if Indian Computer Emergency Response Team [“CERT-IN”] were to arrange for a discussion with relevant officials of CERT-IN and representatives of the petitioner in relation to the issues which stand raised in the present writ petition. The Court grants the saidrequest.”

35. Thereafter on 27.01.2023, this Court has observed as under:-
“4. Meetings in terms of the previous order have already been conducted and the documents in respect thereof have been placed on record.
5. Ld. counsel for the Petitioner submits that he had submitted further documents on 19th January, 2023 after the meetings were concluded and the same ought to be considered by the Respondents. However, this submission is opposed by ld. Counsel for the Respondents.
6. Ld. counsel for the Petitioner to place on record the index of documents which have been shown to the Court today.
7. It is clarified that the pendency of this writ shall not in any manner be construed against the Petitioner if it chooses to apply for empanelment afresh in July, 2023.”

36. This Court vide Order dated 27.01.2023 was apprised of the fact that pursuant to the directions in the Order dated 19.10.2022, a meeting was conducted between the Petitioner and the Respondents. Learned Counsel for the Respondents submitted that the cool-off period of 1 year had ended and the grievance of the Petitioner was only limited to the production of the Master List. The Respondent further submitted that a fresh empanelment procedure had commenced and the Petitioner had already applied for the same.
37. A perusal of the material on record does not disclose any favouritism. In fact, there is no allegation of favouritism. Material on record also does not disclose that there was any bias against the Petitioner. The empanelment is for a highly technical subject and the evaluation is being done by persons who are experts in that specialized subject. There is nothing on record to show that the marks have not been given on the basis of an objective criteria unless it is shown that the selection done by the expert body is biased, capricious, whimsical or arbitrary, Courts must not venture to sit on appeal on the decisions taken by experts. General allegations of the type that have been made in the instant writ petition, in the opinion of this Court, cannot nullify the selection process unless some concrete facts are established to show that Respondent No.1 had a bias of somebody or does not endeavour to ensure that the Petitioner is not wantonly empanelled. The reasons given in the counter affidavit and in the additional affidavit shows a proper application of mind and thought process by Respondent No.1 which does not require any interference under Article 226 of the Constitution of India.
38. Considering the fact that this court has provided that the master list cannot be disclosed and the cool-off period has already ended, this court is of the opinion that nothing survives in this petition.
39. This writ petition is dismissed along with pending application(s), if any.

SUBRAMONIUM PRASAD, J
NOVEMBER 20, 2023
hsk/tn

W.P.(C) 7508/2021 Page 1 of 22