Quick answer
MeitY's testing and certification body that validates the quality and security of electronics and IT products before they can be supplied to government organisations.
Standardisation Testing and Quality Certification (STQC) is the testing, certification, and training body under the Ministry of Electronics and Information Technology (MeitY), providing quality assurance services for electronics and IT products in India. STQC certification is a mandatory requirement for specific categories of IT and security products supplied to government, and STQC-accredited labs conduct testing that underlies BIS certification for electronic goods.
What is STQC (Standardisation Testing and Quality Certification) in government procurement?
STQC operates a network of 20+ testing laboratories and offices across India, in Hyderabad, Delhi, Kolkata, Mumbai, Chennai, Bengaluru, and several other cities. The organisation functions as an independent third-party testing and certification body, providing services that range from product quality testing and certification to software quality certification and cybersecurity evaluation.
For IT hardware, STQC's testing laboratories are empanelled by the Bureau of Indian Standards (BIS) for conducting tests under the Compulsory Registration Order, the mandatory product testing regime for IT and consumer electronics sold in India. A product that needs BIS registration (CRO registration) must be tested at an STQC or NABL-accredited laboratory before BIS grants the registration. STQC is the most commonly used testing lab for this purpose.
For cybersecurity products, firewalls, intrusion detection systems, antivirus software, encryption devices, STQC conducts security evaluation following international criteria (Common Criteria, FIPS 140-2 for cryptographic modules). Products evaluated and certified by STQC under these standards receive certificates that government tenders specifically require for security equipment. A firewall supplied to a government data centre must typically hold STQC's security evaluation certification.
STQC also offers software quality certification, testing software applications against international quality standards (ISO 25010, previously ISO 9126) and issuing quality certificates. Government IT departments sometimes specify STQC quality certification for critical software applications as a tender eligibility condition.
For the e-Governance domain, STQC has developed the Electronic Delivery of Services (EDS) quality framework and assists state governments in assessing their e-governance portals and services.
Why it matters for bidders
For IT and electronics companies supplying to government, STQC interacts with their procurement in two direct ways. First, many government IT tenders require products to hold STQC security evaluation certificates, without this, the product is ineligible. A firewall manufacturer who wants to sell to government data centres must submit their product for STQC evaluation, a process taking 3-6 months depending on product complexity. Second, STQC testing is required for BIS CRO registration for IT hardware, a mandatory pre-condition for selling IT products in India, including to government.
Getting STQC evaluation completed before targeting government tenders is therefore a precondition, not an activity triggered by winning a contract. The evaluation process timeline must be factored into business development planning.
STQC's empanelled cybersecurity audit firms, the list of organisations STQC has recognised for conducting security audits, are the only organisations government departments can hire for mandated security audits under CERT-In guidelines. For IT security consulting companies wanting to offer government security audit services, getting onto STQC's empanelled auditor list is the essential first step.
Example
A startup develops an intrusion detection system (IDS) for government network security and wants to sell it to NICSI (NIC Services India Limited) for deployment across central government networks. The NICSI tender specifies that the IDS must hold STQC security evaluation certificate under Common Criteria EAL2+ assurance level. The company submits the product to STQC's Delhi laboratory with technical documentation. STQC's evaluation team tests the product's security functions, vulnerability resistance, and operational correctness over 4 months. The product passes at EAL2+ level. STQC issues the certificate. The company includes the STQC certificate in its bid. The technical evaluation committee confirms eligibility, and the company proceeds to financial evaluation, competing on price for a Rs 45-crore IDS procurement.
Key rules / thresholds
STQC certificates for security products are valid for 3 years, after which re-evaluation is required. BIS test reports for CRO registration (issued by STQC or other NABL labs) are valid for the model tested, any change to hardware or firmware requires fresh testing. CERT-In's empanelment of STQC for security audits is reviewed annually. Companies wanting government security audit mandates must maintain their STQC empanelment status by meeting CERT-In's ongoing qualification criteria.
How Bid India helps
Bid India puts STQC (Standardisation Testing and Quality Certification) to work inside your capture and proposal workflow.
Discover tendersSee Bid India in action
Book a demo and we will show you the platform using your actual contract data.
Related terms
MeitY (Ministry of Electronics and IT)
The central ministry that governs India's IT and electronics sector, sets digital governance policy, and issues procurement guidelines for government IT purchases.
ViewBIS Certification for Electronics
The mandatory product certification from India's Bureau of Indian Standards that IT and electronics products must hold before they can be legally sold in India, including to government buyers.
ViewCybersecurity in Government Contracts
The security requirements, standards, and compliance obligations that IT vendors must meet when supplying systems or services to Indian government organisations.
ViewIT Procurement in Government
The process by which central and state government bodies acquire information technology hardware, software, and services to support digital governance programmes.
ViewSoftware Licensing in Government
The procurement of software usage rights by government departments, covering commercial licences, open-source software, and enterprise licence agreements.
View