Page 281 - Garis Panduan Perolehan Teknologi Maklumat & Komunikasi (ICT) Kerajaan
P. 281

(b)   implement the security test plan and provide the test results to Purchaser in
                        writing;

                   (c)   document, in writing, its procedures and the framework used to conduct code
                        review during the application development life cycle;

                   (d)   document,  in  writing,  its  procedures  for  vulnerability  and  penetration  testing
                        before  and  after  the  application  is  deployed  in  the  production  environment,
                        provided  that  such  testing  shall  be  performed  according  to  the  plan
                        established under Section IV(a), above; and

                   (e)   provide the Purchaser with:
                          (i)   written documentation of the results of all vulnerability and penetration
                               testing; and

                          (ii)   to the extent that such testing discloses vulnerabilities or other security
                               issues, a plan and timeline for mitigating such vulnerabilities or other
                               issues before the application is deployed in the production environment
                               or returned to the production environment.
















































                                                             3
   276   277   278   279   280   281   282   283