I have been informed by SITA as follows:
SITA has instituted a process to ensure that all system flaws identified are remediated (patch management) by implementing the latest operating system and application software updates on all workstations and servers installed and maintained by SITA to prevent any known security breaches.
(a) Updates are verified by conducting bi-weekly vulnerability assessment scans in consultation with the various service environments to update operating system and application software (code changes) where deemed necessary. Where updates are released by the suppliers of the software, it is also implemented after it has been tested.
(b) The environment is audited by the SITA Internal Audit by conducting vulnerability assessments and penetration testing. This is complimented by external penetration testing on an ad hoc basis. Furthermore, the Auditor-General also performs penetration testing and vulnerability scans on a selected sample of the infrastructure installed and maintained by SITA on an annual basis.
Approved/Not Approved
---------------------------------
Dr Siyabonga Cwele, MP
Minister of Telecommunications and Postal Services
Date: