1. The Department does vulnerability assessment and penetration tests from time to time. These are done by internal resources and also by external resources through the Internal Audit unit. The reports from these exercises are then shared with internal stakeholders like Application Management, Data Centre, and Networks. These reports come with findings of what needs to be fixed and by whom. The third party to do these vulnerability and penetration tests yearly is the Auditor General
2. The Department uses a variety of licences for different systems. These licences expire at different times based on when they were bought. The Department has not renewed licences for antivirus as there were delays in the procurement process of these licences. The specification has now been completed and approved by the Bid Adjudication Committee and is ready to be advertised.
END