{"id":472,"date":"2020-06-04T16:54:26","date_gmt":"2020-06-04T16:54:26","guid":{"rendered":"http:\/\/audit.gov.ms\/?p=472"},"modified":"2020-06-04T16:54:26","modified_gmt":"2020-06-04T16:54:26","slug":"montserrat-ferry-online-booking-application","status":"publish","type":"post","link":"http:\/\/audit.gov.ms\/?p=472","title":{"rendered":"Montserrat Ferry Online Booking Application"},"content":{"rendered":"\n<p>An Information Security (IS) Audit Report of the\nAuditor General about the Montserrat Ferry Online Booking Application has been\npresented to the Legislative Assembly on May 19<sup>th<\/sup> 2020.&nbsp; <\/p>\n\n\n\n<p><strong>Background<\/strong><\/p>\n\n\n\n<p>This report assessed whether there were, and are,\nappropriate policies and procedures and effective controls in existence, to ensure\nthe security of the Montserrat Ferry Online Booking software and sensitive and\npersonal information entered and stored in it. &nbsp;The audit focused on areas such as Outsourcing,\nIT Operations, Application and Information Security controls, and Business\nContinuity. <\/p>\n\n\n\n<p><strong>Key\nFindings &nbsp;<\/strong><\/p>\n\n\n\n<ul><li>There are adequate\ninput and output validation controls in place that ensures the data being input\nor output is accurate, reliable, and complete when accepted by Montserrat Ferry\nBooking application, in a timely manner. The application\u2019s information is also properly\nprotected and secured and there have not been any reports of security related\nincidents or breaches since its initial debut in 2016.&nbsp; <\/li><li>The Office of the\nPremier\u2019s Access Division does not have a Service Level Agreement or Contract\nthat defines what functions are to be outsourced, what must remain in-house, or\nthe ownership of the application and the stored data. This is a very high-risk\nissue should the software vendor fail to maintain the software, goes out of\nbusiness, or folds, as the GoM does not retain business knowledge or ownership\nof the ferry online booking application and data<\/li><\/ul>\n\n\n\n<p><strong>Recommendations<\/strong><strong> <\/strong><\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The Office of the Auditor General strongly recommends\nthat: <\/p>\n\n\n\n<ul><li>The GoM should\ndevelop a clear outsourcing policy that documents the IT functions that can be\noutsourced and what remains in-house.&nbsp;\nAll of the roles and responsibilities between GoM and future vendors and\ncontractors should be identified and defined. This includes a Service Level\nAgreement that defines the services the contractor will be expected to\naccomplish, and the technical parameters for those services, i.e., items\ncritical to the GoM.&nbsp; <\/li><li>The Access\nDivision should assess the feasibility of purchasing the software and maintaining\nit, in-house. Should this option not be accepted by the supplier, then they\nshould request that the software be lodged in an escrow agreement where the\nsource code is stored with an independent third party.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/li><\/ul>\n\n\n\n<p><strong>The report in its entirety can be found at the Montserrat Public Library or by visiting&nbsp;<a href=\"http:\/\/audit.gov.ms\/publications\/\">Publications<\/a>&nbsp;or by requesting an electronic copy from the Office of the Auditor General<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An Information Security (IS) Audit Report of the Auditor General about the Montserrat Ferry Online Booking Application has been presented to the Legislative Assembly on May 19th 2020.&nbsp; Background This report assessed whether there were, and are, appropriate policies and procedures and effective controls in existence, to ensure the security of the Montserrat Ferry Online [&hellip;]<\/p>\n","protected":false},"author":1001003,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/audit.gov.ms\/index.php?rest_route=\/wp\/v2\/posts\/472"}],"collection":[{"href":"http:\/\/audit.gov.ms\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/audit.gov.ms\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/audit.gov.ms\/index.php?rest_route=\/wp\/v2\/users\/1001003"}],"replies":[{"embeddable":true,"href":"http:\/\/audit.gov.ms\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=472"}],"version-history":[{"count":0,"href":"http:\/\/audit.gov.ms\/index.php?rest_route=\/wp\/v2\/posts\/472\/revisions"}],"wp:attachment":[{"href":"http:\/\/audit.gov.ms\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/audit.gov.ms\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=472"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/audit.gov.ms\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}