Software Acceptance Policy List
| Specific Testing Recommendation to Address Each Policy Concern | |
| Does the vendor provide any cybersecurity certifications with the product? | For a vender to address this, they should always provide an ISO certificate on any software, and the organization should verify that the license that comes with the software is legal and cannot pose any future security risks.
|
| Does the vendor provide access to the source code for the product? Are there other security issues in source code to be addressed? | Provision of the source code should get looked in two ways: foremost if the organization entirely purchases the product for its commercials use, the vendor should provide the source code to the organization to individual a situation where they can breach the contract and resale the software. Secondly, if the organization only hires or reses the software, it cannot get provided with the full source code but should be responsible for the work of after sell services. |
| What is the guaranteed frequency of security updates to be provided for the product? | The vender should always provide a contract where it details how it will provide updates, and the agreement should be legally binding to ensure that all parties do not breach it. |
| What is the implementation process for software updates/upgrades? | For any software update or upgrade, either of the party must inform the other before being the process. Next, the organization should ensure it has aback up of all data in the software to avoid a situation where data might get lost during the process. Additionally, the vendor should provide documented guidelines showing how it will implement the process. |
| Is the software getting purchased verified by by the IT agents? | Any software getting purchased should always get verified and should go through a security check to ensure it is safe from any security threat. |
| Are there any information services to be provided to the technical support of the new software? | During the procurement chain, the supplier should provide all the technical details and security issues regarding the software to technical support. |
| Is any new agreement likely to conflict with any existing contracts? | Furthermore, the organization should look at all the contact it has with the current supplier and other suppliers to see if they conflict with the current contract to avail any illegal deal. |
| Does the vender have any issue with the review of the software acquisition form? | Additionally, the organization should inquire on whether the vender has any security issues if the software acquisition form gets reviewed. |
| Who specifies the IT-related software’s and also authorizes the purchases | The procurement policy should always have a detailed explanation of the one who specifies the software to get purchased and also the one who authorizes purchases. |
| Provision of receipt for acknowledgement of the purchase? | The organization should always ensure it receives the acknowledgement receipt for the purchase. |
| What happens if the software gets declined or changed? | The head of the IT department should always provide an explanation to the managers for any decision made about new software’s. |
| What is the role of the IT department in the installation of the software? | The IT department should never install any software unless it gets involved in its specification. The software should never get installed by staff, and any third-party contractor should always get approval by IT head. The contractor should comply with the existing guidelines and regulations. |
References