Are packages appropriately supported and maintained?

Consider

• Maintenance agreement with the supplier
• Changes and upgrades checked and tested before installation
• Source code provided
• Measures to prevent unauthorized access to the software
• Software supplier: number of support staff, references, reliability
• Contracts
• Software certified
• Where software is owned by the supplier-escrow agreement
• Implications of in-house modifications
• Stability/Penetration of package software/supplier

Restriction on Transfer to Production

Are there appropriate restrictions over implementing new program versions into production?

Consider

• Access controls
• Developers not able to move programs into production
• Audit trails of promotions to production

Are changes properly tested by developers and users?

Consider

• Test procedures
• User involvement in authorizing and testing changes
• Comprehensive and appropriate tests
• Tests properly documented and analysed

Approval of system testing

Is a formal sign off required after system testing?

Consider

• Timing of Sign-off
• Authority of signer

Testing of Recovery

Are the back-up and recovery procedures appropriately tested?

Consider

• Time taken to recover
• Processing on recovery
• Tested after major changes to system and system software
• Frequency of testing
• Date and result of last test
• Effectiveness of test
• Subsequent action

Testing

• Are models, programs and reports sufficiently tested before going into production or ‘live’?

www.bestitdocuments.com