National Information Technology Development Agency (NITDA) has provided a detailed position on University Transparency and Accountability Solution (UTAS), the payment platform developed by the Academic Staff Union of Universities (ASUU).
A statement by Hadiza Umar, Head, Corporate Affairs and External Relations, recalled that on October 14, 2020, NITDA was invited to participate in an interactive session between ASUU, the Federal Government and the National Assembly.
The meeting agreed that NITDA should subject the platform to an Integrity Test and advise the government appropriately.
The spokesperson listed three tests specified in the Software Testing and Quality Assurance Framework and Guideline – User Acceptance Test (UAT); Stress Test and Vulnerability Assessment and Penetration Test (VAPT).
Umar noted that after ASUU submitted the requirements in January 2021, the National Universities Commission (NUC) first ran the UAT.
But upon review, NITDA carried out an end-users test on August 10, 2021. About 46 staff members from 28 Federal Universities, mainly from Vice Chancellor’s Office, Human Resources, Accounts and Bursary participated.
The agency said some challenges encountered negatively impacted the outcome of the assessment, including the participants’ limited ICT tools for the exercise.
NITDA then carried out the VAPT on the UTAS platform which revealed “5 High-Risk vulnerabilities that are likely to negatively impact on the platform if exploited”
“Furthermore, 2 Low-Risk vulnerabilities were identified. A further assessment carried out on the updated version of the Solution revealed that the High-Risk Vulnerabilities have been addressed.
“However, 1 Medium Risk, 3 Low Risks and 44 Informational Risks were identified. These also were adequately communicated to the relevant stakeholders including ASUU.
“A detailed Functionality/User Acceptance Test on the platform was carried out by our team. A total of 687 test cases were generated in which 529 passed, 156 failed and 2 cautionary warnings.”
NITDA explained that it could not recommend the deployment of UTAS and therefore asked ASUU to work on the payment platform and re-submit it.
The agency said due to its commitment to the process, another interaction commenced on March 8, 2022, with a discussion on the methodology to be used as specified in the Software Testing and Quality Assurance Framework and Guideline.
“Upon reaching agreement and starting the actual test, a critical error occurred and the test could not continue. As a result, the interaction had to be postponed to enable the ASUU Team to rectify the issue.
“We believe that the interaction availed ASUU the opportunity to understand and appreciate NITDA’s commitment and level of professionalism exhibited in carrying out its responsibilities.”
NITDA insists there are critical functionalities that have to be implemented, tested and passed before UTAS can be considered to meet NITDA’s due diligence requirements.
Noting that the areas of improvement have been shared with the ASUU team, Umar said the union to present an update on the security issues flagged for additional assessment.