The National Information Technology Development Agency (NITDA) has disclosed how it subjected the University Transparency and Accountability Solution (UTAS) of the Academic Staff Union of Universities (ASUU) to series of tests to find out whether it meets the required standard.
Head, Corporate Affairs and External Relations of the agency, Mrs Hadiza Umar, said in a statement on Saturday that the UTAS failed some tests which must be rectified before it is resubmited for further assessment.
Umar said it became necessary for the agency to set the record straight owing to biased information in the public domain about the involvement of NITDA to the solution.
She explained that the Act establishing NITDA mandated it to create a framework for the planning, research, development, standardisation, application, coordination, monitoring, evaluation and regulation of Information Technology (IT) practices in Nigeria.
To that effect, Umar said the agency had over the years, issued series of regulatory instruments, including the Software Testing and Quality Assurance Framework and Guideline issued in 2016.
“This regulatory instrument, currently being reviewed, provides guidelines for the design, development and testing of software projects in Nigeria.
“Furthermore, Section 10 of the Guidelines for Nigerian Content Development in ICT, 2019, provided detailed guidelines and expectations for Indigenous Software Development and Software Enabled Products and Services.
“In line with its mandate, the agency has been registering indigenous software solutions and part of the registration process requires that solutions are subjected to tests in line with the requirements of the Software Testing and Quality Assurance Framework and Guideline, and the Guidelines for Nigerian Content Development in ICT.
“It is common knowledge that ASUU has been engaging the Federal Government on a number of issues including payment of promotion arrears, earned academic allowance, funding for revitalisation of public Universities, and adoption of UTAS as payment platform for universities.
“On the October 14, 2020, NITDA was invited to participate in an interactive session between ASUU, Federal Government and the Legislature to avail ASUU the opportunity to demonstrate the UTAS platform,” Umar said.
According to her, as part of the conditions for acceptance of UTAS as payment platform for public universities by the Federal Government, NITDA was directed to subject the platform to Integrity Test and advise the government appropriately.
She added that the agency conducted three out of eight tests specified in the Software Testing and Quality Assurance Framework and Guideline.
Umar said the tests included User Acceptance Test (UAT), Stress Test, and Vulnerability Assessment and Penetration Test (VAPT).
She added that NITDA met with ASUU on Oct. 22, 2020, to discuss the modalities of the assessment of the solution, which involved the National Universities Commission (NUC) and Office of the Accountant General of the Federation.
“Furthermore, documents necessary for effective planning and execution of the tests were requested.
“Upon receipt of the documents from ASUU as well as access details of the UTAS platform in January, 2021, the agency’s team carried out basic Functionality/User Acceptance Test on the platform.
“As NUC conducted UAT, NITDA felt it can use the report produced by NUC for its report.
“However, upon review, it was observed that the Solution was demonstrated to the Principal Officers in a similar way it was demonstrated at the Accountant General’s Office.
“The Agency decided that further UAT be carried out with actual end-users from the University System,” she said.
She explained that arrangements were made and 46 staff members from 28 Federal Universities, mainly from Vice Chancellor’s Office, Human Resources, Accounts and Bursary participated in the UAT that held at the NUC complex on Aug. 10, 2021.
According to her, although the UAT was carried out as planned, challenges were encountered that negatively impacted on the outcome of the assessment.
Umar added that the agency’s team also carried out series of Vulnerability Assessment and Penetration Tests on the UTAS platform, which revealed high risk vulnerabilities that were likely to negatively impact on the platform, if exploited.
“Furthermore, two Low Risk vulnerabilities were identified and all discussed with the ASUU team and a further assessment carried out on the updated version of the Solution revealed that the High Risk Vulnerabilities have been addressed.
“However, one Medium Risk, three Low Risks and 44 Informational Risks were identified and were adequately communicated to the relevant stakeholders including ASUU,” the spokesperson said
She added that a comprehensive report outlining all the tests carried out and issues identified were submitted to Dr Isa Pantami, the Minister of Communications and Digital Economy, on Dec. 3, 2021, and also to the Chief Conciliator, Dr Chris Ngige, the Minister of Labour and Employment, as well as other stakeholders in ASUU.
Umar recalled that on Feb. 22, 2022, during the conciliation meeting at the instance of Ngige, it was resolved that NITDA worked with ASUU and subject UTAS to re-assessment with key members of the conciliation team in attendance during the Technical Team’s sessions as observers.
“It may interest the agency’s stakeholders to know that NITDA, as a responsible agency of government, made all arrangements to ensure that the exercise was carried out successfully.
“The interaction commenced on the March 8, 2022, with discussion on the methodology to be used as specified in the Software Testing and Quality Assurance Framework and Guideline.
“Upon reaching agreement and starting the actual test on the Solution, a critical error occurred and the test could not continue and as a result, the interaction had to be postponed to enable the ASUU Team rectify the issue.
“Considering the challenge encountered, the assessment methodology had to be reviewed to facilitate daily remediation of critical issues as they occur which is against NITDA’s Standard Operating Procedure for such exercises,” she said.
She recognised the attention of stakeholders and the general public to the need for the UTAS platform to be sufficiently robust with key functionalities implemented before being deployed to the production environment.
Umar reiterated that the solution as currently implemented was limited, adding that there are critical functionalities that needed to be implemented, tested and passed before the Solution could be considered to meet NITDA’s due diligent requirements.
“These areas of improvement have been fully documented and shared with the ASUU team for necessary action.
“It is expected that ASUU will improve on the areas identified, work on the security issues flagged and resubmit the Solution for further assessment.
“The agency wish to use this opportunity to assure stakeholders and the general public of its commitment to its mandate and the vision of proactively facilitating the development of Nigeria into a sustainable digital economy by creating an enabling environment where Nigerians develop, adopt and derive value from digital technology,” the statement read in part.