The National Information Technology Development Agency has said that the University Transparency and Accountability Solution proposed by the Academic Staff Union of Universities has failed to fully pass certain testing and quality assurance requirements.
The agency said this in a statement issued on Saturday in response to media reports on its role in the assessment of UTAS.
In the statement, NITDA affirmed its mandate, which involves creating a framework for evaluation and regulation of information technology practices in Nigeria.
The statement read in part, “In line with its mandate, the agency has been registering indigenous software solutions. Part of the registration process requires that solutions are subjected to tests in line with the requirements of the Software Testing and Quality Assurance Framework and Guideline and the Guidelines for Nigerian Content Development in ICT.”
ASUU has been engaging the Federal Government on some issues, such as payment of promotion arrears, earned academic allowance, funding for revitalisation of public Universities, and adoption of UTAS as a payment platform for universities.
NITDA was invited on October 14, 2020, to participate in an interactive session between ASUU, Federal Government and the Legislature.
For the UTAS to be accepted as a payment platform, NITDA was directed to carry out an integrity test on the software.
“As part of the conditions for acceptance of UTAS as a payment platform for public universities by Federal Government, NITDA was directed to subject the platform to integrity test and advise government appropriately. In doing so, the agency decided to carry out three out of the eight tests specified in the Software Testing and Quality Assurance Framework and Guideline. These tests are User Acceptance Test, Stress Test, and Vulnerability Assessment and Penetration Test,” the statement read.
NITDA added that some challenges occurred that could hamper the result of the assessment.
The statement read, “Although the UAT was carried out as planned, challenges were encountered that negatively impacted on the outcome of the assessment. For instance, although the invitation emphasised the need for prospective participants to come with ICT tools for the exercise, very few of the participants had these tools.
“This resulted in grouping the participants and very limited hands-on interaction with the Solution was possible. Furthermore, there was limited connectivity thereby making it difficult for the participants with the relevant tools to follow the demonstration by ASUU. These issues were adequately reported to key stakeholders.”
NITDA also said that certain risks were revealed based on the assessments executed.
It said, “The agency’s team also carried out series of Vulnerability Assessment and Penetration Tests on the UTAS platform. One of these assessments revealed five High-Risk vulnerabilities that are likely to negatively impact the platform if exploited.
“Furthermore, two Low-Risk vulnerabilities were identified. These were discussed with the ASUU team and a further assessment carried out on the updated version of the Solution revealed that the High-Risk Vulnerabilities have been addressed. However, one Medium Risk, three Low Risks and forty-four Informational Risks were identified. These also were adequately communicated to the relevant stakeholders, including ASUU.”
It added, “A detailed Functionality/User Acceptance Test on the platform was carried out by our team. A total of 687 test cases were generated in which 529 passed, 156 failed and 2 cautionary warnings. As some of the failed cases are critical to the overall functionality of the solution, the agency could not recommend for the solution to be deployed in a production environment.”
NITDA further said that ASUU was asked to work on the solution and submit it for further assessment.