T3.3.2 - SYSTEM ACCEPTANCE AND TESTING Implementation Guidance
The entity shall establish acceptance criteria for new information systems, upgrades, and new versions, in addition to suitable tests of the system(s) carried out during development and prior to acceptance.
Back to T3.3.2 - P3 - SYSTEM ACCEPTANCE AND TESTING
Critical entities shall also take into account any other NESA’s relevant issuances, guidance, and activities in this regard.
Managers should ensure that the requirements and criteria for acceptance of new systems are clearly defined, agreed, documented, and tested. New information systems, upgrades, and new versions should only be migrated into production after obtaining formal acceptance. The following items should be considered prior to formal acceptance being provided:
- A. Performance and computer capacity requirements
- B. Error recovery and restart procedures, and contingency plans
- C. Preparation and testing of routine operating procedures to defined standards;
- D. Agreed set of security controls in place
- E. Effective manual procedures
- F. Business continuity arrangements
- G. Evidence that installation of the new system will not adversely affect existing systems, particularly at peak processing times, such as month end
- H. Evidence that consideration has been given to the effect the new system has on the overall security of the entity
- I. Training in the operation or use of new systems
- L. Ease of use, as this affects user performance and avoids human error
For major new developments, the operations function and users should be consulted at all stages in the development process to ensure the operational efficiency of the proposed system design. Appropriate tests should be carried out to confirm that all acceptance criteria have been fully satisfied.
