Prepare and run the Pen Testing on metadata.nhs.uk.

[AngelaFaulding]

Prepare and run the Pen testing on metadata.nhs.uk. This includes re-platforming metadata.nhs.uk onto corporate standard infrastructure.

[PaulChapmanPM]

Checked in with Bob. No further progress made on this and not possible to forecast when the work will be done. I'll check in with him again in about another week.

[AngelaFaulding]

@oughnic - Is this still required?

[AngelaFaulding]

Comment from Nicholas:

I’m checking with Aled – assuming

1. he has done the tests
2. You are hosting on the Answer Digital infrastructure Then no, the tests probably aren’t required.

Can you leave the ticket open for now?

[AngelaFaulding]

Update from Nicholas:

Our test partner Precursor are running pen testing on:

Environment: 25th - 26th August Application: 29th August - 1st Sept

I'll issue a note to the mailing list with any impact on availability but have scheduled on Saturday / BH week to avoid potential impact on users.

Let's review risks and mitigations in the week after that

Aled Greenhalgh Answerdigital

[AngelaFaulding]

1/7/24 - Transformation Directorate colleague newsletter - 28 June states:

Spotlight on the Penetration Testing and Assurance Team (PTAT) PTAT helps to proactively identify any weaknesses a cyber criminal could use to compromise NHS systems or steal patient data. The service is available to all NHS England teams. Tests must be carried out before a service goes live when there are major changes to a service or on an annual basis to ensure the service continues to be secure. Learn more about the service.