Challenge

The Democratic Empowerment Project (DEP) provides technical support for the Electoral Management Bodies (EMBs) to improve the transparency of results management and others processes to build public confidence in the electoral process. In this context, DEP had provided support to National Electoral Commission (NEC) and Zanzibar Electoral Commission (ZEC) to enhance their ICT capacities and specifically to provide new Election Management Systems to manage results, observers and candidate data (the RMS, OMS and CMS) as part of the EMBs' preparation for the 2015 referendum and the general elections. The newly-developed web-based software solutions have been designed around the specific needs of NEC and ZEC. The solutions were deployed on both NEC and ZEC web servers in their respective data centres.

Since the applications are also web-based, the EMBs have specifically requested for an independent audit of the security and effectiveness of the software solutions. UNDP hereby requested to conduct the security audit of the RMS, OMS and CMS applications, and of the EMBs' network architecture. In addition, availability and performance audit of the applications and of the EMBs' system has been performed.

Solution

Scope for the security audit:

  • External tests;
  • Internal tests;
  • Source code audit;
  • Architecture audit.

For the availability and performance audit:

  • Stress tests;
  • Load tests.

Services provided

  • Detailed inventory of EMS applications and EMB's system vulnerabilities.
  • Recommendations for addressing any security deficiencies.
  • Prioritized action plan with indicators for guiding decision making.
  • Detailed report on performance of the EMS applications and the EMB's systems.
  • Recommendations for increasing performance of the applications and systems.
  • Software and system post-implementation review.