Case study by John Gleaden - Personal Assistant to the General Manager, Tender Search
Tender Search has a suite of software applications that help organisations to efficiently facilitate the tender process by advertising their tender opportunities and enabling suppliers to submit their tender applications online.
Most of our clients are local government or large organisations, and as such, data security is paramount. We need to ensure our systems are robust and that all data uploaded via our software applications are securely stored. We also need to be confident that our public-facing website maintains the highest level of security controls and that we don’t fall into any antics by cybercriminals.
Recently, our in-house software team developed a new product, eProcure Light. It’s an application for companies that have one-off tender requirements and we needed to undertake due diligence to ensure that it met the highest standards for data security.
While we have a team of excellent developers who are more than capable of building secure websites, they are not data security experts, so we called for expressions of interest (EOIs)from external suppliers.
The selection process was very rigorous - we received a lot of submissions from IT companies of all sizes and over the space of a couple of weeks, we created a shortlist of six. We deliberately avoided EOIs from large companies and multinationals because we like the approach of small to medium-sized companies that tend to offer more personalised service.
Once we had our shortlist, we started to drill deeper. We met every company to ask about pricing, their business model and approach. The final decision was extremely difficult. The Missing Link came out on top because they are similar to us in size and approach along with being highly experienced in conducting projects of similar nature. Also, I have to admit, I just had a gut feel that The Missing Link were the right choice.
We kicked off a few months ago and despite delays at our end, The Missing Link was great at keeping in touch in the leadup, and they were ready to go as soon as we were.
The pen testing itself was well organised and ran very smoothly. The Missing Link understood our timelines and was able to get the entire project completed within a month. From our business perspective, the results were good for us - there were no surprises in their findings.
In the scheme of things, Pen Testing hasn’t made a lot of difference to the way we go about our business or software development. However, it has reassured us that while we are doing things well, there are always ways to do things better. Since the project, we are also more confident about our Security posture and the expertise provided by their Security team will help us overcome any shortcomings while working through the process.
Overall, I’m pleased that our methodology was validated and along the way The Missing Link has taught us a couple of key things that we can apply to our app development in the future. We are constantly adding to our suite of software applications, and having worked with The Missing Link on eProcure Light, we’ve realised that this is a process that’s worthwhile doing more of as we go forward.