Attorney general's report
The report by Attorney General Shauket Fakie as presented to Parliament yesterday wrongfully paints a picture of general disregard for accepted standards and procedures at SITA's various installations and offices. The report, says SITA Acting CEO Khulekani Buthelezi, is outdated and cites problems areas that SITA has mostly already dealt with.
"The Auditor General's report is a welcome barometer; however, it covers the period 2004/2005, and thus contains issues that we were aware of and have already addressed or put in place measures to deal with. None of it is new to us. It is incorrect, for instance, to say that 71% of our budget goes to the paying of contractors. The correct figure is only 14%."
Since the audit, he says, all policies and procedures have been standardised at the respective data centres. SITA has already procured and installed the infrastructure for disaster recovery. A successful disaster recovery test has been undertaken on the system, says Buthelezi.
Fears of logical security have been exaggerated in the media report, he says. Seven instances of high risk, seven of medium risk and two of low risk were highlighted, and with the use of specialised software these were dealt with immediately.
"The integrity of the information of our clients as hosted on our systems is secure."
SITA non-deployment of its capital expenditure in the last financial year was largely due to its clients not paying in time. "Already, in this financial we have committed up to 80% of our capital expenditure, mostly on upgrading infrastructure. Since the audit report, we have upgraded one mainframe at the Centurion Data Centre to increase capacity, and at peak it will operate at 50%. No throughput problems have been reported by users on the second mainframe during the past 12 months."
Buthelezi also says SITA has since procured and deployed a comprehensive intrusion detection and intrusion prevention system, which detects any malicious traffic emanating from clients' local area networks (LANs). "It blocks any traffic from entering the GCCN and infecting other clients."
Other measures that have since been implemented, says Buthelezi, include:
* The replacement of the previous fire protection system with a new one.
* The testing of fire detection equipment for efficiency. The equipment has passed all tests with flying colours.
* The testing of the emergency telephones at Centurion. No calls have so far been reported unanswered.
* Installation of card readers at Data Control centres. This has made unauthorised access to the centres difficult.
It is important to note, says Buthelezi, that SITA is constantly in contact with its clients through its Client Services and Government Relations division, and any concerns with the services rendered by SITA are dealt with immediately.