Article 88
This article is inactive.
This article has been deemed outside of scope for the debate and exists only for reference.
Testing
1. Union space operators shall establish, maintain and review a testing programme for the network and information systems, as an integral part of their risk-management.
2. The testing programme referred to in paragraph 1 shall include testing campaigns comprising all necessary tests, notably considering the risk assessment referred to in Article 78(2).
3. Union space operators shall ensure that, prior to launch, or in the case of satellites part of a constellation, prior to the launch of the first batch of satellites, and at least every 3 years afterwards, they carry out Threat Led Penetration Testing (TLPT). The plan for testers carrying out a TLPT shall outline the scope and the methodology of the TLPT, the entity in charge of carrying out such test, the mitigation strategy for any risks which carrying out of a TLPT may entail. Testers carrying out TLPT shall comply with the following requirements:
(a) they shall be of the highest suitability and reputability;
(b) they shall possess all technical and organisational capabilities and shall demonstrate specific expertise in penetration testing;
(c) they shall provide an independent assurance or an audit report;
(d) they shall present a redress plan to address the identified risks. Testers that are external to the corporate structure of the Union space operators shall be certified by an accreditation body of a Member State or shall adhere to formal codes of conduct or ethical frameworks. They shall be fully covered by a relevant professional indemnity insurance against risks of misconduct and negligence. Union space operators shall monitor system failures and anomalies observed during the testing processes and evaluate their criticality.
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/article.php:8) in /var/www/html/script/loginauth.php on line 163