CivicPlus employs an independent 3rd party provider for penetration and vulnerability testing of CivicEngage infrastructure. This third-party provider’s statement of opinion, resulting from their most recent penetration test, may be requested via CivicEngage technical support.
Additional penetration testing may be contracted or performed by CivicPlus clients. However, CivicPlus does not take responsibility or liability for any damages that may result from these tests, and CivicPlus may hold a client responsible for damages to any shared resources. Clients may request a replicated test environment or dedicated server to be used for the purpose of testing (additional charges apply) to remove any risk to shared resources. If CivicPlus determines the penetration testing has any negative impact on shared resources, CivicPlus may revoke the privilege to continue penetration testing and take all/any necessary action to prevent further damage. Penetration testing of websites on shared resources may be performed on the weekends only. At least 3 business days before any penetration testing is to be conducted, clients must provide the following information to CivicPlus, via our technical support team:
- When the testing will take place
- IP source(s)
- target website(s)
- Name and contact information (CivicPlus client organization POC)
If a testing environment is needed, please include this in your request and submit this request at least 10 business days prior to your scheduled testing date.
Reports from penetration testing may be submitted to CivicPlus via technical support for evaluation.