Penetration Testing

CivicEngage Central is 3rd party penetration and vulnerability tested biannually. Requests to conduct penetration testing may also be submitted. 

Request a Statement of Opinion

CivicEngage Central clients may request our third-party provider’s “Statement of Opinion”—the formal results of their penetration and vulnerability testing--by providing the following information to CivicPlus, via our Technical Support team. 

• Name and contact information (CivicPlus client organization POC): [insert here]
• Product: CivicEngage Central
• Request: Please provide the latest CivicEngage Central Statement of Opinion from 3rd party provider pen testing
• Route to: Hosting and Security
• Reference: [link to this article]
  
  

Conduct Additional Penetration Testing

Additional penetration testing may be contracted or performed by CivicPlus clients. However, CivicPlus does not take responsibility or liability for any damages that may result from these tests, and CivicPlus may hold a client responsible for damages to any shared resources. Clients may request a replicated test environment or dedicated server to be used for the purpose of testing (additional charges apply) to remove any risk to shared resources. If CivicPlus determines the penetration testing has any negative impact on shared resources, CivicPlus may revoke the privilege to continue penetration testing and take all/any necessary action to prevent further damage. Penetration testing of websites on shared resources may be performed on the weekends only. At least 3 business days before any penetration testing is to be conducted, clients must provide the following information to CivicPlus, via our Technical Support team. 

• When the testing will take place
• IP source(s)
• target website(s)
• Name and contact information (CivicPlus client organization POC)
  
  

If a testing environment is needed, please include this in your request and submit this request at least 10 business days prior to your scheduled testing date.

Reports from penetration testing may be submitted to CivicPlus via technical support for evaluation following our vulnerability submission process.