Create testing and validation procedures that follow a specific process to assure software procurement and usage compliance in healthcare. The key to the success of this step is to document exact procedures to be followed by a testing team prior to installation.

At a minimum, the procedures should address the following questions:

• What are potential vulnerabilities inherent in the application platform?
• How well does the vendor document preventive measures built into the application?
• Are there alternative solutions provided by the vendor or in the application in case of a breach?
• What additional safeguards can be added to ensure the security ofthe software environment?

The testing and validation procedures should address each of these concerns.

The executive team will want to see specific steps for the testing team to follow as the team members complete the tests and assurances already recommended.

Document specific testing and validation recommendations from a cybersecurity policy standpoint in the Test Script Procedures Templateas shown below.

Procurement Policy Concern	Specific Testing Recommendation to Address Each Policy Concern
What are the potential vulnerabilities inherent in the application platform?
How well has the vendor documented preventive measures built into the application?
Are there alternative solutions provided by the vendor or in the application in case of a breach?
What additional safeguards can be added to ensure the security ofthe software environment?
Is this application copyrighted? Has the product been processed through the federally approved supply chain system?