Version | 1.0 |
Owner | Head of Engineering |
Last Updated On |
|
Last Updated by | |
Approved by |
Purpose
Ensure that information security is designed and implemented within the development lifecycle for applications and information systems.
...
Changes to systems within the development lifecycle shall be controlled using formal change control procedures. Change control procedures and requirements are described in the ecoPortal Operations Security Policy.
Significant code changes must be reviewed and approved by Tech Lead before being merged into any production branch.
...
The acquisition of third-party systems and software shall be done in accordance with the requirements of the ecoPortal Third-Party Management Policy.
Developer Training
Software developers shall be provided with secure development training appropriate to their role at least annually. Training content shall be determined by management but shall address the prevention of common web application attacks and vulnerabilities. The following threats and vulnerabilities should be addressed as appropriate:
...