>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

DEV-01Policies for the development/procurement of information systems

>Control Description

Policies and instructions with technical and organisational measures for the secure development of the cloud service are documented, communicated and provided in accordance with SP-01. The policies and instructions contain guidelines for the entire life cycle of the cloud service and are based on recognised standards and methods with regard to the following aspects: • Security in Software Development (Requirements, Design, Implementation, Testing and Verification); • Security in software deployment (including continuous delivery); and • Security in operation (reaction to identified faults and vulnerabilities). Additional criteria: In procurement, products are preferred which have been certified according to the "Common Criteria for Information Technology Security Evaluation" (short: Common Criteria - CC) according Evaluation Assurance Level EAL 4. If non-certified products are to be procured for available certified products, a risk assessment is carried out in accordance with OIS-07.

Ask AI

Configure your API key to use AI features.