Software Development Lifecycle (SDLC Clause Samples

Software Development Lifecycle (SDLC. Application Security The Supplier has implemented and maintains a software development lifecycle (SDLC) policy and process Where the Supplier develops applications on the Company’s behalf the Supplier will observe industry standard application security guidelines and includes regular reviews of application source code e.g. development processes follow the Open Web Application Security Project (OWASP) standards for building secure applications The Supplier ensures that appropriate patch management procedures are in place to remain current with platform security fixes and conduct adequate testing The SDLC includes security requirements gathering, implementation, and verification tollgates before acceptance into production The Supplier provides developers with regular detailed coding and design training in application security. This includes most common vulnerabilities found in their applications along with prevention/remediation measures The Supplier ensures that development, testing, production and operational facilities are separated to reduce the risk of unauthorised access or changes to the production and operational systems and Confidential Information and Personal Data. Software developers are restricted from accessing production environment The Supplier ensures that an escrow agreement is in place that covers any software developed by the Supplier and appropriate security requirements The Supplier provides data masking functionality in relation to software processing any financial data (including payment card and banking information)