T7.1.1 - INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENENCE POLICY Implementation Guidance
The entity shall establish an information systems acquisition, development, and maintenance policy.
Back to T7.1.1 - P4 - INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENENCE POLICY
The information systems acquisition, development and maintenance policy facilitates the implementation of the associated controls to integrate information security requirements into the software life cycle of information systems that contain protected data. The policy can, for example, contain in addition to the required sub-controls:
- A. Information security requirements around systems specification, correct processing, cryptography, system files, etc.
- B. Audit requirements
The information systems acquisition, development and maintenance policy can be included as part of the general information security policy, in a single policy document, or can be represented by multiple policies reflecting the complex nature of certain entities.
Back to T7.1.1 - P4 - INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENENCE POLICY
