T7.5.3 -ACCESS CONTROL TO PROGRAM SOURCE CODE Implementation Guidance
The entity shall restrict the access to program source code.
Back to T7.5.3 - P3 - ACCESS CONTROL TO PROGRAM SOURCE CODE
Access to program source code and associated items (such as designs, specifications, verification plans and validation plans) should be strictly controlled, in order to prevent the introduction of unauthorized functionality and to avoid unintentional changes. For program source code, this can be achieved by controlled central storage of such code, preferably in program source libraries. The following guidelines should then be considered to control access to such program source libraries in order to reduce the potential for corruption of computer programs:
- A. Where possible, program source libraries should not be held in operational
- B. The program source code and the program source libraries should be managed according to established procedures
- C. Support personnel should not have unrestricted access to program source libraries
- D. The updating of program source libraries and associated items, and the issuing of program sources to programmers should only be performed after appropriate authorization has been received
- E. Program listings should be held in a secure environment
- F. An audit log should be maintained of all accesses to program source libraries
- G. Maintenance and copying of program source libraries should be subject to strict change control procedures
