Castleforce IT Security Team

A.12.5 Security in development and support processes

Objective: To maintain the security of application system software and information.

A.12.5.1 Change control procedures

Control

The implementation of changes shall be controlled by the use of formal change control procedures.

A.12.5.2 Technical review of applications after operating system changes

Control

When operating systems are changed, business critical applications shall be reviewed and tested to ensure there is no adverse impact on organizational operations or security.

A.12.5.3 Restrictions on changes to software packages

Control

Modifications to software packages shall be discouraged, limited to necessary changes, and all changes shall be strictly controlled.

A.12.5.4 Information leakage

Control

Opportunities for information leakage shall be prevented.

A.12.5.5 Outsourced software development

Control

Outsourced software development shall be supervised and monitored by the organization.

Contact Castleforce for help with ISO27001 

Assuria Compliance and Vulnerability assessment, change detection, file integrity monitoring, Server Hardening and Log Management NETASQ-UTM-EAL4-Network-Security-appliances Boldonjames secure messaging and document solutions DESlock+ FIPS-140-2 CESG CCTM Full disk Encryption, Removable Media Encryption, Email Encryption, Folder Encryption Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure Sourcefire-3D System and masters of SNORT and CLAMAV InfoGov helps you to achieve compliance, manage risk and demonstrate good governance now, and into the future. Swivel-PINsafe-CESG-CCTM-the-power-of-knowing Lumension-Security-Patch-Management-and-end-point-protection Imprivata OneSign Single Sign-On (SSO) appliance Check Point firewalls and Pointsec Encryption software Wallix-AdminBastion-and-LogBastion-provide-access-control-and-monitoring-solutions

© Copyright Castleforce 2007-2012. Web design by Theme Group