SYSTEM ACQUISITION, DEVELOPMENT, AND MAINTENANCE
What is System Acquisition, Development, And Maintenance?
The life cycle of your entire information system should be considered when creating your information security management system (ISMS). IT and network security aren’t the only areas of your ISMS that are covered. Instead, the entire system is covered. The implementation of this strategy from the beginning is essential. The approach you take across your systems must be comprehensive. That is from acquisition, through development and then into maintenance.
To ensure information security in every step, you must examine all your systems.
Mapping Your Life-Cycle
Develop a life-cycle map for your systems during development so that you can identify them. Review all information security activities for each step and enhance or upgrade the procedures if necessary.
Make sure information security vulnerabilities are detected within marketing, development, sales, implementation, support and financial systems, for example.
Check the following items in the development process:
- Policy for securing development
- Procedures for system changes
- After changing the operating system, applications are reviewed technically
- Changing software packages is restricted
- System security principles.
- Development environments that are secure.
- Development outsourcing.
- Testing to ensure that systems are secure
- System acceptance testing.
Use SHEQ software
To design and implement a Quality Management System, SRM and many of our clients use Mango Compliance Software – www.mangolive.com Mango makes it easier to obtain and maintain ISO 9001:2015 certification.
SRM is ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 certified. Contact our consultants today. Let us know if we can help you with the development and implementation of your Quality Management System.