Content library
Digital security overview
53: Tietoturva- ja tietousojavaatimusten huomiointi kehityksessä

How to fill the requirement

Digital security overview

53: Tietoturva- ja tietousojavaatimusten huomiointi kehityksessä

Task name
Priority
Status
Theme
Policy
Other requirements
Guidelines for secure development
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Secure development
requirements

Task is fulfilling also these other security requirements

14.2.1: Secure development policy
ISO27 Full
14.2.5: Secure system engineering principles
ISO27 Full
TEK-14: Ohjelmistojen turvallisuuden varmistaminen
Julkri
8.25: Secure development life cycle
ISO27k1 Full
8.27: Secure system architecture and engineering principles
ISO27k1 Full
1. Task description

The general rules for secure development work have been drawn up and approved by the development managers. The implementation of the rules is monitored in software development in the organization and the rules are reviewed at least yearly.

The safe development policy may include e.g. the following things:

  • safety requirements of the development environment
  • instructions for secure coding of the programming languages used
  • safety requirements at the design stage of properties or projects
  • secure software repositories
  • version control security requirements
  • the skills required from developers to avoid, discover and fix vulnerabilities
  • compliance with secure coding standards

Compliance with the rules of secure development may also be required of key partners.

Security rules for the development and acquisition of data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system procurement
requirements

Task is fulfilling also these other security requirements

I13: Ohjelmistoilla toteutettavat pääsynhallintatoteutukset
Katakri
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
14.1.1: Information security requirements analysis and specification
ISO27 Full
14.1.2: Securing application services on public networks
ISO27 Full
14.2.5: Secure system engineering principles
ISO27 Full
1. Task description

Whenever new data systems are acquired or developed, pre-defined security rules are followed, taking into account the priority of the system. The rules ensure that adequate measures are taken to ensure the security of the data and data processing in the system.

No items found.