Software Development Life Cycle. A Software Development Life Cycle (SDLC) methodology, including release management procedures, must be documented, reviewed, approved, and version controlled, with management oversight, on a periodic basis. These must include activities that xxxxxx development of secure software, for example: 1. Validation of security requirements must follow a documented methodology. 2. SDLC methodology must include requirements for documentation and be managed by appropriate access controls. Developer access to production environments must be restricted by policy and in implementation. 3. Code certification, including security review of code developed by third parties (e.g., open source, contracted developers), must be performed. Third-party and open source code used in applications must be appropriately licensed, inventoried, supported, patches applied timely, tested prior to use in production, and evaluated for security defects on an on-going basis, with any identified gaps remediated in a timely manner.
Appears in 4 contracts
Samples: Wisconsin Student Data Privacy Agreement, Data Processing Addendum, Data Processing Addendum
