This objective, and the other similar ‘Approach For‘ objectives, simply state what has to be in your Agreed Ways Of Working for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.

Current measures of security in Products against the requirements of its Product Security Level best inform what the Product Delivery Organisation should be doing to improve its approach to security.

If your Product Delivery Organisation has measures showing many of a particular type of Product consistently not meeting their requirements for security then steps must be taken to improve understanding or Agreed Ways Of Working to address this.

A lot of money is wasted by Organisations everywhere on security initiatives that don’t address and reduce the specific risks that the Organisation needs to mitigate.

It’s the Product Delivery Organisation that must improve its approach to security continuously to address the changing risks the Organisation is carrying and the Head Of Product Delivery Organisation is accountable for this.

Current measures of the processes that Product Teams are following to securely deliver Products best inform what the Product Delivery Organisation should be doing to improve their approach to security.

If your Product Delivery Organisation has measures showing many Product Teams not consistently following part of Agreed Ways Of Working then steps must be taken to improve understanding or Agreed Ways Of Working to address this.