This objective, and the other similar ‘Approach For‘ objectives, simply state what has to be in your Agreed Ways Of Working for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
- Group or Individual
- Product Delivery Organisation
- Artefact
- Agreed Ways Of Working
- Concepts
- Third-Party Software Development Services
- Document
- Approach For Third-Party Software Development Services
- Risk Type
- Viability
- Event
- The Likelihood of a Security Incident is increased
- Caused By
- Product Delivery Organisation not resolving differences between internal and Third-Party security standards
- Leading To
- Loss of customers, financial fraud losses, increased TCO, substantial fines/sanctions from an external regulatory body
-
D-SR-B-1-1
Design > Security Requirements > Supplier Security
- Do stakeholders review vendor collaborations for security requirements and methodology?
-
D-SR-B-3-1
Design > Security Requirements > Supplier Security
- Are vendors aligned with standard security controls and software development tools and processes that the organization utilizes?