Docy Child

PDP-11 SDLC – Security Reviews

Estimated reading: 2 minutes 666 views

What is this control about?

SDLC – Security Reviews – Each change must undergo a security review. This needs to be formally called out in the policy and a step-by-step procedure for performing this review must be documented.

Available tools in the marketplace

 Tools
No tools recommendation for this section

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

  • N/A – no templates recommendation – See Security Reviews evidence below

Control implementation

Define and document a procedure for step-by-step guidance to perform security reviews. Implement a formal and repeatable process to perform security review as part the change management workflow.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

  • Provide evidence that the security review requirement is in the policy/workflow
  • Provide example of security review for one code change

Evidence example

From the suggested action above, an example is provided below.

1.    Provide evidence that the security review requirement is in the policy/workflow.

TrustCloud example demonstrates the security review procedures available on TrustCloud’s internal share site

SDLC - Security Reviews

 

 

2. Provide example of security review for one code change.

TrustCloud example of code review on a ticket

 

SDLC - Security Reviews

 

Join the conversation

ON THIS PAGE
SUBSCRIBE
FlightSchool
SHARE THIS ARTICLE
Twitter Facebook LinkedIn

❤️  Joyfully crafted by a 100% distributed team.