• Account & Access Management
• Application Services
• Data Center Hosting
• Desktop Management
• Enterprise Connectivity
• Information Security
• Messaging & Collaboration
• Professional Services
• Technology Sales
• Training, Education & Awareness
• Voice Services

OU Norman IT
OU Tulsa IT

Home  |  Online Help  |  Policies  |  Tier Ones

 :: HOME / Policies / for data owners

System Development Security Policy:

Supporting documents: Full policy

All information system resources which store, receive or transmit sensitive data must have security reviews conducted throughout its system development life cycle (SDLC).

Security reviews must be conducted throughout each phase of the System Development Life Cycle (SDLC) for information system resources which receive, store, or transmit sensitive data.  Security reviews are necessary to keep risks at reasonable and appropriate levels.

The following defines the minimum review requirements for each phase:

• Feasibility Phase – high level review to ensure security requirements can support the business case
• Requirements Phase – define any initial security requirements or controls to support the business requirements
• Design Phase – verify appropriate security controls for the baseline have been identified and ensure change control is established and used for the remainder of the SDLC.  Repeat verification with each design change or as warranted
• Development Phase – to verify and validate all security controls identified from design phase.  Repeated throughout as changes are made or as warranted
• Implementation Phase – final verification of existing controls and the appropriate levels of risk mitigation
  
  These security reviews must be documented as part of the complete record of the SDLC for this resource.