Documentation
HECVAT Lite v3.0.6
Policies, Procedures and Processes
HLPP-02

Question HLPP-02

Are information security principles designed into the product lifecycle?

Weight25
High RiskYes
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

State why security principles are not designed into the product lifecycle.

Answering "YES"

Summarize the information security principles designed into the product lifecycle.

Reason for Question

The adherence to secure coding best practices better positions a vendor to maintain the CIA triad. Use the knowledge of this response when evaluating other vendor statements, particularly those focused on development and the protection of communications.

Follow-Up Inquiries

If information security principles are not designed into the product lifecycle, point the vendor to OWASP's Secure Coding Practices - Quick Reference Guide at https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide (opens in a new tab)

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]