ID.AM-08.139

Has your organization integrated cybersecurity considerations into all phases of your product development lifecycle?

Explanation

This question assesses whether security is built into products from conception through retirement rather than added as an afterthought. Effective integration includes security requirements gathering, threat modeling during design, secure coding practices during development, security testing before release, and vulnerability management post-deployment. Evidence could include documentation of your secure development lifecycle (SDLC) process, security requirements templates, threat modeling artifacts, security testing results from different product phases, or security-focused design review meeting minutes.

Implementation Example

Integrate cybersecurity considerations into product life cycles

ID: ID.AM-08.139

Context

Function: ID: IDENTIFY
Category: ID.AM: Asset Management
Sub-Category: Systems, hardware, software, services, and data are managed throughout their life cycles

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub