PR.PS-06.259

Does your organization have a documented process for maintaining production software throughout its lifecycle and securely disposing of it when no longer needed?

Explanation

This question assesses whether your organization properly manages software in production environments from implementation through retirement. Proper software maintenance includes regular patching, updates, version control, and configuration management, while secure disposal ensures that outdated software doesn't create security vulnerabilities or compliance issues. Evidence could include a documented software lifecycle management policy, procedures for software updates and patching, decommissioning checklists, and records of software disposal activities (such as certificates of destruction, wiping logs, or documentation of removal from systems).

Implementation Example

Maintain the software used in production environments, and securely dispose of software once it is no longer needed

ID: PR.PS-06.259

Context

Function: PR: PROTECT
Category: PR.PS: Platform Security
Sub-Category: Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub