|
Article 20
|
(System Development Life Cycle – Deployment, Maintenance and Operation, and Outsourcing Stage)
- An organization shall update and rectify the information and communication system against relevant security threats and flaws and also disable unnecessary services and portals in the deployment environment.
- An organization shall inspect the existing information and communication system, set and use quality passwords, and avoid using default passwords.
- An organization shall implement version control and management revision during the maintenance and operation stage of the development life cycle of the information and communication system.
- If an organization outsources the development of the information and communication system, it shall incorporate by level the safety requirements (including confidentiality, availability, integrity) of the system of each stage of the development life cycle in the outsourcing contract.
|