Professional Documents
Culture Documents
ACPL-ISMS-C8.30 Outsourced Development Policy
ACPL-ISMS-C8.30 Outsourced Development Policy
ACPL-ISMS-C8.30 Outsourced Development Policy
Document ID ACPL-ISMS-C8.30
Document Classification Internal
Issue Date (effective from) 01.12.2023
Version No 1.0
Latest Review Date 01.12.2023
1. Control statement:
The organization should direct, monitor and review the activities related to outsourced system
development.
2. Purpose:
To ensure information security measures required by the organization are implemented in outsourced
system development.
3. Scope:
This policy covers the expected requirement communication, continual monitoring and review, legal
requirement fulfillment, threat modeling, ensuring sufficient testing and security requirements if
software development is outsourced.
4. Procedure:
The following points should be considered across the organization’s entire external supply chain:
a) Licensing agreements, code ownership and intellectual property rights related to the outsourced
content;
e) Provision of evidence that minimum acceptable levels of security and privacy capabilities are
established (e.g. assurance reports);
f) Provision of evidence that sufficient testing has been applied to guard against the presence of
malicious content (both intentional and unintentional) upon delivery;
g) Provision of evidence that sufficient testing has been applied to guard against the presence of known
vulnerabilities;
h) Escrow agreements for the software source code (e.g. if the supplier goes out of business);
Doc ID: ACPL-ISMS-C8.30 Version 1.0 Last Rev. Date: 01.12.2023 Page 2 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.
Outsourced Development Policy
5. Reference:
6. Revision History
Doc ID: ACPL-ISMS-C8.30 Version 1.0 Last Rev. Date: 01.12.2023 Page 3 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.