Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente Prochaine révisionLes deux révisions suivantes | ||
en:cs:quality_report [2018/02/11 21:57] – [Product Standards Compliance Process] fraggle | en:cs:quality_report [2018/02/11 22:14] – [Role of the Product Standard Security requirements] fraggle | ||
---|---|---|---|
Ligne 210: | Ligne 210: | ||
==== Role of the Product Standard Security requirements ==== | ==== Role of the Product Standard Security requirements ==== | ||
- | By introducing the risk-based secure Software Development Lifecycle the product standard security acts as product security knowledge base containing best practices of secure software development and as a threat-library for the program specific risk assessment. The question whether a program needs to comply with a product standard requirement or not depends on the underlying risk that was identified and rated during the risk assessment. | + | By introducing the risk-based secure Software Development Lifecycle the product standard security acts as product security knowledge base containing best practices of secure software development and as a threat-library for the program specific risk assessment. The question whether a program needs to comply with a product standard requirement or not depends on the underlying risk that was identified and rated during the risk assessment. |
In case of corporate violations in addition an exceptional approval needs to be requested. | In case of corporate violations in addition an exceptional approval needs to be requested. | ||
- | Links to the requirements | + | List of the requirements |
==== List of Product Standard Requirements ==== | ==== List of Product Standard Requirements ==== | ||
Ligne 328: | Ligne 328: | ||
Besides of corporate product standard requirement deviations a corporate requirement non-compliance can also happen in case of a process violation. | Besides of corporate product standard requirement deviations a corporate requirement non-compliance can also happen in case of a process violation. | ||
- | For Security and DPP this means: | + | For Security and DPP (Data Protection & Privacy) |
* A Security Validation Report is rated by two stars or less can be considered as a process violation and exceptional approval needs to requested | * A Security Validation Report is rated by two stars or less can be considered as a process violation and exceptional approval needs to requested |