DraftIndicative placeholder for the section owner — amend, replace, or confirm as the first definitive version.
Doc owner: TBD
Software Development Life Cycle Policy
Placeholder. This page is a stub created to hold the ISO 27001 control set. Content to be drafted by the policy owner.
Purpose
To ensure software developed by or for Allied is built, tested, and released securely throughout its lifecycle.
Scope
Applies to all software developed by Allied or on Allied's behalf, and significant configuration of third-party software.
Roles and responsibilities
| Role | Responsibility |
|---|---|
| TBD (policy owner) | Maintains secure SDLC standards |
| Engineering teams | Apply the standards to development work |
Policy statements
TBD — to cover requirements security, secure coding standards, code review, dependency management, testing (SAST/DAST), release controls, environment separation, and source code access (who can read and write Allied's repositories, development tools, and software libraries; how that access is reviewed).
Related
- POL-DIG-002 Access Control Policy — general access control rules; this policy holds the source-code-specific control (ISO A.8.4)
- POL-DIG-009 Change Management Policy
- POL-DIG-006 Vulnerability Management Policy
- ISO 27001:2022 Annex A.8.4 (Access to source code), A.8.25–A.8.31