Article 45 – Information Security
49020.11 Information Systems Acquisitions, Development and Maintenance
-
Information systems include operating systems, infrastructure, business applications, off-the-shelf products, services, and user-developed applications. The design and implementation of the information system supporting the business process can be crucial to security. Security requirements shall be identified and agreed upon prior to the development and/or implementation of information systems. All security requirements shall be identified at the requirements phase of a project and justified, agreed upon, and documented as part of the overall business case for an information system.