Hello dear Support, research and development teams,
We are representing one of the customers who use HP BSM product.
We were asked by our IT Security team to fill in information security requirements for HP BSM application.
They are based on the ISO 27001, chapter A.14 - System acquisition, development and maintenance.
Could you kindly provide us/advise with the answers on the questions below:
1 . A.14.2.1 Secure development policy - if within your organisation (Microfocus/HP) a secure development policy is being applied for the software and if so, which one?
2. A.14.2.2 System change control procedures - Changes to systems within the development lifecycle must be controlled by the use of formal change control procedures.Which procedures are being used at Microfocus?
3. A.14.2.3 Technical review of applications after operating platform changes - When operating platforms are changed, business critical applications need to be reviewed and tested to ensure there is no adverse impact on the organisational operations or security. - Is that ensured at Microfocus, if so - how?
4. A.14.2.7 Outsourced development - The organisation must supervise and monitor the activity of outsourced system development. - Has Microfocus oursourced the development of HP BSM application and if so, have security requirements been specified in a special agreement?
5. A.14.2.8 System security testing - Testing of security functionality needs to be carried out during development. - Is it the case for Microfocus and HP BSM as a software in particular? Were any third-party tools used for source code scanning?
Thank you in advance for your kind assistance to our requirements.