Information security requirements in HP BSM

Idea ID 1794851

Information security requirements in HP BSM

Hello dear Support, research and development teams,

We are representing one of the customers who use HP BSM product. 

We were asked by our IT Security team to fill in information security requirements for HP BSM application.

They are based on the ISO 27001, chapter A.14 - System acquisition, development and maintenance.

Could you kindly provide us/advise with the answers on the questions below:

1 . A.14.2.1 Secure development policy - if within your organisation (Microfocus/HP) a secure development policy is being applied for the software and if so, which one?

2. A.14.2.2 System change control procedures - Changes to systems within the development lifecycle must be controlled by the use of formal change control procedures.Which procedures are being used at Microfocus?

3. A.14.2.3 Technical review of applications after operating platform changes - When operating platforms are changed, business critical applications need to be reviewed and tested to ensure there is no adverse impact on the organisational operations or security. - Is that ensured at Microfocus, if so - how?

4. A.14.2.7 Outsourced development - The organisation must supervise and monitor the activity of outsourced system development. - Has Microfocus oursourced the development of HP BSM application and if so, have security requirements been specified in a special agreement?

5. A.14.2.8 System security testing - Testing of security functionality needs to be carried out during development. - Is it the case for Microfocus and HP BSM as a software in particular? Were any third-party tools used for source code scanning?

Thank you in advance for your kind assistance to our requirements.

1 Comment
Micro Focus Expert
Micro Focus Expert
Status changed to: Already Offered

We are ISO 27001 certified. Please check for details.


The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.