Common use of System Acquisition Development and Maintenance Clause in Contracts

System Acquisition Development and Maintenance. 9.1 The Supplier shall ensure that development activities are carried out in accordance with a documented system development methodology. 9.2 The Supplier shall maintain segregation of the Supplier’s development and test environments to reduce the risks of unauthorised access or changes to the operational system. 9.3 The Supplier shall ensure that information security and secure coding standards for the system under development shall be followed when designing the system. 9.4 The Supplier shall ensure that all system requirements (including functional and technical specifications and information security requirements) shall be documented and agreed before detailed design commences. 9.5 The Supplier shall ensure that quality assurance of key information security activities is performed during the development lifecycle. 9.6 The Supplier shall ensure that system build activities shall be carried out in accordance with Good Industry Practice, performed by individuals with the relevant skills and provided with the relevant tools. The Supplier shall inspect all system build activities to identify unauthorised modifications or changes which may compromise security controls. 9.7 The Supplier shall ensure that all elements of the Supplier Systems are tested at all stages of the software development lifecycle before the system is promoted to the live environment. 9.8 The Supplier shall undertake post-implementation reviews for all major changes. 9.9 The Supplier shall ensure that segregation of duties is in place for system development, including ensuring that system developers do not have access to the live environment, unless in an emergency. Such activities in these circumstances shall be logged and subject to independent review.

System Acquisition Development and Maintenance. 9.1 The Supplier shall ensure that development activities are carried out in accordance with a documented system development methodology. 9.2 The Supplier shall maintain segregation of the Supplier’s development and test environments to reduce the risks of unauthorised unauthorized access or changes to the operational system. 9.3 The Supplier shall ensure that information security and secure coding standards for the system under development shall be followed when designing the system. 9.4 The Supplier shall ensure that all system requirements (including functional and technical specifications and information security requirements) shall be documented and agreed before detailed design commences. 9.5 The Supplier shall ensure that quality assurance of key information security activities is performed during the development lifecycle. 9.6 The Supplier shall ensure that system build activities shall be carried out in accordance with Good Industry Practice, performed by individuals with the relevant skills and provided with the relevant tools. The Supplier shall inspect all system build activities to identify unauthorised unauthorized modifications or changes which may compromise security controls. 9.7 The Supplier shall ensure that all elements of the Supplier Systems are tested at all stages of the software development lifecycle before the system is promoted to the live environment. 9.8 The Supplier shall undertake post-implementation reviews for all major changes. 9.9 The Supplier shall ensure that segregation of duties is in place for system development, including ensuring that system developers do not have access to the live environment, unless in an emergency. Such activities in these circumstances shall be logged and subject to independent review.