Requirement:

A general product development/maintenance/support process shall be documented and enforcedthat is consistent and integrated with commonly accepted product development processes that include, but are not limited to: a) configuration management with change controls and audit logging; b) product description and requirements definition with requirements traceability; c) software or hardware design and implementation practices, such as modular design; d) repeatable testing verification and validation process; e) review and approval of all development process records; and f) life-cycle support.

Guidance:

This process is required to ensure that the product supplier has well-defined and proven product development processes in place that can be extended to support the requirements specified by this standard. The required processes defined by this document assume the existence of a mature product development life-cycle. Secure product development life-cycles cannot be effective without these processes and rely upon them being in place. Examples of commonly accepted product development processes include ISO 9001 [11] and ISO/IEC 27034 [34] compliant processes. Having this process means that the product supplier uses techniques during the product development life-cycle that support, as a minimum, configuration management, requirements definition, design, implementation and testing.

Linked Article	Note	Edit
No linked articles available.

Link to Article Competence External Vulnerability Reports How to use this manual MOMS Development New Article New Article New Article New Article New Article Next steps to take PLC Development SCADA Development Training Link