Security Requirements of Systems

Systems Development and Maintenance

Security Requirements of Systems

Security Requirements Analysis and Specification

The purpose of this policy is to ensure that all new systems comply with CX Index’s security requirements.  Security approval shall be required for all key project phases (i.e. concept, requirements, testing).  All new or upgraded systems must have their security requirements documented.  

A risk assessment will be performed to evaluate the security requirements for new systems or upgrades.

The system owner, in conjunction with the Senior Management, will specify the security requirements of all new implementations prior to their final approval.

  • The controls and requirements will reflect the sensitivity and business value of the information assets involved.
  • Independent consultants will be brought in to assist in evaluations if deemed necessary.
  • Vulnerability scans and/or penetration tests will be run against systems to ensure security controls are in place, patch levels are current, and unnecessary services are not running.


Was this article helpful?