Information security

INF030

Implement your information security measures

During this phase of the information security lifecycle, you implement the agreed security and privacy measures including policies, processes, and technical security measures.

Build secure solutions and supply chains

Work with your suppliers to ensure that they understand and can meet your security requirements. Build your security requirements into your contractual arrangements.

Security weaknesses in suppliers can compromise otherwise robust security measures in other parts of your business. Remember to account for the information risks involved in the ICT system development lifecycle, such as development providers accessing and using test data or defect tracking systems.

Consider separating development, test and operational facilities to reduce the risk of unauthorised access or changes to systems.


Supporting documents and information


Test and control changes

Only do system testing after all security measures have been implemented and before acceptance. Use an effective change control process to ensure that changes conform to relevant standards.

Use a formal management process to control changes to all information systems.


Supporting documents and information

Page last modified: 4/05/2022