<- Googleoff: Index -> <- googleon: Index ->
ICT service provider Capgemini is one of the first ICT companies in the Netherlands manifesto ‘Grip on Secure Software Development’ (SSD) signed. That manifesto needs for both clients and for ICT vendors an unambiguous and clear framework of standards for the development and maintenance of yield highly secure software.
Secure Software Development (SSD) has been developed under the leadership of the Center for Information and Privacy Protection (CIP). That is a collaboration platform of government organizations and implementing institutions which implements information security and privacy concerns within the government. It should lead to the client that software outsources hold the lead and ensure that expectations around information security and privacy protection, which remained previously unspoken, are recorded better .
From the case studies that CIP has collected in recent times show that about three-quarters of the security incidents are caused by errors in software. “Safe software is therefore of great importance for the protection of citizens ‘personal and business use, enable the persons concerned.
SSD is public and is maintained and updated by a Community Practitioners’ consisting of twenty organizations including implementing agencies, various ministries and market participants. SSD describes how a client get a grip on the development or outsourcing the development of secure software and also how an ICT supplier can meet them
Outlook
.
The three pillars while standard security requirements, classroom activities and setting up the right processes. These processes include tracking risks and grow the organization to higher maturity levels. For the definition of standards is a new basic description method is used. According to the parties has that manifest expressiveness for both managers, security specialists and auditors
In the introduction to the manifesto is:. “For organizations it is a challenge to give as a client of ICT projects management to develop secure ICT services. Outsourcing of development, maintenance and management to multiple external vendors makes this control issue more complex.
“Over and over again there are unspoken expectations around information security and privacy protection. The client expects that the supplier is knowledgeable and spontaneously take the appropriate action. But expects the provider that the client specifies exactly what should happen. In the absence of explicit agreements are completed systems with vulnerabilities that are discovered too late or not.
According to the participants offer existing best practices, manuals and methodologies for software systems in many cases no support for drivers and managers. “In the information security the focus is on long lists of appropriate technical and organizational security measures and in the ICT management libraries focus on perfecting processes. These documents do not practically applicable tools for the driver who is looking for quality, safety and outcome for his organization “
SVB and Cap-claim Equihold
.
Capgemini pursued by a number of long lasting issues with the quality of developed software. The Social Insurance Bank (SVB) withdrew in September 2014 finally the plug on the project with Capgemini for the construction of the multi-arrangements system (mrs). This system – estimated at 32 million – would be completed in late 2013, but could not be put into production because of technical problems
The system did not meet the expectations and quality requirements of the client.. Capgemini was, in turn, not even with a critical report on the quality of the delivered system.
The ICT service provider in the Equiholdzaak in a similar situation ended. Also there was a conflict about the arrangements and delivered software
.
No comments:
Post a Comment