LUL - S1749
Secure Software, application and web development
|Publication Date:||1 March 2018|
This standard applies to Software, application and web development teams, product managers, business analysts and any Technology and Data (T&D) staff involved in the development of Software, applications and web-based applications.
The standard applies to Software, applications and web (which, for the purposes of this document, will be referred to from this point forward as 'Software' - see Definitions section) developed by TfL, or for TfL by third parties, including:
a) Software which can be accessed within our network (also referred to as 'internally-facing applications')
b) Software that is accessible from outside our network, such as from the internet or third parties' systems (also referred to as 'externally-facing applications').
c) All new TfL Software, planned or under development.
a) All existing TfL Software, unless a risk assessment has been carried out with the Cyber Security and Incident Response Team (CSIRT) in line with the Cyber security risk management policy and all issues have been resolved and meet the requirements of this standard.
The purpose of this standard is to specify the requirements for ensuring the security of TfL's Software, applications and web development in line with all existing cyber security policies and standards.