The organization must maintain a list of digital services provided and the owners designated for them. The owner is responsible for completing the information in the service and for any other security measures that are closely related to the service.
The documentation related to the digital service includes e.g. the following information:
The general rules for secure development work have been drawn up and approved by the development managers. The implementation of the rules is monitored in software development in the organization and the rules are reviewed at least yearly.
The safe development policy may include e.g. the following things:
Compliance with the rules of secure development may also be required of key partners.