For outsourced system development, organizations should display and agree to requirements and continually review if the externally sourced work adheres to expectations. Considerations should include licensing agreements, contractual standards for safe design and testing, provision of threat models, acceptance testing, evidence of security and privacy potentiality, sufficient testing to protect from malicious content and known vulnerabilities, escrow agreements, audit rights, security standards for development environment, and applicable legislation.
Conformance1
Tools for conforming to standards, goals and processes
