Security Requirements
How can one build security into a solution if there are no well-defined security requirements? Some requirements are implicit, such as the use of HTTPS/TLS, while others will be explicit and defined by customers or third parties. Even if the customer has no specific requirements, it is still important for the delivery team to create a list of requirements to ensure that the project's framework is documented.
Most projects must adhere to various requirements from Bouvet, the customer, and external parties. All development teams must have control over the requirements that apply to the delivery:
- From Bouvet (where applicable)
- From the customer
- Legal requirements
Legal requirements can include general requirements related to privacy, but many industries operate with more specific regulations that impose additional requirements.
In many cases, it is clear to both Bouvet and the customer what applies, but it is important that the team verifies this before starting to develop the solution to avoid costly and time-consuming surprises. Regardless of what is defined and where, the team should document the requirements they adhere to so that this information is preserved for the future.