Systems Development

From Bloomex Wiki
Revision as of 19:12, 2 September 2024 by Admin (talk | contribs) (→‎Production System Definition)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Production System Definition

  • Production System: A production system is any system designated for regular use to process critical information for Bloomex. The designation of a production system is assigned by the Enterprise Systems Manager, regardless of its physical location.

Special Production System Requirements

  • Development Methodology: All in-house developed software that runs on production systems must adhere to a recognized development methodology (SDM). This methodology must ensure that software is properly documented, tested, and includes adequate control measures before being used for critical Bloomex information.
  • System Ownership and Custodianship: Each production system must have designated Owners and Custodians responsible for the critical information processed by the system.
  • Risk Assessment: IT must conduct periodic risk assessments of production systems to ensure that controls are adequate.
  • Access Control: Production systems must have an access control system to limit access and privileges to authorized users only. A designated systems administrator who is not a regular user must manage access to all production systems.

Separation between Production, Development, and Test Systems

  • Environment Separation: Where feasible, production, development, and test environments must be kept separate to prevent interference and ensure security.
  • Security Fixes: Security fixes provided by vendors must undergo the SDM testing process and be promptly installed in production systems.
  • Change Control: IT Systems, Enterprise Application, and Functional Support Departments must adhere to formal and documented change control processes for all production system changes. All non-approved application program-based access paths must be removed or disabled before moving software into production. Documentation of these changes must be maintained for audit purposes.

User Programming

  • Authorization Requirement: Users are not permitted to write production computer programs unless explicitly authorized by the Chief Technology Officer.
  • Exclusions: The creation of spreadsheet formulas, automatic execution scripts, or databases is not considered programming under this policy.
  • Security Parameters: Both users and programmers must avoid embedding user IDs, readable passwords, encryption keys, or other security parameters in any file.
Retrieved from "https://wiki.necs.ca/index.php?title=Systems_Development&oldid=4774"