Changes

* Updates based on input from DND.
Line 43: Line 43:  
* Work across the entire application lifecycle, from development and testing to deployment and operations
 
* Work across the entire application lifecycle, from development and testing to deployment and operations
 
* Ensure quality <u><i>and security</i></u> is <u><i>underpinning</i></u> the Software Development Lifecycle
 
* Ensure quality <u><i>and security</i></u> is <u><i>underpinning</i></u> the Software Development Lifecycle
 +
* <I><u>Total Cost Of Ownership (TCO) should include the cost for design, construction, operation, and maintenance of a system. For example Training, Support, Disaster Recovery, and Retirement Cost</I></u>
 
* Ensure accountability for privacy is clear
 
* Ensure accountability for privacy is clear
 
* Encourage and adopt <u><i>a process (for example:</i></u> Test Driven Development (TDD)) to improve the trust between Business and IT
 
* Encourage and adopt <u><i>a process (for example:</i></u> Test Driven Development (TDD)) to improve the trust between Business and IT
Line 85: Line 86:     
<b>Data Sharing</b>
 
<b>Data Sharing</b>
* Data should be shared openly by default as per the Directive on Open Government <I><u>while taking into consideration existing laws and regulations the safeguarding of security and the privacy of data, while permitting free and open access</I>
+
* Data should be shared openly by default as per the Directive on Open Government <I><u>while taking into consideration existing laws and regulations related to the safeguarding of data, while permitting free and open access</I>
 
* Ensure government-held data can be combined with data from other sources enabling interoperability and interpretability through for internal and external use
 
* Ensure government-held data can be combined with data from other sources enabling interoperability and interpretability through for internal and external use
 
* Reduce existing data where possible
 
* Reduce existing data where possible
Line 106: Line 107:     
<b>Maximize Reuse</b>
 
<b>Maximize Reuse</b>
 +
* <I><u> Reduce integration Complexity - design systems to be highly modular and loosely coupled to be able to reuse components. </I></u>
 
* Leverage and reuse existing solutions, components, and processes
 
* Leverage and reuse existing solutions, components, and processes
 
* Select enterprise and cluster solutions over department-specific solutions
 
* Select enterprise and cluster solutions over department-specific solutions
Line 121: Line 123:  
<I><u><b>Develop with Security in mind</b>
 
<I><u><b>Develop with Security in mind</b>
 
* Applications that store, process, handle, or have network access to sensitive information should be developed with security in mind from the start, and should be audited and assessed before use
 
* Applications that store, process, handle, or have network access to sensitive information should be developed with security in mind from the start, and should be audited and assessed before use
* Ensure sensitive data is protected appropriately when stored and transmitted
+
* Ensure sensitive data is protected appropriately when stored and transmitted (Duplicate D3)
 
* Minimise the opportunity for accidental data leakage across application boundaries
 
* Minimise the opportunity for accidental data leakage across application boundaries
 
* Ensure only authorised parties can access sensitive information
 
* Ensure only authorised parties can access sensitive information
* Restrict access to sensitive data to those applications designed to handle such material in a secure manner</u></I>
+
* Restrict access to sensitive data to those applications designed to handle such material in a secure manner</u></I>  
 
|}
 
|}
   Line 145: Line 147:  
* Use distributed architectures, assume failure will happen, handle errors gracefully, and monitor actively
 
* Use distributed architectures, assume failure will happen, handle errors gracefully, and monitor actively
 
* <u><I>Establish architectures that supports new technology insertion with minimal disruption to existing programs and services</I></u>
 
* <u><I>Establish architectures that supports new technology insertion with minimal disruption to existing programs and services</I></u>
 +
* <u><I>Control Technical Diversity - design systems based on technologies and platforms already in use.</I></u>
 
|}
 
|}
   Line 158: Line 161:  
* Build in security from the outset of design, development, and throughout the system life cycle, across all architectural layers.
 
* Build in security from the outset of design, development, and throughout the system life cycle, across all architectural layers.
 
* Implement appropriate and cost-effective security measures and privacy protections, proportionate to user and business needs. Apply graduated safeguards that are commensurate with the security category of the information and assets.
 
* Implement appropriate and cost-effective security measures and privacy protections, proportionate to user and business needs. Apply graduated safeguards that are commensurate with the security category of the information and assets.
* Protect data while in transit, in use and at rest using appropriate encryption and protocols.  
+
* Protect data while in transit, in use and at rest using appropriate encryption and protocols. (Duplicate D3)
 
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.  
 
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.  
 
* Design services that:
 
* Design services that: