The BASDA Software Security Code of Practice was drawn up to help meet the needs both of software users, such as HMRC, and of BASDA members for a simple way for vendors to demonstrate their commitment to address security issues, concerns and perceptions. The Code is a voluntary, self-certifying code, but condition-based, which will reassure customers of member signatories of their competencies and attitude to such an important product attribute.
The Code of Practice covers six areas of compliance, relating not only to software design principles, but also the software usage principles, enabling any certified member company to show that they guide their customers into good practice as well as following it themselves.
The first area relates to Data Protection compliance, ensuring that software designed to handle data and data processes enables and facilitates compliance with all relevant legislation, and that users of the software are fully aware of their responsibilities under such legislation.
Secondly, the Code looks at software function and data access controls, with specific recommendations for both designers and for users relating to password controls, user profiles etc for access to complex and sensitive processes and data.
Other aspects in the Code are data storage and audit trails, and also data recovery, again taking into consideration the potential sensitivity of data held.
Contact Lynne Wallis to apply for certification today.