8.30 Outsourced Development

The organisation should direct, monitor and review the activities related to outsourced system development.

Outsourced development in information security refers to the practice of hiring a third-party company or individual to develop software or perform other IT-related tasks. This can include tasks such as software development, testing, maintenance, and support.

Outsourcing development can provide a number of benefits to organisations, including cost savings, access to specialised expertise, and increased flexibility. However, it also presents a number of security risks that need to be managed.When outsourcing development, it is important to ensure that the third-party developer is following secure coding practices and that the software they are developing is free of known vulnerabilities. This can be done by requiring the developer to follow security guidelines and by performing regular security testing on the software.In addition, it is important to have a robust contract in place that outlines the security responsibilities of both parties, as well as any legal and financial implications in case of a security breach.It is also important to ensure that the outsourced development team is following the same security standard as the in-house team and that they are also trained on security best practices.Outsourcing development can be a cost-effective way to access specialised expertise, but it also requires careful management to mitigate security risks effectively.