Application Security Policy

Statement of Policy

Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.

Objective

Based on department or school requirements applications are developed in-house, third party or (commercial off the shelf) COTS. This policy will cover all instances to ensure security controls are implemented for applications developed for WashU.

Policy

Secure development practices will be established and implemented for all applications developed or purchased to include appropriate security controls to prevent unauthorized access or modification of the system or information coded or stored.

Developers will work with the Security Liaison and Information Security Office (ISO) prior to development to establish required controls for applications that will access, store, transmit or manipulate protected and confidential information. Testing environments will be separate from the production environment.

Reference

Application Security Standards

Title: Application Security Policy
Version Number: 2.0
Creation Date: February 2, 2011
Applicability: Protected, Confidential and Public
Reference Number: 03.09
Status: Final
Revision Date: April 6, 2016
Policy Owner: Information Security Office