We work with our clients on a Secure Development Lifecycle (SDL) methodology at the beginning of any project, to ensure the security requirements are sufficiently met. It ensures that any new security requirements are captured and monitored through the lifecycle of the project.
Here are some of the ways in which we ensure that security is cemented into any project from the very start:
- The team has basic threat awareness. We will ensure that members of our team are given adequate security training to achieve this.
- We assign clear roles and responsibilities in the team. Our Technical Lead will be responsible for ensuring that all designed systems have security built-in.
- We have an internal policy to perform peer reviews on all code committed by developers. The Technical Lead has the opportunity to spot poorly written code, especially related to security and will ensure that the developers are producing a secure solution.
- Our Technical Leads produce technical specifications which detail how the solution will be built. This is created before the start of the build and will be shared with our client in advance so that there is transparency about the technical approach, in order for our client to provide feedback.
- Our testers test every release with security in mind. This will help us catch any issues before the release is tested by our client.
The ClerksWell team are true subject matter experts, who clearly plan and set expectations. ClerksWell were also upfront and honest with us, candidly informing us when something would not work or could not be completed in the tight timeframe we had set. Moreover, ClerksWell were always proactive, solving issues before they became problems and making suggestions that would ease implementation / future changes.