Trusted Developer Best Practce for Security & Integrity
Principle 7. Secure Your Systems
Cybersecurity and physical security measures should be taken to ensure systems integrity. Industry best practices should be in place throughout the development process.
Reference & adherence to industry standards & certifications is recommended.
Acknowledge the risk of breach, and
Principle 8. Design Systems to Mitigate Damage
Developers should explicitly acknowledge the risk of breach, and should take steps to minimize the damage to users and themselves, and limit the value to attackers, when designing systems.
Encrypt data at rest.
Encrypt sensitive data in transit.
Principle 9. Plan for Failures
Backup and remote storage procedures should be in place to ensure continuity and resilience in the event of system failures.
Data retention time-limits should be implemented as defined.
Data destruction procedures should be in place throughout the data control chain.