Secure development KPIs
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
The most used KPIs to measure compliance with a policy are the result of audits (internal and external), regarding the number of non conformities identified, and the number of incidents which can be related to that policy.
It is important to note that measuring compliance means to do what is written, but you should also be concerned with the achieved results of what is done. For example, if your secure development police defines you have to perform periodic tests, if you perform the tests then your are compliant with the policy, but if the tests results frequently show a high number of failures, then your development process may have a problem that must be handled. Most often KPIs related to secure development process are the numbers or relevant risks treated by security controls imple mented in the software, and number of failures or vulnerabilities identified per test.
This article will provide you further explanation about KPIs:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
Comment as guest or Sign in
Sep 21, 2018