I. STANDARD STATEMENT
Secure development of applications requires familiarity with best practices which provide protection of data and prevent exposure of the application to unauthorized access. The highest appropriate levels of security should be built into any application whether it be developed internally to UTSA or purchased.
II. RATIONALE
This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.
III. SCOPE
This standard applies to all UTSA faculty, staff, and students.
IV. CONTACTS
The Office of Information Security
informationsecurity@utsa.edu
V. PROCEDURES
- The standard practices outlined here represent the minimum requirements for the
security of UTSA software.- All production systems and applications must follow the Information Technology
Standards for granting access to the system. - All confidential information within an application under development must be
identified and documented. - Applications running on systems with confidential data must provide safeguards
to protect the data from exposure. - The transfer of such data requires encryption.
- During the development of an application the data owner(s), data custodian(s) and
system administrator(s) must be identified. - Developers must ensure that applications validate input, execute proper error
handling, and properly authenticate users through identity management
processing. - Information security, security testing, and audit controls must be included in all
phases of the system development lifecycle or acquisition processing. - Copies of production data shall not be used for testing, unless the data have been
authorized for public release or unless all custodians involved in testing are
otherwise authorized to access the data.
- All production systems and applications must follow the Information Technology
- All security-related information resources changes shall be approved by the data
owner through a change control process.
OIS 3 – Standard for Application Development and Acquisition
Effective Date: January 1, 2012
Last Revised: August 4, 2020