Medzy Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

Change Control Management

The organization has established a documented change control management process to systematically manage, track, and document any changes made to its computing infrastructure. This process ensures that all modifications are carefully evaluated, authorized, and monitored, helping to maintain the stability, security, and performance of the organization’s systems and applications.

Secure Coding Practices

The organization follows and documents secure coding practices and techniques to ensure the development of secure software and applications. These practices include activities such as code reviews, automated testing, threat modeling, and automated code quality scanning. By adhering to secure coding standards, the organization minimizes the risk of introducing security vulnerabilities and helps maintain the integrity, confidentiality, and availability of its software systems.

Secure System Development Life Cycle

The organization follows a Secure System Development Life Cycle (SSDLC) framework to ensure that software and information systems are secure by design and meet the organization’s business requirements, security requirements, and regulatory obligations. The SSDLC framework consists of six phases:

Planning - Identifying project scope, objectives, and resources;
Analysis - Gathering and analyzing system requirements, including security requirements;
Design - Developing a detailed system architecture that incorporates security controls;
Implementation - Coding and integrating the secure software components;
Testing - Conducting comprehensive security and functional testing to identify and address vulnerabilities; and
Maintenance - Continuously monitoring, updating, and patching the system to maintain security and address emerging threats.

By integrating security and reviews into every phase of the development process, the SSDLC framework helps to create more secure software and systems.

System and Application Testing

The organization has implemented a system and application testing process designed to assess the security and functionality of computer systems and software applications. This process encompasses various evaluation methods, including vulnerability scanning, penetration testing, and code reviews, to ensure the robustness and security of the systems and applications in use.

Testing Environments

The organization has set up separate environments dedicated to testing activities prior to deploying software into production. These testing environments facilitate quality assurance, user acceptance testing, and other tasks that should be carried out exclusively in non-production environments to ensure the software’s reliability, security, and performance.