Secure engineering policy

Summary

The secure engineering policy defines rules and principles applied in design and engineering of systems, networks and infrastructure.

The policy applies to all network engineers, internal and external.

Principles

  • Network architecture and designs should always be peer reviewed
  • The four eyes-principle should be applied when medium and high impact network changes take place
  • Engineers should stay up-to-date of vulnerabilities in used networking technology (firewalls, routers, ...)
  • Engineers should not have access to Sensitive data
  • Software versions that no longer have security patches released are prohibited