This control area ensures that security is considered on a case by case basis for every project. Security reviews should be performed before any business case is approved and capital funding is allocated for the implementation or execution of the project. Additionally, security should be considered in every phase of a Software Development Life Cycle (SDLC).
Security Standard For Application and Web Development and Deployment