In development = in control
We use Atlassian software to safeguard the processes and support. In birds-eye view, we go through a number of steps:
• Upon the initiation of a project, we determine the functional requirements and acceptance criteria, carefully documenting everything in Confluence. The deliverables this includes are, among other things, a Project Initiation Document, and a Privacy Impact Analysis.
• The project activities are performed in Jira, divided into Sprints, and assigned to the project staff.
• Based on the acceptance criteria, JUnit tests are developed, after which, ultimately, the source codes for the software are written. All source codes, scripts and configuration files are carefully managed through Bitbucket.
• During development, the software follows the DT(A)P process, during which, besides JUnit tests, automated OWASP and Pen tests are also performed. For each testing phase, Quality Assurance appoints a responsible party. This can be a developer performing code reviews, a tester performing technical and functional tests, or an external stakeholder that is required to give final approval before the software goes into production.
Privacy and security
We work in accordance with the ISO27001 guidelines and strive for optimal compliance with GDPR. For this purpose, we apply our Privacy by Design and Privacy by Default procedures, which are modelled on our Privacy & Security policy.
Some examples:
- By performing Privacy Impact Analyses, we know what information we should and should not store and whether and where we can apply anonymisation.
- Within the DTAP process, anonymisation is used, so that our employees do not have access to privacy-sensitive information.
- Our Ops employees regularly attend security trainings and instate various measures within the platforms to prevent misappropriation.