Back

Establish, implement, and maintain a product upgrade program.


CONTROL ID
12216
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Acquisition or sale of facilities, technology, and services, CC ID: 01123

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain product update procedures., CC ID: 12218


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Analyse existing and emerging technologies, and plan which technological direction is appropriate to realise the IT strategy and the business systems architecture. Also identify in the plan which technologies have the potential to create business opportunities. The plan should address systems archit… (PO3.1 Technological Direction Planning, CobiT, Version 4.1)
  • Review documentation to verify that, for any technologies that have been determined to no longer meet the organization's PCI DSS requirements, a plan is in place to remediate the technology. (A3.3.2.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • A program for the systematic monitoring and evaluation to ensure that standards of quality and security baselines are being met shall be established for all software developed by the organization. Quality evaluation and acceptance criteria for information systems, upgrades, and new versions shall be… (CCC-03, Cloud Controls Matrix, v3.0)
  • Products or services delivered to either internal or external users. (App A Objective 1.3.a, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • Make recommendations based on trend analysis for enhancements to software and hardware solutions to enhance customer experience. (T0482, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Make recommendations based on trend analysis for enhancements to software and hardware solutions to enhance customer experience. (T0482, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)