Establish, implement, and maintain a product upgrade program.
CONTROL ID 12216
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Acquisition or sale of facilities, technology, and services, CC ID: 01123
This Control has the following implementation support Control(s):
Establish, implement, and maintain product update procedures., CC ID: 12218
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
It is necessary to carry out confirmation and verification at each stage of system development and upgrading according to defined procedures in order to both improve system reliability and assure the validity of the implementation. (P75.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Analyse existing and emerging technologies, and plan which technological direction is appropriate to realise the IT strategy and the business systems architecture. Also identify in the plan which technologies have the potential to create business opportunities. The plan should address systems archit… (PO3.1 Technological Direction Planning, CobiT, Version 4.1)
Review documentation to verify that, for any technologies that have been determined to no longer meet the organization's PCI DSS requirements, a plan is in place to remediate the technology. (A3.3.2.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
A program for the systematic monitoring and evaluation to ensure that standards of quality and security baselines are being met shall be established for all software developed by the organization. Quality evaluation and acceptance criteria for information systems, upgrades, and new versions shall be… (CCC-03, Cloud Controls Matrix, v3.0)
Products or services delivered to either internal or external users. (App A Objective 1.3.a, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
Make recommendations based on trend analysis for enhancements to software and hardware solutions to enhance customer experience. (T0482, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Make recommendations based on trend analysis for enhancements to software and hardware solutions to enhance customer experience. (T0482, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
