Back

Manage the creation of products and services, as necessary.


CONTROL ID
13497
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Operational management, CC ID: 00805

This Control has the following implementation support Control(s):
  • Define the processing specifications for products and services creation requirements., CC ID: 13523
  • Define the processing activities to meet products and services creation requirements., CC ID: 13499
  • Delete age-restricted content, as necessary., CC ID: 15450
  • Establish, implement, and maintain procedures to manage age-restricted content., CC ID: 15448
  • Control the distribution of media containing age-restricted content, as necessary., CC ID: 15446


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The purpose of the service design practice is to design products and services that are fit for purpose, fit for use, and that can be delivered by the organization and its ecosystem. This includes planning and organizing people, partners and suppliers, information, communication, technology, and prac… (5.2.13 ¶ 1, ITIL Foundation, 4 Edition)
  • establish controls, as appropriate, to ensure that its environmental requirement(s) is (are) addressed in the design and development process for the product or service, considering each life cycle stage; (§ 8.1 ¶ 4 a), ISO 14001:2015 - Environmental management systems — Requirements with guidance for use, Third Edition)
  • The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services. (7.1.3 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • the processes; (8.1 ¶ 1(b)(1), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services. (8.5.2 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision. (8.5.2 ¶ 2, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements. (8.5.4 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer. (8.6 ¶ 2, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • the nature, duration and complexity of the design and development activities; (8.3.2 ¶ 1(a), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • information derived from previous similar design and development activities; (8.3.3 ¶ 1(b), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • the implementation of release, delivery and post-delivery activities. (8.5.1 ¶ 2(h), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The organization shall implement production and service provision under controlled conditions. (8.5.1 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • the nature, use and intended lifetime of its products and services; (8.5.5 ¶ 2(c), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services. (8.3.1 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The new or changed services shall be designed and documented to meet the service requirements determined in 8.2.2. The design shall include relevant items from the following: (§ 8.5.2.2 ¶ 1, ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • The organization shall plan the deployment of new or changed services and service components into the live environment. Planning shall be co-ordinated with change management and include references to the related requests for change, known errors or problems which are being closed through the release… (§ 8.5.3 ¶ 2, ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • Products or services delivered to either internal or external users. (App A Objective 1:3b, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Develop and manage enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations (T0894, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Develop and manage enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations (T0894, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)