This Control has the following implementation support Control(s):
Define the processing specifications for products and services creation requirements., CC ID: 13523
Define the processing activities to meet products and services creation requirements., CC ID: 13499
Delete age-restricted content, as necessary., CC ID: 15450
Establish, implement, and maintain procedures to manage age-restricted content., CC ID: 15448
Control the distribution of media containing age-restricted content, as necessary., CC ID: 15446
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The purpose of the service design practice is to design products and services that are fit for purpose, fit for use, and that can be delivered by the organization and its ecosystem. This includes planning and organizing people, partners and suppliers, information, communication, technology, and prac… (5.2.13 ¶ 1, ITIL Foundation, 4 Edition)
establish controls, as appropriate, to ensure that its environmental requirement(s) is (are) addressed in the design and development process for the product or service, considering each life cycle stage; (§ 8.1 ¶ 4 a), ISO 14001:2015 - Environmental management systems â Requirements with guidance for use, Third Edition)
The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services. (7.1.3 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
the processes; (8.1 ¶ 1(b)(1), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services. (8.5.2 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision. (8.5.2 ¶ 2, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements. (8.5.4 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer. (8.6 ¶ 2, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
the nature, duration and complexity of the design and development activities; (8.3.2 ¶ 1(a), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
information derived from previous similar design and development activities; (8.3.3 ¶ 1(b), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
the implementation of release, delivery and post-delivery activities. (8.5.1 ¶ 2(h), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The organization shall implement production and service provision under controlled conditions. (8.5.1 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
the nature, use and intended lifetime of its products and services; (8.5.5 ¶ 2(c), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services. (8.3.1 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The new or changed services shall be designed and documented to meet the service requirements determined in 8.2.2. The design shall include relevant items from the following: (§ 8.5.2.2 ¶ 1, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
The organization shall plan the deployment of new or changed services and service components into the live environment. Planning shall be co-ordinated with change management and include references to the related requests for change, known errors or problems which are being closed through the release… (§ 8.5.3 ¶ 2, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
Products or services delivered to either internal or external users. (App A Objective 1:3b, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
Integrating C-SCRM considerations into acquisition activities within every step of the procurement and contract management life cycle process is essential to improving management of cybersecurity risks throughout the supply chain. This life cycle begins with a purchaser identifying a need and includ… (3.1. ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1)
Develop and manage enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations (T0894, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Develop and manage enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations (T0894, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
