Skip redundant pieces
 

Secure Application Development

Principle

Applications developed by personnel employed or contracted by KUMC departments must meet KUMC standards for secure application development.

Purpose

The purpose of this operational protocol is to assure that the programming of custom applications conforms to best practices for secure application development.

Groups covered

All KUMC faculty, staff, and students.

Procedures

  1. Departments are encouraged to consult with the Department of Information Resources prior to engaging any custom application development to assure that centralized, freely available full-time programming resources can't be used in some capacity, including defining requirements, scope, architecture, security, data modeling, project management, etc.
  2. Applications must work on existing infrastructure.
  3. All applications will be reviewed by Information Resources programming staff before being loaded on KUMC web servers or otherwise made available for use.
  4. On request, source code and documentation will be provided to Information Resources.
  5. Prior to installation on KUMC's production environment, applications will be loaded on the IR-managed testing environment. IR staff will assist in this process.
  6. Departments should assign one or more staff as Application Administrator(s) to manage the day-to-day activities associated with the application and a point-of-contact for working with IR on on-going technical activities including loading patches/updates, backup recovery, and configuration.
  7. Departments should make provision for ongoing technical support of the application, whether through local programming resources, an SLA with Information Resources, or a maintenance contract.

Enforcement

Systems not in compliance will be disconnected from the network or disabled.

For related information

See Supported Development Environments
See the Web Development Resource Guide
See Working with Vendor Systems

Contact Information

For information on this policy, please contact:

Jameson Watkins
Director of Internet Development
Department of Information Resources
University of Kansas Medical Center
4021 Taylor, 3901 Rainbow Blvd
Kansas City, Kansas 66160
(913) 588-7387

Jim Bingham
Associate Vice Chancellor for Information Resources
Chief Information Officer
University of Kansas Medical Center
1018 Taylor, 3901 Rainbow Blvd
Kansas City, Kansas 66160
(913) 588-7300

Revised July 23, 2007

     Last modified: ,