Do you meet 3.1?
• Have you created a security policy that meets compliance?
• Do you scan for vulnerabilities?
• Do you conduct application layer penetration testing?
• Do you review all code changes before production?
• Have you implemented change control procedures?
• Do you identify, prioritize and address newly discovered and common security vulnerabilities?
• Have you incorporated information security in the SDLC?
• Do you maintain secure environments?
• Do you train developers to code more secure apps?
