The Security Architecture & Software Security team in Information Security is pleased to introduce the new Secure Coding Standard, now approved for use. This new standard, which is part of our new Security Guardrails project, defines a basic set of software security best practices that will proactively prevent most common software vulnerabilities. The new Secure Coding Standard is technology-agnostic and will need to be integrated into the software development lifecycle for all in-house applications.
If you are involved in custom software development at Providence, it is critical that you become familiar with the Secure Coding Standard and implement the best practices in your daily work.
The Secure Coding Standard aligns with industry best practices as well as cyber standards and regulations such as:
- Open Web Application Security Project (OWASP) secure coding practices
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Level Seven (HL7) data processing
Actions to take
If you are a software developer, application owner, or leader in IS, please familiarize yourself with the Secure Coding Standard, available in the IS Knowledge Base. You’ll want to implement the Secure Coding Standard immediately, and consider what standard operating procedure documentation you may have on your team that needs updating (for example, SDLC Process of your development team, learning and awareness pre-requisites for new joiners, and periodic revisions on existing caregivers, etc.).
Link: https://psjh.service-now.com/kb_view.do?sysparm_article=KB0076920
Continuous improvement
The team is currently working a number of technical documents as part of the Security Guardrails project, to help ensure that Providence’s technology standards and operating procedures account for industry best practice and leading thought. By operating from a standard set of best practices, we’re best equipped to protect our data, operations, and ultimately, our patients.
Questions
If you have any questions about the Secure Coding Standard, please contact Karthick Naganatha Krishnan, principal software security engineer.