Missouri State University

Software Application Development

Policy Statement

All software applications, including online applications, developed at Missouri State University will be created and maintained with security guidance from a recognized System Development Life Cycle standard to prevent unauthorized access to the applications, data, and systems.  University standards established by the Computer Services Information Security Unit will be used to secure applications and ensure conformance with all regulatory requirements.  The Information Security Unit will periodically test applications for vulnerabilities and conduct risk assessments. Updates and patches will be applied in a timely manner.

Reason or Purpose for Policy

Vulnerabilities in application software can be exploited to gain unauthorized access to systems.  These exploits could allow unauthorized users to gather personal information and use it for personal gain, or allow systems to come under their control. The University must use secure methods based on accepted standards to protect computing systems, sensitive information, its reputation, and comply with federal and state regulations.

Entities Affected by this Policy

All developers, excluding content-only editors, who create and maintain online applications, free-form Web pages, executable software applications, and system software, including scripts.

Line of Authority

  1. Responsible Administrator and Office:  Chief Information Officer (CIO)
  2. Contact Person in that Office:  Information Security Officer (ISO)