Development Policy - Article

Background

The Development Policy defines the processes, environments, and controls used to design, build, test, and deploy systems and system changes using secure coding and structured development practices. It ensures that security is embedded throughout the Software Development Life Cycle (SDLC) and provides documented assurance to third parties that legally required and industry-recognized measures are implemented.

Responsibilities

The Company ensures that:

• Development risks and vulnerabilities are identified and managed throughout the lifecycle to safeguard clients and company assets.
• Secure repositories, version control protections, automated application security testing, and controlled continuous integration processes are in place.
• Development practices align with industry best standards and relevant client governance requirements.

Legal & Regulatory Alignment

GDPR compliance, including data erasure requirements, is governed through technical and organizational controls defined in data processing agreements with customers and applicable individuals.

Risk Considerations

The development lifecycle accounts for risks including:

• Human error, misuse, or malicious activity
• Technical disruptions and hardware failure
• Force majeure events (e.g., fire, flood)
• Operational impacts with potentially significant or existential consequences

Development Methodology

Eurekos applies Agile development principles—an iterative, adaptive approach that enables rapid response to changing business needs while maintaining control and quality.

Each iteration delivers working software with emphasis on:

• Business value prioritization
• Continuous improvement
• Transparent collaboration across cross-functional teams

The product backlog is rigorously maintained and prioritized to reflect evolving business requirements and strategic direction.

Stability & Performance Controls

System stability is reinforced through:

• Agile delivery to reduce development risk
• Structured Quality Assurance (QA) processes
• Information security validation integrated into development tasks
• Role-based User Acceptance Testing (UAT) using defined use cases

Quality Assurance

QA is managed by dedicated engineers and includes:

• Regression testing to ensure existing functionality remains intact
• Validation of new functionality prior to release

Release Management

Eurekos operates three controlled environments:

• QA Environment – Active development and feature testing
• Pre-Production – Full release validation and UAT confirmation
• Production – Controlled deployment with post-release verification

Releases are subject to:

• Client approval of timing and scope (T&C apply for individual customer service options)
• Formal documentation and release notes
• Updated change logs
• Rollback capability in case of unforeseen issues (exceptions can apply)

This structured approach ensures stability, traceability, and minimal service disruption.

Secure Development & Code Quality

Eurekos develops software in accordance with industry best practices and secure coding principles relevant to the applicable technical frameworks.

Code quality and security are reinforced through:

• Peer review by a technical lead prior to testing
• Automated security scanning throughout the Software Development Life Cycle (SDLC)
• Detection of known vulnerability classes (e.g., OWASP Top 10, CORS misconfigurations, DNS vulnerabilities)
• Automated license compliance verification to ensure adherence to intellectual property requirements

Security controls are embedded directly into development workflows to reduce vulnerabilities before release.

DevSecOps Maturity & Continuous Improvement

Eurekos aligns its secure development practices with the OWASP DevSecOps Maturity Model (DSOMM).

DSOMM provides a structured framework for assessing and strengthening the integration of security throughout the Software Development Life Cycle. It defines measurable maturity dimensions across areas such as secure coding, testing, automation, governance, and deployment.

By applying DSOMM principles, Eurekos:

• Systematically evaluates the maturity of security integration in development workflows
• Identifies improvement opportunities through structured assessment
• Strengthens collaboration between development, operations, and security functions
• Ensures security practices evolve in line with emerging threats and industry standards

DSOMM, as an OWASP Foundation initiative, supports Eurekos’ commitment to continuous improvement and secure-by-design software development.

Deployment Strategy

Eurekos applies a rolling deployment strategy to ensure system updates can be implemented with minimal or no service interruption.

Benefits include:

• No service interruption during updates
• Controlled coexistence of old and new code versions
• Reduced operational risk

Version Control & Continuous Integration

Eurekos uses Git as a distributed version control system, ensuring secure tracking of all code changes through cryptographic hashing and structured branching.

Continuous Integration (CI), powered by Jenkins, automates:

• Build, test, packaging, and deployment processes
• Static code analysis
• Verification of each commit before release

This reduces risk, increases release frequency, and strengthens development discipline.

Integrated Development Workflow

The development ecosystem integrates:

• Agile project management via Jira
• Git-based version control
• Jenkins CI automation
• Jira Service Desk for support integration

This ensures alignment between backlog management, release planning, and operational support within a fully traceable toolchain.