~4-page information security policy template about developing application software.
 
This policy concerns the development of secure application software (apps), plus security controls protecting the software development process and associated information assets (such as specifications, designs and test data).
 
It applies to in-house and outsourced development/customisation of software, potentially including spreadsheets, macros and scripts developed by office workers who probably don't think of themselves as software developers: a little design flaw or casual coding error (bug) in a financial or engineering spreadsheet may cause serious problems if it remains unnoticed.
 
There is a lot of ground to cover in just 4 pages, so if software development is important to your organisation, you may want to expand on this template or supplement it with other policies and procedures covering various aspects in more depth - specific development methods and languages, for instance, plus software testing, change management and implementation controls.
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.