Mechanisms exist to ensure changes to systems within the Secure Development Life Cycle (SDLC) are controlled through formal change control procedures.
Does the organization ensure changes to systems within the Secure Development Life Cycle (SDLC) are controlled through formal change control procedures?