Privacy Policy Statement

This policy defines the overall conceptual development and implementation requirements for Maxson Group In. products.  The policy applies to all Maxson Group In. employees and other individuals and organizations who perform any software or systems development work under Maxson Group Inc.s supervision.
The purpose of this policy is to provide a clear methodology to help ensure the successful implementation of software projects advancing Maxson Group In.’s business objectives.  The procedures below provide a structure to allow executive leadership, other management, and other contributors to sign off on software/systems requirements and implementation.

The software development life cycle phases described in greater detail below are:
1. Requirements analysis
2. Architecture and design
3. Testing
4. Deployment and implementation
5. Operations and maintenance

1. Decommissioning

The descriptions of the steps in each phase are not intended to be rigid and inflexible or to be followed in a particular order in every case.  Rather, these are guidelines for consideration and action.  

2. PROCEDURES AND PHASES - REQUIREMENTS ANALYSIS

The following activities make up the requirements analysis phase:
a. Analyze business requirements
b. Perform a risk assessment
c. Discuss security-related aspects of project and determine security solution requirements
d. Review applicable legal/regulatory and Maxson Group In. policy requirements
e. Analyze and incorporate program management items, such as timeframes
f. Consider “buy v. build” aspects of requirements
g. Assess cost and budget constraints, and approve budget

3. ARCHITECTURE AND DESIGN

The following activities make up the architecture and design phase:
a. Ensure development teams are aware of requirements, including security requirements
b. Develop and/or refine overall architecture
c. ist technical controls applicable to project
d. Perform architecture walk-through
e. Create system-level design
f. Perform cost-benefit analyses based on approved requirements
g. Perform full design review, including technical reviews of application, infrastructure, and processes
h. Design initial end-user training and awareness programs
i. Update Maxson Group In. policies, standards, and procedures if necessary
j. Assess and document how to mitigate residual vulnerabilities, if any

4. DEVELOPMENT

The following activities make up the development phase.
a. Set up a secure development environment
b. Train infrastructure teams on installation and configuration of applicable software
c. Develop code for application-level components
d. Set up vulnerability-tracking processes, including a security test plan as needed
e. Conduct unit testing and integration testing

5. TESTING

The following activities make up the testing phase.
a. Perform a code and configuration review, through both static and dynamic analysis of code to identify problems
b. Test configuration procedures
c. Perform system tests, including performance and load tests with security controls enabled
d. Perform usability testing
e. Conduct overall security vulnerability assessment based on work to date

6. DEPLOYMENT AND IMPLEMENTATION

The following activities make up the deployment and implementation phase.
a. Conduct pilot deployment, including all relevant components
b. Conduct transition between pilot and full scale deployment
c. Perform integrity testing on system files to ensure authenticity
d. Deploy training and awareness programs
e. Require participation of at least two developers to conduct full scale deployment to production environment

7. OPERATIONS AND MAINTENANCE

The following activities make up the operations and maintenance phase.
a. Administer users and access
b. Tune performance as needed
c. Perform regular backups and other system maintenance
d. Conduct ongoing training and awareness
e. Conduct vulnerability and risk assessments in accordance with applicable Maxson Group In. policies
f. Review operational systems on an ongoing basis for performance purposes, with documentation and resolution of problems as needed
g. Develop regular patching process

8. DECOMMISSIONING

The following activities make up the decommissioning phase.
a. Conduct necessary testing of remaining system components after component/software removal
b. Determine data retention requirements in accordance with applicable Maxson Group In. policies
c. Document the technical security design
d. Update Maxson Group In. policies, standards, and procedures if necessary
e. Assess and document how to mitigate residual vulnerabilities, if any