Secure software development

Integration of security in development processes

Fellow Digitals integrates information security and privacy as structural elements of its project management and software development processes. This ensures that security and privacy considerations are addressed consistently throughout the lifecycle, from initial feature requests and design through development, testing, and release, rather than being treated as post‑implementation checks.

Security and privacy requirements in projects

Security and privacy requirements are embedded in the standard project workflow. Within projects, changes and new functionality are assessed to determine whether they introduce increased information security or privacy risks, for example in relation to authentication, data processing, integrations, or dependencies. Where relevant risks are identified, these items are explicitly treated as security‑ or privacy‑relevant and appropriate measures are defined and applied as part of the project.

Secure development principles

Secure development is based on the principles of security by design and security by default. These principles guide design and development choices and are supported by internal guidelines and working practices aimed at preventing vulnerabilities and reducing risk. Activities such as review and testing contribute to maintaining secure software without detailing specific technical implementations.

Privacy by design and by default

Where applicable, privacy by design and by default principles are applied as an integral part of development activities. This includes considerations such as data minimization, separation of data, and limiting processing to what is necessary for the intended purpose. These principles help ensure that privacy is embedded in solutions and aligned with applicable regulatory requirements.

Roles and responsibilities in development

Responsibilities for information security and privacy within projects are clearly defined. This supports consistent decision‑making and accountability during development activities and ensures that security and privacy considerations are integrated into project governance and day‑to‑day development work.

Through this structured approach, Fellow Digitals ensures that software development supports the confidentiality, integrity, availability, and privacy of data, while remaining aligned with risk‑based decisions and the broader Information Security Management System (ISMS).