Since we launched the DPP Committed to Security Programme in 2017, technology advances mean that new risks have developed, requiring new mitigations.
So, our specialist group of security experts has reviewed and simplified the existing controls, introduced some new controls, and updated the guidance to reflect the evolving security environment.
The updated checklists and guidance are available to download now.
The main changes are as follows:
License to use Marks was valid for one year and required annual renewal.
Fully compliant checklists will be awarded a license for two years.
Partially compliant checklists will be awarded a license for one year.
N.B. The following updates apply only to the Broadcast Checklist. No updates have been made to the Production Checklist.
Changes to existing controls
Split control 1.2 into separate controls - 1.2, 1.3, 1.4 covering secure coding, pen testing and auditing.
1.8 System and user documentation for the product or service is kept up to date.
1.9 Product or service managed by the company has changes implemented through change and configuration management process.
2.5 Geographic restrictions available on individual access.
188.8.131.52 Products and systems have the ability to change the default password and increase the complexity.
184.108.40.206 User accounts and passwords well managed, and tiered to only provide access to services relevant to particular users.
3.7 Adequate segregation between customer data exists.
3.8 Adequate segregation between system and infrastructure exists to allow updates to be applied independently.
To find out more about the Committed to Security programme, or if you have any questions about your renewal or the changes to the process.
Programme Delivery Manager