Canada Luggage Depot — Secure SDLC #

CLD Secure Software Development Lifecycle #

Canada Luggage Depot (CLD) requires a consistent, auditable, and secure lifecycle for any software delivered or customized by third‑party vendors. This site documents CLD’s baseline controls, gates, and evidence requirements to ensure deployments meet security, privacy, and operational standards.

Quick start #

• Read the policy: CLD SDLC policy
• Evidence checklist: Release Evidence Checklist
• Intake & gates: See Process → SDLC → Governance and Gates for submission and gate definitions

CLD highlights #

• Data residency: Canada‑only for personal information by default; exceptions require documented approval and expiry.
• Build controls: SAST, SCA + SBOM, secrets scanning, IaC and image scanning, artifact signing.
• Release gates: Intake → Design → Pre‑Production → Go‑Live → Post‑Go‑Live (30‑day review).
• Vulnerability SLAs: Proposed baseline—Critical 7d / High 30d / Medium 60d / Low 90d.

How to use this site #

1. Review the CLD SDLC policy to understand roles, gates, and required evidence.
2. Prepare an evidence package for Pre‑Production (SBOM, SAST/SCA/DAST summaries, change and rollback plan, UAT sign‑off).
3. Submit intake information and request Design/Pre‑Production gate reviews via the normal vendor onboarding workflow.

Where we are now #

• Draft CLD SDLC policy and annexes live in Process → SDLC.
• Detailed draft sections converted into site pages under Process → SDLC → (Drafts / Annexes) for review.

If you want specific placeholders filled (names, RTO/RPO targets, SIEM details, upload limits), provide the values and I will update the policy and regenerate the site.