Introduction #

This is the Secure Software Development Lifecycle used by Canada Luggage Depot (CLD).

It applies to all third‑party software and significant SaaS customizations that process CLD data. Vendors must follow the gates, evidence package, and baselines described in this site. The default data residency requirement is Canada‑only for storage and administrative access unless an exception is granted and signed by the ISO and Executive Sponsor.

The DevSecOps Framework defines the capabilities in a secure DevOps landscape.

The DevSecOps Framework provides:

• An vendor agnostic approach
• A holistic view of managing insider threat
• A clear roadmap for a security-based devops implementation