1.1. Policy Statement

PRAI ("the Company") is committed to developing and maintaining software applications in a secure and efficient manner. This Software Development Life Cycle (SDLC) Policy outlines the guidelines and procedures for the systematic and controlled development, testing, and deployment of software to ensure quality, security, and compliance with business requirements.

1.2. Scope

This policy applies to all software development activities undertaken by the Company, including in-house development, outsourced development, and customization of third-party software.

1.3. SDLC Phases

The Company will follow an SDLC process that includes the following phases:
1.3.1. Requirements Gathering and Analysis
Requirements for the software application will be identified, documented, and validated to ensure they align with business needs and comply with relevant regulations.
1.3.2. Design and Architecture
A detailed software design and architecture will be created, outlining the system components, interfaces, and data flow. Security controls and privacy considerations will be incorporated into the design.
1.3.3. Development and Testing
Software development will follow secure coding practices, industry standards, and best practices. Regular testing will be performed to identify and resolve defects, vulnerabilities, and performance issues.
1.3.4. Deployment and Release Management
Software deployment will follow controlled release management procedures to ensure proper configuration, version control, and documentation. Changes will be implemented in a controlled and auditable manner.
1.3.5. Maintenance and Support
Ongoing maintenance, support, and bug fixing will be conducted to address issues identified during production use. Regular security updates and patches will be applied to maintain the security and integrity of the software.

1.4. Change Management

Changes to software applications, including updates, patches, and enhancements, will follow the Change Management Policy to ensure proper documentation, testing, and approval prior to implementation.

2.1. Policy Statement

PRAI ("the Company") is committed to effectively managing and protecting its information technology (IT) assets throughout their lifecycle. This Asset Management Policy outlines the guidelines and procedures for the identification, classification, acquisition, use, and disposal of IT assets to ensure their security, availability, and cost-effective utilization.

2.2. Scope

This policy applies to all IT assets owned, leased, or used by the Company, including hardware, software, network devices, and data storage devices.

2.3. Asset Inventory

The Company will maintain an accurate inventory of all IT assets, including details such as asset type, location, ownership, and responsible personnel. The inventory will be regularly updated to reflect changes in asset status.

2.4. Asset Classification

IT assets will be classified based on their criticality, sensitivity, and value to the organization. Classification levels will determine the security controls, access permissions, and handling procedures for each asset.

2.5. Asset Acquisition and Deployment

Acquisition and deployment of IT assets will follow standardized procedures, including evaluation, selection, procurement, and configuration management. Assets will be deployed in a secure and controlled manner, with proper documentation and version control.

2.6. Asset Use and Access Controls

Users will be granted access to IT assets based on business needs and defined roles. Access controls, such as user accounts, authentication mechanisms, and authorization processes, will be implemented to protect asset confidentiality, integrity, and availability.

2.7. Asset Maintenance and Monitoring

Regular maintenance, updates, and patching of IT assets will be performed to ensure their optimal performance and security. Asset usage will be monitored to detect and address any unauthorized or suspicious activities.

2.8. Asset Disposal and Retirement

End-of-life IT assets will be disposed of securely and in compliance with applicable regulations. Disposal procedures will ensure data sanitization and proper disposal or recycling of hardware components.

Policy Review

These development and asset management policies will be reviewed and updated at least once a year or as required to ensure continued relevance and compliance with evolving technology standards, security risks, laws, regulations, and industry best practices.