Evidence for SSDLC

Hi team,

We are progressing with the input for Technical Design, and we have a question regarding the evidence required for SSDLC.
Are ISO 9001 and ISO 27001 certificates sufficient as evidence to submit documents for SSDLC?
Or is there a formal format for documents to be submitted as evidence for SSDLC?

Regards, Developer

Hello @dev_comtec

ISO 9001 and ISO27001 certificates will be reviewed but are not considered an SSDLC. Please add these certificates under Additional Documents. The SSDLC should incorporate your entire development process from requirements to production, and there is no standard format we are looking for - both detailed charts and written documentation will suffice.

Hey @kwaku.nyante
I am registering an application in zoom.During the registeration zoom required these points

Do you have a secure software development process (SSDLC)?
Does your application undergo SAST (Static Application Security Test) and/or DAST (Dynamic Application Security Test)?
Does the application periodically undergo 3rd Party Application penetration testing?
when i click yes then i ask me for evidence.
I want to know what we will give in evidence that our application that is accessible other users to use zoom in our project .Please help us to resolve this issue
What is this evidence and how we can get this?