| 💼 6.2.1 Bespoke and custom software are developed securely. | | | 3 | | no data |
| 💼 6.2.2 Software development personnel working on bespoke and custom software are trained at least once every 12 months. | | | | | no data |
| 💼 6.2.3 Bespoke and custom software is reviewed prior to being released into production or to customers, to identify and correct potential coding vulnerabilities. | 1 | | 1 | | no data |
|  💼 6.2.3.1 If manual code reviews are performed for bespoke and custom software prior to release to production, code changes are reviewed by individuals other than the originating code author, and who are knowledgeable about code-review techniques and secure coding practices reviewed and approved by management prior to release. | | | 1 | | no data |
| 💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software. | | | 1 | | no data |