Back to Compliance Portal

Compliance document

Secure Development Practices Summary

Summary of VerbalCheck development, validation, dependency, and deployment security practices.

Status

Published summary

Effective date

June 2026

Audience

IT security teams, procurement reviewers, and technical stakeholders

Development practices

  • Use version control for application changes.
  • Validate TypeScript and production builds before release.
  • Use targeted automated tests for security-sensitive behavior where available.
  • Keep security-related changes narrowly scoped and reviewable.

Deployment validation

  • Use preview-first validation for significant production changes.
  • Run smoke checks across student, instructor, admin, and LMS-connected workflows after relevant releases.
  • Disable debug and setup endpoints in production unless explicitly required and protected.

Dependency and secret practices

  • Use dependency audit, secret scanning, and SAST tooling as part of the security workflow.
  • Store production secrets in provider-managed environment variables.
  • Rotate high-value credentials when exposure or configuration risk is identified.