====

- Standards & policies
	- DevOps 
		- Code reviews
		- Policies 
			- Traceability (who/what/why)
			- Enforcing 4 eyes 
			- Automation (IaC & CI/CD)
- Scanning our code
	- Code quality
	- 
- Scanning our infrastructure
- Scanning 3rd party packages
- Reviews 
	- Pentest
	- ISO policy checks


====

- Tools:
	- Qualys (contact Wouter for an account) (monthly)
	- SonarCloud (https://sonarcloud.io/organizations/effectory/projects) (every build)
	- Snyk (https://app.snyk.io/) (daily & every build)
	- Security Scorecard (https://securityscorecard.com/) (?)

- Free stuff to easily check:
	- SSL Labs https://www.ssllabs.com/ssltest/ 
        - Security Headers  https://securityheaders.com/

====

Response times:


===