Does release maintenance include a product update process that uses security mechanisms?

Has a defect management process been implemented?

Does the defect management process include both a documented feedback and problem reporting process?

Are testing and quality assessment activities conducted according to an agreed upon plan?

Do products or components meet appropriate quality criteria throughout the life cycle?

Has a release maintenance process been implemented?

Does release maintenance include a notification process for product update consumers?

Does a formal process that establishes acceptance criteria for work products accepted into the product baseline exist?

Is the development/engineering process as documented inclusive of development partners as defined by the governance process?

Does the development/engineering process track, as appropriate, components that are proven to be targets of tainting or counterfeiting as they progress through the life cycle?