Ciso Logo
Ciso Logo

Product Development and Governance

Published: March 19, 2026Last updated: March 20, 2026

Product development is carried out by Omegapoint and is based on a long-term perspective where stability, security, and maintainability are prioritized alongside functional development.

Governance and organization

Product development is conducted by a cross-functional team with clearly defined roles and responsibilities. This ensures structured decision-making and that technical, operational, and regulatory perspectives are considered.

The organization includes:

  • Product Manager responsible for prioritization and product direction
  • Subject Matter Experts (SMEs) ensuring regulatory compliance
  • System Architect / Tech Lead responsible for architecture and technical decisions
  • Development team implementing functionality according to established principles

This structure ensures that security and compliance requirements are integrated into the entire development process rather than handled as separate activities.

Development process

Development follows a structured and agile methodology where changes are planned, prioritized, and implemented in controlled steps. Work is carried out in short iterations, enabling continuous improvement and rapid handling of identified needs and risks.

All development is performed in isolated feature branches, ensuring that changes do not affect the main codebase until verified.

This means that:

  • Clear prioritization based on customer value, risk, and feasibility
  • Iterative planning cycles
  • Structured requirement management and breakdown
  • Controlled introduction of changes

Secure development

Security is an integral part of the development process and is considered in every change to the system. Code is reviewed, tested, and verified before being deployed.

The development process is designed to ensure high quality, traceability, and compliance with security requirements.

This means that:

  • All code is reviewed through pull requests and peer review
  • Security requirements and architectural principles are validated in each change
  • Unit testing and internal testing are continuously performed
  • Only approved and verified code is merged into the main codebase

Release and change management

Changes to Ciso are introduced through a controlled and repeatable release process. Each release is verified before being made available to customers.

Frequent releases reduce the time that potential vulnerabilities are exposed, while enabling rapid deployment of improvements and security fixes.

This means that:

  • Controlled release process with defined verification steps
  • Use of release candidates and acceptance testing
  • Gradual deployment and validation
  • Rollback capability when needed
  • Regular releases, typically 1–2 per month

Continuous improvement and risk management

Product development includes continuous work to identify and manage risks, vulnerabilities, and technical debt.

This work is an integrated part of the development process and is continuously prioritized to ensure long-term stability and security.

This means that:

  • Continuous identification and remediation of vulnerabilities
  • Ongoing management of technical debt
  • Prioritization based on risk, value, and impact
  • Adaptation to changing regulatory requirements

Customer feedback and transparency

Product development is conducted in close dialogue with customers and users. Needs and improvement requests are continuously collected and evaluated.

To ensure a stable and secure product, functionality is added to the standard product only when it is considered generally applicable and beneficial to multiple customers.

This reduces fragmentation and contributes to a more secure and maintainable solution.

DevOps and operational responsibility

Development and operations are closely integrated through a DevOps approach. Omegapoint is responsible for the entire application and operational environment above the underlying infrastructure.

Environments are established and managed using Infrastructure as Code (IaC), ensuring reproducibility, traceability, and controlled changes.

This means that:

  • Automated provisioning and configuration of environments
  • Full traceability of changes
  • Consistent configuration across environments
  • System hardening according to established benchmarks (e.g., CIS Benchmarks)
  • Responsibility for operations, updates, logging, and security measures

Summary

Product development of Ciso is structured, controlled, and security-focused.

This means that:

  • Security and compliance are integrated into the entire development process
  • Development is structured with clear governance and responsibilities
  • Code is reviewed, tested, and verified before deployment
  • Changes are introduced through a controlled release process
  • Vulnerabilities and risks are continuously managed
  • The platform is developed with a long-term focus on stability and security

Together, this ensures that Ciso is not only secure today, but remains secure over time.