Document Title: Secure Software Development Lifecycle (SDLC) Policy
Document Owner: Alex Linnik, Chief Technology Officer
Version: 2.5
Approval Date: November 17, 2025
Approved By: Sergi Sinyugin (CEO), Alex Linnik (CTO)
Next Review: November 2026
Company Information:
VirtoSoftware UAB
Penta Technopolis, Ozo g. 12A
Vilnius, Lithuania 08200
Email: support@virtosoftware.com
Phone: +1 877 892-7775
Website: www.virtosoftware.com
1. Purpose & Scope
This policy establishes security practices for VirtoSoftware Microsoft 365 application development. We build security into products through practical, automated controls that fit our small development team.
Key Differentiator: Zero access to customer data – all data remains in customer Microsoft 365 tenant. Applications use OAuth 2.0 with user-delegated permissions only.
Applies to:
- All VirtoSoftware products (Microsoft Teams apps, SharePoint apps, Office add-ins)
- Development team and CTO
- Azure infrastructure and CI/CD pipelines
Key Principle: Automate security where possible (80% automated), manual review only where necessary (20% manual).
For more information