Implement and communicate application versioning methodology
The version numbering scheme used in Maitre’D comprises of four parts: a.bb.ccc.ddd, where:
a: Major Release/Every 1 to 5 years |
---|
The scheme is displayed as a.bb.ccc.ddd, for example, 7.08.000.000, represents version 7, Service Pack 8, critical correction 0 and minor release 0.
In the event that a major issue is discovered shortly after the release of an update, an emergency fix will be created, which once applied, will increment the number corresponding to the nature of the fix.
For example, if a new update caused a major crash in the inventory module, it would be considered as a major issue, but would not impact credit card transactions, security or any PA-DSS requirements. Therefore, the fix for that issue would simply increase the minor correction version (ddd).
Another example, if an issue is discovered which impacts a PA-DSS requirement, the emergency fix released would increment the Critical Issue Resolution release number (ccc).
The version information is shown in multiple places during the installation process. Once the software is installed, the version information can be verified in the Help / About… menu of any module.
The version information is embedded in the executables’ File Version information (in the form a.b.c.d) and in the Product Version (in the form a.bb.ccc.ddd), as shown below.
A major release usually comprises new features or changes in the software that require a full installation, with appropriate migration procedures. An example of a major release is a change in the database architecture or technology.
b: Service Pack Level/Every 3 to 36 months
A Service Pack includes one or more new features requested by clients. These features can range from new functionalities to entirely new modules and do not require migration to a new major version.
Service Packs also include a cumulative of all critical problem resolution releases and minor issue resolutions released for the major version to date. As such, an increase in the service pack level will require a partial re-assessment for “Low Impact” or “No Impact” changes, even if no new PA-DSS-related changes have been made.
c: Critical Problem Resolution Release/As needed
Critical problems include anything that impacts the system’s security. A critical resolution may or may not directly impact credit card processing, but will always involve either security or functionality that could impact PA-DSS requirements. This type of problem resolution will never include any major functionality change or improvements. An increase in this element of the version number will automatically trigger a partial re-assessment for “Low Impact” or “No Impact” changes.
d: Minor Release/As needed
This part of the version numbering scheme is a wildcard element for the purpose of PA-DSS. Minor Releases contain bug fixes that do not impact security, PA-DSS requirements or credit card processing in any way, shape or form. Minor releases may also include minor enhancements requested by clients, which do not warrant a service pack. Examples of minor bug fixes include miscalculations in reports, display issues, abnormal behaviour of any functionality of the system, etc.