The SDLC (Secure Development Lifecycle) embeds security measures into every phase of software development — from requirements analysis through design, implementation, and testing to maintenance. Typical activities include threat modelling during the design phase, code reviews and SAST during development, and penetration testing before release. This reduces vulnerabilities early, when remediation costs are still low. In an ISMS the SDLC falls under the controls for secure software development per ISO 27001 Annex A 8.25-8.31. Security gates at defined milestones enforce compliance.