"Ensure that there are appropriate policies, standards, and documentation in place. Documentation is extremely important
as it gives development teams guidelines and policies that they can follow.
People can only do the right thing, if they know what the right thing is.
If the application is to be developed in Java, it is essential that there is a Java secure coding standard. If the application is to
use cryptography, it is essential that there is a cryptography standard. No policies or standards can cover every situation
that the development team will face. By documenting the common and predictable issues, there will be fewer decisions
that need to be made during the development process."
Refere: OWASP Test Guide. 3 pg 41