The processes and standards used to build and maintain software and AI systems (e.g., secure coding, testing, review, documentation, incident response). These practices are often described in security questionnaires, audits, or contractual representations.