There are many facets of managing security in information systems. Although there are prior studies that focus on how to build secure code from an architectural standpoint, an often overlooked aspect of security is the relationship between the systems development policies and procedures and the security of the systems developed. We focus on this relationship and draw from a general software quality model to provide a foundation for testing this relationship. This study discusses ideas that follow from prior research and develops a survey instrument for exploring the relationship between policies and procedures during systems development life cycle and the security quality of the system developed.