Computer software assurance (CSA) has been discussed widely in industry over the past five years. While the principles are well understood and welcomed, until now some of the practical detail on how exactly to implement CSA into an organization has been missing.