Abstract
It is difficult to familiarize on-site staff with essential rules in IT development because of their complexity and huge volume. Especially, demand from stakeholders and society as a whole for efforts towards security is ever increasing, while such efforts do not necessarily directly contribute to ensure the quality of products, which often prevents them from being understood by on-site staff. A large number of persons participate in a large-scale project; therefore, sharing of the project culture including security is one of the important and difficult managerial issues. As a solution to such an issue, we would like to introduce two approaches: "establishment of knowledge" using the WEB test environment and "establishment of basic activities" through "NEXT activities" that encourage autonomous improvements at a site, which contribute to a large-scale project.