Security-relevant code should be encapsulated in a centralized location, be modular, and be as minimal as possible. This will allow it to be analyzed and validated, yielding assurance that it has been properly implemented.