Assign topic to the user
I’m assuming you are referring to Appendix 1 – Specification of Information System Requirements.
Considering that, you should create this record for each software listed in your Risk Treatment Table for which you have identified risks that need to be treated by control A.14.1.1 (Information security requirements analysis and specification). Please note that these records can be created either for each individual software or as a single record for a set of software which share the same security requirements.
Considering the software under development, you need to create a record for each new version (this will help you track the changes and evolution in security requirements)
For further information, see:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
Comment as guest or Sign in
Aug 09, 2021