Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Control A.6.1.5 project management in ISO 27001:2013

We are currently busy with implemeting the ISO 27001 standard in our organization. Everything is going well, except we have a question about one of the controls, which isn't quite clear to us. The control is about information security in project management (it is in Annex A, paragraph A.6.1.5). This control isn't quite clear and we would like to ask you if you can give us some examples on it.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Answer: The standard only says that you need to address information security in any type of the project - this means you have to make sure that the information is protected in all your projects. Usually, this can be done the following way:
- include security objectives in overall project objectives
- Include security specifications in your project description
- perform a risk assessment specifically for the project you are to undertake
- make sure security rules/technology are included in all the steps/tasks of the project
- test if the project deliverables are compliant with security specifications

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community