Ensuring compliance of information security in projects

Answer: Information security management requires a lot of analysis and evaluation work to be done, and today most of these activities cannot be simply automated, because some decisions require a human feeling and perception of business environment that a machine can proper evaluate. However, when we talk about measurement and monitoring you can make use of automated tools to:
- collect data, or remember a person that data should be gathered;
- compare data gathered with risk level limits to warn about risks that require further analysis
- organize and present data for decision making.

Considering this, you can make use of automated tools to cover part the monitoring and measurement of risk management functions, if you can ensure the compliance automated solution can provide control and evidence you would require if the control was done manually. One w ay to provide this assurance is by defining your requirements for this automated solution at the beginning of the development or acquisition process, so you can test them during the development / acquisition process.

This article will provide you further explanation about requirements in development life cycle and use of tools:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
- When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/