ISO 27001 in software development
Assign topic to the user
Answer:
First it is important to note that ISO 27001 requirements and controls are not intended for products, but for the processes involved in their development. Considering that, you can apply ISO 27001 to your software development and maintenance processes, in the following way:
- Identification of security requirements and specifications your software must fulfill
- Definition of general and specific rules for secure software development and testing
- Change control
- Proper use of outsourced development
- Protection of testing data
These materials will provide you further explanation about securing software development:
- How to integrate ISO 27001 A.14 c ontrols into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 06, 2019