Expert Advice Community

Guest

12.1.2 Change management vs 14.2.2 System change control procedures

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

12.1.2 Change management vs 14.2.2 System change control procedures

0 1

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

Can you explain details different between 12.1.2 and 14.2.2 and give few examples?
 

Answer:

Basically 12.1.2 is for changes related to operations or production (business processes, information processing facilities and systems that can affect to the information security), and 14.2.2 is for changes related to applications or development of software (systems within the development lifecycle). 
Examples for 12.1.2:  You have a system with Windows 8.1 and you want to update it to Windows 10. Your backup policy establishes a complete daily backup, and you change the frequency to 1 each week.
Examples for 14.2.2: You are developing an application, and there are changes in the requirements & design stage of the software lifecycle because you want to add more features to the application. Or during the codification your application connects to a database and you want to connect it to another database.
In accordance with ISO 27002 14.2.2 System change control procedures: “Wherever practicable, application and operational change control proced ures should be integrated”.
Finally, this article can be interesting for you “How to manage changes in an ISMS according to ISO 27001 A.12.1.2” : https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016

Suggested Topics

Guest user Created:   Jun 28, 2022 ISO 27001 & 22301
Replies: 1
0 0

Annex A controls

Guest user Created:   Jun 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Asset management