Can you explain details different between 12.1.2 and 14.2.2 and give few examples?
Answer:
Basically 12.1.2 is for changes related to operations or production (business processes, information processing facilities and systems that can affect to the information security), and 14.2.2 is for changes related to applications or development of software (systems within the development lifecycle).
Examples for 12.1.2: You have a system with Windows 8.1 and you want to update it to Windows 10. Your backup policy establishes a complete daily backup, and you change the frequency to 1 each week.
Examples for 14.2.2: You are developing an application, and there are changes in the requirements & design stage of the software lifecycle because you want to add more features to the application. Or during the codification your application connects to a database and you want to connect it to another database.
In accordance with ISO 27002 14.2.2 System change control procedures: Wherever practicable, application and operational change control proced ures should be integrated.
Finally, this article can be interesting for you How to manage changes in an ISMS according to ISO 27001 A.12.1.2 : https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/
Comment as guest or Sign in
Jan 13, 2016