A-14.2.5 - Secure system Engineering Principles
As per ISO27001 “Secure system Engineering Principles” is a mandatory document. I went via multiple threads in https://community.advisera.com as well. Any specific reason why Advisera doesn’t provide a template for the same in Toolkit in spite of being a mandatory document.
Assign topic to the user
First is important to note that control A.14.2.5 - Secure system Engineering Principles is mandatory only if you have:
- unacceptable risks that can be treated by this control
- legal requirements demanding the implementation of this control
- a top management decision for the implementation of this control
If none of the above applies to your organization, you do not need to implement this control.
Regarding documentation, control A.14.2.5 is implemented through the template Secure Development Policy, which you can see a free demo by accessing this link: https://advisera.com/27001academy/documentation/secure-development-policy/
ISO 27001 does not require each control to be documented separately, this is why we included A.14.2.5 in this policy. In this policy you have guidelines on how to write the secure engineering principles.
These articles will provide you further explanation about application of control A.14.2.5:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
Comment as guest or Sign in
Apr 06, 2020