Expert Advice Community

Guest

A-14.2.5 - Secure system Engineering Principles

  Quote
Guest
Guest user Created:   Apr 07, 2020 Last commented:   Apr 07, 2020

A-14.2.5 - Secure system Engineering Principles

As per ISO27001 “Secure system Engineering Principles” is a mandatory document. I went via multiple threads in https://community.advisera.com  as well. Any specific reason why Advisera doesn’t provide a template for the same in Toolkit in spite of being a mandatory document.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 07, 2020

First is important to note that control A.14.2.5 - Secure system Engineering Principles is mandatory only if you have:
- unacceptable risks that can be treated by this control
- legal requirements demanding the implementation of this control
- a top management decision for the implementation of this control

If none of the above applies to your organization, you do not need to implement this control.

Regarding documentation, control A.14.2.5 is implemented through the template Secure Development Policy, which you can see a free demo by accessing this link: https://advisera.com/27001academy/documentation/secure-development-policy/

ISO 27001 does not require each control to be documented separately, this is why we included A.14.2.5 in this policy. In this policy you have guidelines on how to write the secure engineering principles.

 These articles will provide you further explanation about application of control A.14.2.5:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 06, 2020

Apr 06, 2020