Applicability of control A.14.1.3
Assign topic to the user
Answer: Financial information is only one kind of information that may require the application of control A.14.1.3 (Protecting application services transactions). Other examples of information that may require protection in application service transactions are health information and information the organization classified as sensitive.
So, even if your organization don't have online financial transaction you may have other types of sensitive information processed by your web applications that may require the application of control A.14.1.3. You should consult your inventory of assets, the information classification policy and which information are processed on your web applications to verify if control A.14.1.3 is applicable.
This article will provide you further explanation about securing applications:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
Comment as guest or Sign in
Oct 29, 2017