Aspects in A 14.2.5
Assign topic to the user
1.- You can read in the "Implementation guidance" of the control 14.2.5 the following: "Security should be designed into all architecture layers (business, data, applications and technology) balancing the need for information security with the need for accessibility". So, this control is related to the large information system design, which also include the development of software.
2.- You can use our template to implement this control in your organization (you can see a free version if you click on ³Free Demo² tab) "Secure Development Policy": https://advisera.com/27001academy/documentation/secure-development-policy/. And also you can use this template related to IT procedures "Operating Procedures for Information and Communication Technology" : https://advisera.com/27001academy/documentation/security-procedures-for-it-department/
3.- The auditors will search the documents mentioned above and their records as evidence of implementation.
Comment as guest or Sign in
Jan 12, 2016