Guest user Created: Oct 24, 2018 Last commented: Oct 24, 2018

Control A.14.2.5 Secure System Engineering Principles

We’re coming up to completing our documentation but can’t find a template for A.14.2.5 Secure System Engineering Principles, which is a required document for ISO 27001. I see A.14.2.1 Secure Development Policy, which isn’t a required document. Can you please provide a template for Secure System Engineering Principles?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 24, 2018

Answer:

Since you have identified that control A.14.2.5 is applicable, I'd suggest you first to review your risk assessment and legal requirements, because principles and policies are closed related, and maybe the Secure Development Policy would also be applicable to your ISMS.

If it is confirmed that there is no need for a Secure Development Policy, then you can use the text from section 3.3 of the Secure Development Policy template to develop a document that will fulfill your specific needs.

These articles will provide you further explanation about selecting controls and development principles:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 23, 2018

Expert Advice Community