Control A.14.2.5 Secure System Engineering Principles
Assign topic to the user
Answer:
Since you have identified that control A.14.2.5 is applicable, I'd suggest you first to review your risk assessment and legal requirements, because principles and policies are closed related, and maybe the Secure Development Policy would also be applicable to your ISMS.
If it is confirmed that there is no need for a Secure Development Policy, then you can use the text from section 3.3 of the Secure Development Policy template to develop a document that will fulfill your specific needs.
These articles will provide you further explanation about selecting controls and development principles:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
Comment as guest or Sign in
Oct 23, 2018