Guest
Control A.14.2.5 Secure System Engineering Principles
We’re coming up to completing our documentation but can’t find a template for A.14.2.5 Secure System Engineering Principles, which is a required document for ISO 27001. I see A.14.2.1 Secure Development Policy, which isn’t a required document. Can you please provide a template for Secure System Engineering Principles?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Oct 24, 2018
Answer:
Since you have identified that control A.14.2.5 is applicable, I'd suggest you first to review your risk assessment and legal requirements, because principles and policies are closed related, and maybe the Secure Development Policy would also be applicable to your ISMS.
If it is confirmed that there is no need for a Secure Development Policy, then you can use the text from section 3.3 of the Secure Development Policy template to develop a document that will fulfill your specific needs.
These articles will provide you further explanation about selecting controls and development principles:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
Comment as guest or Sign in
Oct 23, 2018
Oct 23, 2018
Oct 23, 2018