BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

Control A.14.2.5 Secure System Engineering Principles

  Quote
Guest
Guest user Created:   Oct 24, 2018 Last commented:   Oct 24, 2018

Control A.14.2.5 Secure System Engineering Principles

We’re coming up to completing our documentation but can’t find a template for A.14.2.5 Secure System Engineering Principles, which is a required document for ISO 27001. I see A.14.2.1 Secure Development Policy, which isn’t a required document. Can you please provide a template for Secure System Engineering Principles?
0 0

Assign topic to the user

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.

Expert
Rhand Leal Oct 24, 2018

Answer:

Since you have identified that control A.14.2.5 is applicable, I'd suggest you first to review your risk assessment and legal requirements, because principles and policies are closed related, and maybe the Secure Development Policy would also be applicable to your ISMS.

If it is confirmed that there is no need for a Secure Development Policy, then you can use the text from section 3.3 of the Secure Development Policy template to develop a document that will fulfill your specific needs.

These articles will provide you further explanation about selecting controls and development principles:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 23, 2018

Oct 23, 2018