Guest
Control A.6.1.5 project management in ISO 27001:2013
We are currently busy with implemeting the ISO 27001 standard in our organization. Everything is going well, except we have a question about one of the controls, which isn't quite clear to us. The control is about information security in project management (it is in Annex A, paragraph A.6.1.5). This control isn't quite clear and we would like to ask you if you can give us some examples on it.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: The standard only says that you need to address information security in any type of the project - this means you have to make sure that the information is protected in all your projects. Usually, this can be done the following way:
- include security objectives in overall project objectives
- Include security specifications in your project description
- perform a risk assessment specifically for the project you are to undertake
- make sure security rules/technology are included in all the steps/tasks of the project
- test if the project deliverables are compliant with security specifications
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016