Expert Advice Community

Guest

Documenting controls from section A.14

  Quote
Guest
Guest user Created:   Aug 21, 2018 Last commented:   Aug 21, 2018

Documenting controls from section A.14

The auditor of 27001 asked me to complete some documents that referred by SoA at
A.14.1.2 Security Requirements Specification
A.14.2.1 Secure development policy
A.14.2.2 Operation Guide
A.14.2.3 Technical Review Document
Unfortunately, I have no idea what to write to these documents. Have you templates to help me to this situation?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Aug 21, 2018
I assume your first line refers to A.14.1.1 Information security requirements analysis and specification - we have a template called Specification of information system requirements https://advisera.com/27001academy/documentation/specification-of-information-system-requirements/
Regarding controls from A.14.2 we have this Security development policy https://advisera.com/27001academy/documentation/secure-development-policy/
By the way, ISO 27001 requires you to document only the control A.14.2.5 Secure system engineering principles.
Here are a couple of articles that will help you:
- How to set security requirements and test systems acc ording to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 21, 2018

Aug 21, 2018