Documenting controls from section A.14
A.14.1.2 Security Requirements Specification
A.14.2.1 Secure development policy
A.14.2.2 Operation Guide
A.14.2.3 Technical Review Document
Unfortunately, I have no idea what to write to these documents. Have you templates to help me to this situation?
Assign topic to the user
I assume your first line refers to A.14.1.1 Information security requirements analysis and specification - we have a template called Specification of information system requirements https://advisera.com/27001academy/documentation/specification-of-information-system-requirements/
Regarding controls from A.14.2 we have this Security development policy https://advisera.com/27001academy/documentation/secure-development-policy/
By the way, ISO 27001 requires you to document only the control A.14.2.5 Secure system engineering principles.
Here are a couple of articles that will help you:
- How to set security requirements and test systems acc ording to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
Comment as guest or Sign in
Aug 21, 2018