Guest
Documenting controls from section A.14
The auditor of 27001 asked me to complete some documents that referred by SoA at
A.14.1.2 Security Requirements Specification
A.14.2.1 Secure development policy
A.14.2.2 Operation Guide
A.14.2.3 Technical Review Document
Unfortunately, I have no idea what to write to these documents. Have you templates to help me to this situation?
A.14.1.2 Security Requirements Specification
A.14.2.1 Secure development policy
A.14.2.2 Operation Guide
A.14.2.3 Technical Review Document
Unfortunately, I have no idea what to write to these documents. Have you templates to help me to this situation?
Assign topic to the user
Expert
Dejan Kosutic
Aug 21, 2018
I assume your first line refers to A.14.1.1 Information security requirements analysis and specification - we have a template called Specification of information system requirements https://advisera.com/27001academy/documentation/specification-of-information-system-requirements/
Regarding controls from A.14.2 we have this Security development policy https://advisera.com/27001academy/documentation/secure-development-policy/
By the way, ISO 27001 requires you to document only the control A.14.2.5 Secure system engineering principles.
Here are a couple of articles that will help you:
- How to set security requirements and test systems acc ording to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/
Regarding controls from A.14.2 we have this Security development policy https://advisera.com/27001academy/documentation/secure-development-policy/
By the way, ISO 27001 requires you to document only the control A.14.2.5 Secure system engineering principles.
Here are a couple of articles that will help you:
- How to set security requirements and test systems acc ording to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/
Comment as guest or Sign in
Aug 21, 2018
Aug 21, 2018
Aug 21, 2018