Can you please help us and provide some detailed information as to what should be covered in A.14.2.5 of ISO 27002:2013.
Answer:
Sure, I will give you information about this. If you see the Implementation guidance of the control 14.2.5 in the ISO 27002:2013, you can read this: Security should be designed into all architecture layers (business, data, applications and technology) balancing the need for information security with the need for accessibility. So, this control is related to the large information system design, which also include the software development.
If you need a template to implement this control, this can be interesting for you (you can see a free version clicking on Free Demo tab) Secure Development Policy": https://advisera.com/27001academy/documentation/secure-development-policy/
And also this template can be interesting for you Operating Procedures for Information and Communication Technology : https://advisera.com/27001academy/documentation/security-procedures-for-it-department/
Please, let us know if you need more information about this control.
Comment as guest or Sign in
Jan 12, 2016