Expert Advice Community

Doubts regarding ISO 27001 Document Template

  Quote
Created:   Nov 17, 2020 Last commented:   Nov 17, 2020

Doubts regarding ISO 27001 Document Template

Buen dia, estoy realizando mis documentos de requisitos de seguridad en temas de desarrollo de software, solo que vi la plantilla y me surgió la duda.
Estoy elaborando un procedimiento de desarrollo de software donde agrego el OWASP para programación y sus actividades, pero veo que esta es una plantilla de política y no un procedmiento, mi pregunta es ¿Aún adquiriendo la política tendría que desarrollar el procedimiento, o esta política es suficiente para la auditoría de certificación?
https://advisera.com/27001academy/es/documentation/politica-de-desarrollo-seguro/
Gracias

(Good morning, I am preparing my security requirements documents on software development issues, only I saw the template and I had a doubt. I am preparing a software development procedure where I add the OWASP for programming and its activities, but I see that this is a policy template and not a procedure, my question is, still acquiring the policy would I have to develop the procedure, or is this policy enough for the certification audit?
https://advisera.com/27001academy/es/documentation/politica-de-desarrollo-seguro/
Thanks)

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 17, 2020

Please note section 3.3 Secure engineering principles of the Secure Development Policy states that specific procedures for systems development and maintenance will be written, so in addition to the policy you need to develop the procedure.

The policy was developed this way because including the information about systems development and maintenance in it would make the policy unnecessarily complex.

For futher information, see:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 17, 2020

Nov 17, 2020

Suggested Topics

Guest user Created:   Feb 04, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Expert question

Guest user Created:   Jun 10, 2020 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation

Guest user Created:   Apr 27, 2020 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation