Early preparation for ISO 27001

The key considerations related to ISO 27001 you should take into account at this moment are:

• identification of legal requirements (e.g., laws, regulations and contracts) related to software development and provision you need to comply with 
• performing a risk assessment

These two items are core for ISO 27001, and even if you are not going for implementation of ISO 27001, they can help you include controls to make your process less susceptible to information security incidents (e.g., controls from Annex A related to software acquisition and maintenance).

These articles will provide you a further explanation about these topics:

• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
• ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
• How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
• Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//

This course will help you in learning about ISO 27001:

• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/