SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

Implementation of A.14.3.1 and A.14.2.5 controls

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Implementation of A.14.3.1 and A.14.2.5 controls

0 0

Assign topic to the user

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.

Guest
AntonioS Jan 12, 2016

What we have to do for implementation of A.14.3.1 control? also A.14.2.5 Secure System engineering principles?

 

Answer:

Regarding to the control A.14.3.1, basically you need to implement a control access for the data that the organization uses for tests. 
Regarding to the control A.14.2.5, you can read in the "Implementation guidance" of the control 14.2.5 the following: "Security should be designed into all architecture layers (business, data, applications and technology) balancing the need for information security with the need for accessibility". So, this control is related to the large information system design, which also include the development of software.  Anyway, you can use our template to implement this control in your organization (you can see a free version if you click on "Free Demo" tab) "Secure Development Policy": https://advisera.com/27001academy/documentation/secure-development-policy/. And also you can use this template related to IT procedures "Operating Procedures for Information and Communication Technology" : https://advisera.com/27001academy/documentation/security-procedures-for-it-department/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016