Implementation of A.14.3.1 and A.14.2.5 controls

What we have to do for implementation of A.14.3.1 control? also A.14.2.5 Secure System engineering principles?

Answer:

Regarding to the control A.14.3.1, basically you need to implement a control access for the data that the organization uses for tests. 
Regarding to the control A.14.2.5, you can read in the "Implementation guidance" of the control 14.2.5 the following: "Security should be designed into all architecture layers (business, data, applications and technology) balancing the need for information security with the need for accessibility". So, this control is related to the large information system design, which also include the development of software.  Anyway, you can use our template to implement this control in your organization (you can see a free version if you click on "Free Demo" tab) "Secure Development Policy": https://advisera.com/27001academy/documentation/secure-development-policy/. And also you can use this template related to IT procedures "Operating Procedures for Information and Communication Technology" : https://advisera.com/27001academy/documentation/security-procedures-for-it-department/