I would like to know that 'Information Security in Project Management (A.6.1.5)' should be part of which policy/procedure document? I read the blog but didn't get any information related to that.
Answer:
It should be part of the project plan, or also of the security policy, although it is not established in the standard, and only is a recommendation. Anyway it is not mandatory to have a document for this control, you can see the list of mandatory documents here List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Anyway, for more information about the security in project management, please read this article How to manage security in project management according to ISO 27001 A.6.1.5 : https://advisera.com/27001academy/what-is-iso-27001/
Comment as guest or Sign in
Jan 12, 2016