ISO 27001 and scrum
Hi, I wonder if you can share views or references regarding ISO 27001 compliance efforts for companies adopting Agile SCRUM for software development. I'd love to know as well from ISO 27001 auditor's view on that.
Assign topic to the user
ISO 27001 does not prescribe methods for secure software development, so organizations are free to adopt the approach that better fills their needs, and provided the adopted approach fulfills standards requirements, auditors will be ok with them. Unfortunately, we do not have details about the use of SCRUM in software development on ISO certified organizations, but regarding ISO 27001 implementation, it is an approach as useful and effective as any other project management framework.
These articles will provide you a further explanation about scrum and information security and ISO 27001 and controls do software development life cycle:
- How to use Scrum for the ISO 27001 implementation project https://advisera.com/27001academy/blog/2017/03/27/how-to-use-scrum-for-the-iso-27001-implementation-project/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
Comment as guest or Sign in
Sep 20, 2019