Assign topic to the user
The focus of ISO 27001 is the protection of information, regardless of where it is and in which format it is, so this standard does not provide specific requirements or separate controls for software development.
For SDLC process this article considered these ISO standards:
- ISO/IEC/IEEE 15288:2015
- ISO/IEC TR 90005:2008
- ISO/IEC 12207:2008
- ISO/IEC 90003:2014
Considering these standards, only the most common controls from ISO 27001 that can be related to them were considered in the article (additional controls would need to be considered in a case by case situation). This limitation in the application of controls was done to not make the treatment unnecessarily complex, by adding controls needed only for specific situations.
Comment as guest or Sign in
Nov 06, 2020