Expert Advice Community

Guest

ISO 27001 SDLC

  Quote
Guest
Guest user Created:   Nov 06, 2020 Last commented:   Nov 06, 2020

ISO 27001 SDLC

I came across the follow webpage: https://advisera.com/27001academy/01academy/emy/ademy/my/blog/17/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/ which made me wonder if ISO27001 extends to software development too (SDLC). If so, which I assume it does, does the image on the webpage (Under the heading: Applying ISO 27001 in the SDLC) contain all points relevant for the SDLC concerning ISO 27001?
0 1

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 06, 2020

The focus of ISO 27001 is the protection of information, regardless of where it is and in which format it is, so this standard does not provide specific requirements or separate controls for software development.

For SDLC process this article considered these ISO standards:

  • ISO/IEC/IEEE 15288:2015
  • ISO/IEC TR 90005:2008
  • ISO/IEC 12207:2008
  • ISO/IEC 90003:2014

Considering these standards, only the most common controls from ISO 27001 that can be related to them were considered in the article (additional controls would need to be considered in a case by case situation). This limitation in the application of controls was done to not make the treatment unnecessarily complex, by adding controls needed only for specific situations.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 05, 2020

Nov 06, 2020

Suggested Topics

Guest user Created:   Jun 09, 2021 ISO 27001 & 22301
Replies: 1
0 0

Secure Development Life Cycle

Guest user Created:   Jan 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

Software SaaS company

Guest user Created:   Mar 06, 2020 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content