Created: Nov 06, 2020 Last commented: Nov 06, 2020

ISO 27001 SDLC

I came across the follow webpage: https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/ which made me wonder if ISO27001 extends to software development too (SDLC). If so, which I assume it does, does the image on the webpage (Under the heading: Applying ISO 27001 in the SDLC) contain all points relevant for the SDLC concerning ISO 27001?

0 1

Assign topic to the user

Select user

Expert

Rhand Leal Nov 06, 2020

The focus of ISO 27001 is the protection of information, regardless of where it is and in which format it is, so this standard does not provide specific requirements or separate controls for software development.

For SDLC process this article considered these ISO standards:

ISO/IEC/IEEE 15288:2015
ISO/IEC TR 90005:2008
ISO/IEC 12207:2008
ISO/IEC 90003:2014

Considering these standards, only the most common controls from ISO 27001 that can be related to them were considered in the article (additional controls would need to be considered in a case by case situation). This limitation in the application of controls was done to not make the treatment unnecessarily complex, by adding controls needed only for specific situations.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 05, 2020

Nov 06, 2020

Expert Advice Community

ISO 27001 SDLC

ISO 27001 SDLC

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Secure Development Life Cycle

Software SaaS company

Toolkit content