Expert Advice Community

Home / ISO 27001 & 22301 / Justification for Soa

Guest

Justification for Soa

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Dec 20, 2016 Last commented:   Dec 20, 2016

Justification for Soa

ISO 27001 & 22301
I am trying to fill the SoA as indicated in the video tutorial. The tutorial mentions Requirement (law, contractual requirement, etc.) and Risk. For A.14.2.1, I covered the potential problems (CIA) for existing technology (known) in the Risk Assessment. However, the secure development is a mandatory policy, and I am not sure how to include the potential problems of the introduction of a new technology(unknown) in the RA. Should I also mention “Best practice”?
0 0

Assign topic to the user

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.

ISO 27001 SECURE DEVELOPMENT POLICY

Basic rules for secure development of software and systems.
Expert
Rhand Leal Dec 20, 2016

Answer: Considering information systems life cycle, the introduction of new technologies in an already existent environment is part of the maintenance step, so to justify the adoption of security practices to minimize risks like poor systems compatibility (new systems working together with old ones) and lack of portability (migration of functionalities from old platform/solutions to new ones) issues, you could use as justification "process requirement".

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 20, 2016

Dec 20, 2016

Suggested Topics
Guest user Created:   Nov 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

Conformio - Justification in SoA
Guest user Created:   Jun 01, 2020 ISO 27001 & 22301
Replies: 1
0 0

SoA’s justification for the selection of control
Guest user Created:   May 03, 2020 ISO 27001 & 22301
Replies: 1
0 0

SoA justification for selection (of control)