The company I work for is working towards attaining ISO27001 certification this year and I am part of the project team embarking on this.
I am working through Risk Management at the moment, having completed Risk Identification & Assessment, I am looking at treatment now.
I am specifically looking at the Application & Databases Information Assets. I note the risk of Inadequate Maintenance, however, I cannot find a control specific to Software/Application Maintenance.
My thought train is towards version releases, upgrades, database maintenance plans, data checks, etc. The nearest controls I have noted are
A.11.2.4 Equipment Maintenance
A.12.5.1 Installation of Software on Operational Systems
A.14.1.1 Information Security requirements analysis and specification, A.13.1.2 Security of Network Services
Is there a specific one for Software Maintenance?
Appreciate some direction